Skip to main content

teissTalk: Building a diverse InfoSec team and bringing value to the organisation

teissTalk host Geoff White was joined by Sherron Burgess Senior Vice President and Chief Information Security Officer, BCD Travel; Regina Bluman, Co-founder of Respect in Security; Victoria van Roosmalen, CISO of Coosto.

Views on news

According to a report by California-headquartered talent data consolidation platform Hiretual, organizations are doing little to boost diversity within their software teams with just 15 per cent of searches applying a diversity, equity and inclusion (DE&I) filter to find developers from various ethnic backgrounds, and with only 15 per cent of searches on the platform made for female candidates specifically. 

Even organisations that seemingly do care about diversity may be hostile to diverse talent at the workplace citing tokenism and questioning diverse recruits’ skills and merits rather than being inclusive with them. Some of these diverse talents will leave the company before they could bring real value.  To counterbalance this trend, it’s key that employees with diverse backgrounds find their affinity groups inside – but also outside – the company and get some encouragement from like-minded individuals.

Corporate pledges can also play a key role in retaining these employees. However, unless internal harassment policies get published, victims who are treated badly by colleagues won’t know who to turn to or what procedures to follow if they don’t feel safe at work.

How can you measure the level of diversity in an organisation?

It’s a widely accepted view that diverse companies are more secure because people of various backgrounds and with different thought processes can consider more options and, from an information security perspective, can identify more threats and vulnerabilities than teams sharing a similar experience. Although diversity is not easy to measure, outcomes will often reflect the extent to which the teams behind them are diverse.

When some new software has more bugs in it than normally is the case, it is often an indicator that the thoughts put into it during design and development weren’t diverse enough. Remote work has undoubtedly given a boost to geographical diversity as the commute stopped being a criterion for recruiters.

However, now that the hybrid office seems to be the way forward, employers need to be attentive to the cognitive differences between colleagues regarding what working environment they feel is the most conductive to their productivity. The performance of diverse teams suggests that even if we disregard their ethical value, having them makes a perfect business sense.

To learn more about the benefits and pitfalls of having a diverse workforce, read

Panellists’ advice

Before you embark on a diversity program, first you need to have an understanding of the make-up of your team and the types of skills you already have. It’s also important to establish whether your company is ready for a diversity programme. There is no point attracting diverse people if biases persist inside the organisation and it may lead to talent churn, especially if diverse recruits are seen as token hires by other employees.

Security risk shouldn’t be siloed. It should be seen in combination with other types of risk such as operational, financial, etc. Information security experts need to consider different departments in their own context building on how they have evolved and what they want to achieve in terms of security. There has to be an ongoing, two-way conversation between information security professionals and individual teams.

To ensure the success of diversity programmes, it’s a good start to devote more time to discussing the company’s values with a new hire and whether they are ready to adopt them. When staff is convinced about the business and ethical sense diversity is making, they will be more inclusive with new recruits.


All rights reserved Teiss Recruitment Ltd.