When it comes to cybersecurity, having a diverse workforce is the only way to succeed at staying one step ahead of adversaries, according to experts from the White House’s Office of the National Cyber Director (ONCD) and Walmart.
At the RSA Conference on April 26, the private and public sector experts explained how a lack of diversity and inclusion poses an existential threat to the cybersecurity industry.
“In cyber, we’re about defeating adversaries and protecting customers and building trust. Inclusivity is a way that we do it,” said Rob Duhart Jr., vice president and deputy chief information security officer (CISO) at Walmart.
“In fact, I would argue, I don’t think you can succeed at that goal, without having teams that are representative not just of the problem sets that we solve, but the adversaries that we face,” he added. “For us, when we think about inclusivity, it is an essential component of success in protecting our 2.3 million person enterprise.”
Camille Stewart Gloster, deputy national cyber director for technology and ecosystem security at ONCD, agreed with Duhart, emphasizing that “cybersecurity is a people issue.”
“Until we put people at the center of the conversation and make sure that it is a factor to developing a holistic threat model, we will continue to miss,” Stewart Gloster said.
“If we are focused on people, we have to be focused on all people – that is where the DEI [diversity, equity, and inclusion] component comes into this conversation,” she continued.
Stewart Gloster explained that organizations cannot look at a homogeneous fake user that is going to use technology “exactly as you intended it” or built it, because that’s not reality.
Instead, she stressed that organizations must think about how technology shows up in people’s lives, how it will be leveraged in different ways by different communities, and then how to mitigate the vulnerabilities that creates.
Stewart Gloster said that bias “is the greatest tool for an adversary,” so it’s “essential” for organizations to build resilience into their infrastructure at all levels – not just at the user-facing or product-facing level.
“We underestimate the adversary when we build homogenous teams, and it hurts our ability to respond,” added Duhart.
Another reason organizations must build diverse teams is because of the shortage in the cyber workforce, according to Stewart Gloster.
“How can we leave anyone out if we are to fill all of these jobs?” she asked. “We need to bring people in from different vantage points and backgrounds … how do we make sure that we are convening and coalescing everyone around building and strengthening the cyber workforce? The Federal government can’t do that alone. We have the smallest piece of that. Our state and local partners, nonprofits, industry… everyone will have to play a role in that.”