CEB Blogs


Information Risk

Embrace Diversity if You Want to Solve Your Talent Crisis

Information security teams are under more pressure than ever, and need employees with a host of new skills and experience; nothing should stop them recruiting far more broadly than they do now

Companies’ information security teams are under more demand than ever and, worse, they need to staff a host of new roles to cope with that demand. However, one cause of this staff shortage doesn’t come from a lack of skilled talent available but from the fact that information security managers tend to hire from homogeneous talent pools, typically rewarding narrow sets of highly technical skills.

Information security teams will benefit greatly from seeking out a more a more versatile range of backgrounds, experiences, and perspectives. They should start with underrepresented groups — such as women, LGBTQ groups, and racial and religious minorities — who make up only about a tenth of the information security workforce today. Three steps will help.

  1. Design inclusive job advertisements: Job advertisements are often created with unconscious bias, making job opportunities far less attractive to underrepresented groups.

    Information security teams can create more inclusive job advertisements by focusing on the use of collaborative language and inclusive pronouns, using visuals that depict diverse groups of people, and advertising female-focused benefits, such as flexible working hours, remote work, and parental leave.

  2. Change recruitment processes: Often recruitment in Information Security relies on ad hoc, word-of-mouth recruiting through methods such as employee referrals. These approaches tend to create an unintentional bias against candidates who are not already well represented in IT. To counteract this, information security managers should communicate openings more broadly both internally and externally. Example approaches include:

    • Advertising new openings through the company’s intranet.

    • Posting openings to college job boards outside of the company’s typical recruiting network.

  3. Stop looking for perfection and focus on core skills: Information security managers have a tendency to create job advertisements with “laundry lists” of qualifications, which greatly decrease the size of the applicant pool.

    Instead of looking for the perfect candidate, managers can increase diversity by focusing on the core skills necessary for the job and looking for candidates from non-traditional backgrounds.


More On…

  • Information Risk Management

    The rising importance of information risk has dramatically changed the opportunities for CISOs. Information Security budget and headcount have increased more than 200% in the past four years. Learn how to make the most of all those resources.

Leave a Reply



Recommended For You

Information Risk: Balancing the Good and Bad of Data Analytics

The ability to collect far more data and analyze it in new and interesting ways...