Say the Quiet Part Loud: How You Can Help Diversify Cybersecurity Talent

The 8th grade dance is one of the most revealing of social gatherings. Humans are social primates and tribal creatures, and nowhere is this nature on more display than middle schoolers milling about in tight groups at an event designed explicitly for mingling. Unless, of course, you count professional networking events.

Recently, SafeGuard Cyber 's women in cybersecurity community, Vision & Voice, held one such networking breakfast at #BlackHat. We wanted to announce our partnership with BlackGirlsHack / BGH Foundation to build internship pipeline for underrepresented communities, and to actively connect those open to work with those who are hiring or willing to be mentors to the next generation of talent.

At first, attendees fell into the 8th grade dance trap, which again is natural. However, by the end, everyone came together in a way that, frankly, is still too rare at cybersecurity events. People connected across professional experience, race, gender identity, whatever (everyone "under the rainbow," as BlackGirlsHack Executive Director Tennisha Virginia M. puts it). It was so refreshingly human to see people come together to joke and share stories well past our official end time, up until the catering staff subtly signaled it was time to go by unceremoniously clearing the tables while we were still in the room.

After a week of reflecting on the experience, I wanted to gather my thoughts on how anyone at any cyber event can help address our industry's two most pressing problems: the talent shortage and the staggering lack of diversity within that talent pool.

Here are four simple ways anyone, from Tier 1 SOC analyst to CISO can leverage networking events and LinkedIn itself to help diversify the cyber workforce:

Reach Out & Connect

People join tribes out of shared interests and for social protection where they can feel safe, welcome, and comfortable. Add to this inclination, the inherent awkwardness of arriving to a hotel conference room full of strangers, and group segregation is almost inevitable. Yes, segregation. I use that word quite intentionally. Allowing tribal groupings to persist entrenches power and keeps doors closed. It won't help us recruit the next generation of defenders. It's also fantastically boring.

Get out on the dance floor. It's uncomfortable, but absolutely necessary. You must step away from the familiar, because that way lies bias, both unconscious and real. When you head to networking event, arrive with a plan of how to overcome this awkwardness.

• Use the buddy system. To belabor the school analogies, arriving with a friend and a planning to step out together can ease the awkwardness.
• Try formulating an objective such as meeting someone in a different field. For example, if you're a pentester or redteamer maybe a goal could be to meet with at least two threat intelligence folks. If you're a SOC analyst, maybe step out to find cloud architects.

Once you get over the initial awkwardness, the beauty in your shared humanity will take over. You'll find other, far more important, things you have in common.

Maintain These New Relationships

The "conference high" is not unique to cybersecurity industry events like RSA, Black Hat, or DEFCON. You need look only as far as this platform to note the thousands of posts during and immediately after these events with selfies and photos of colleagues reunited and new acquaintances born. That said, what you do after the show matters just as much as the networking you did during it. It's one thing to connect or even exchange business cards (remember those?), it's quite another to maintain those new relationships.

Don't just rack up connection numbers or followers. Connection without cultivation can often be exploitation. This notion holds particular weight for anyone you met who might be looking for new opportunities, transitioning from a different career, or just graduating. This liminal stage between meeting people and doing your part is the most critical. LinkedIn has made it clear who is hiring and who is open to work.

• Tag new connections in posts that speak to the expertise or interests over which you connected at the event.
• If you see job posts, tag those new connections you met who are open to work.
• Show up and like/comment/share their posts.

You have more power than you may believe you do.

Tap Into Your Power

If you currently have a job in cybersecurity, then you have power relative to those on the outside. It doesn't matter if you're a sales engineer in the demo booth, a field marketer unboxing swag, a sale rep making calls, or a CISO meeting with vendor partners or keynoting. You should feel emboldened by the idea that you are where someone else wants to be.

With this power, you can make introductions. You can highlight others' accomplishments. You can and should use this power to elevate others, like in this post following RSA and the ensuing and inspiring comments answering the call to action (h/t Rafael Nunez Jr. ). Your experience can lift others facing similar challenges, as with this article on failure and the conversation that follows (h/t Jerich Beason ).

Share In Success

Lastly, steer into joy. Celebrate new connections. Whether you've met them IRL or only online, share their successes. If someone you met is trying to break in, share the hard won victory of a new certification. Scream about and share promotions. The words of the indomitable Maya Angelou hold true:

“People will forget what you said, people will forget what you did, but people will never forget how you made them feel.”

It's Time to Wake Up and Say the Quiet Part Loud

If you don't think cybersecurity has a diversity problem, I don't really know what to say other than wake up. But for the sake of argument, I invite you to read a few comments on a YouTube video speaking to BlackGirlsHack's mission. (h/t Michelle Eggers )

From the legions of people I have met online, in person, or interviewed, I'm convinced the so-called talent shortage is one of our own devising. It's the result of unnecessary gatekeeping, hegemonic power structures, and 8th grade dance tribalism. The answer isn't always large scale corporate DEI efforts.

It's still early days, but I have great hopes for our Vision and Voice and BlackGirlsHack partnership, especially if the vibe at our networking breakfast is anything to go on. Consider its origins: It started with a friend I met at another networking event at Black Hat 2021 later telling me about the work Tennisha Martin was doing. I connected with Tennisha on LinkedIn. A few months later, we saw the news that Black Hat was providing briefing passes to BlackGirlsHack. We thought, if this group has access to educational resources, the next thing they might need is access to work experience, the primary hurdle to any entry-level position. I DM'd Tennisha to ask if internship access would be helpful. From there, we got to organizing. It started with connection. It started with crossing that dance floor.

It's time to get to work.