Building an Inclusive Team
Written in collaboration with Roxie Zaricor (she/her) and CG Acharjya (they/them).
Representation in the security field has made great strides over the past few years but has a long way to go. According to the Aspen Institute, in 2021 only 24% of the security workforce were women. During my tenure as CISO at PayNearMe, I built a team made up of 50% women, far exceeding the average. I’d like to share some of the management techniques I’ve learned in how to attain a well-represented team and to make everyone feel welcome and included so you can retain that team. This all leads up to having a team who feels trusted and connected to the whole. An employee who feels disrespected and distrusted is not going to stick around.
Hire well
To have a well-represented team, you of course have to first hire one. It can feel like a chicken-and-egg problem trying to hire a well-represented team in a field that is very much not so, but it is not an insurmountable problem. The first hurdle to tackle is to have a diverse candidate pipeline representing individuals with all sorts of different backgrounds. Don’t look along the well-trodden diversity categories like gender and race. Look at the stereotypical categories for those outside the norm.
Career backgrounds: did they start out in a completely different field? is there someone from another field within your company or network who shows potential?
Where are they located: I guarantee that someone from New Jersey is going to have a different approach than someone from Northern California
Consider diverse education backgrounds: having all PhDs will be different than having a mix of educational backgrounds
Encourage your recruiting teams to look at many different sources for candidates like different special interest groups or groups focus on under-represented groups. I can also tell you that when you have a well-represented team who respects and trusts you, it will be easier to find a diverse candidate pool. They will reach out in their own network and actively support the recruitment effort.
Once you have that diverse candidate pool, you must keep the momentum going by planning a well-represented interview process. I always make sure that the interviewers are a diverse bunch because they will ask questions from different perspectives. They will also be able to gauge how well the candidate reacts to people from different backgrounds. I’ve seen candidates be vetoed because in a male/female interview panel, they disrespected the woman on the panel. It won’t help your efforts to build an inclusive team if you hire someone who is disrespectful or doesn’t see the value in inclusivity.
Bring your whole self
I always encourage my team to be authentic and part of that is allowing them to have moments of vulnerability. Security is a stressful field and can sometimes lead to heightened emotions. I’ve had one-on-one meetings where the other person apologized for showing their emotions. I made sure that they know it is ok to have emotions. We are all human and our emotions are as much a part of our humanity as the work we perform at our computer. By creating an environment where emotional intelligence can thrive and grow, we give those opportunities to everyone for success. Doing this will help your team feel safe and that feeling will build trust and alleviate the fear and anxiety that can hamper their work. You also need to make sure that you follow-up with your team. If they tell you that they are going through a personal crisis, check in with them in a day or two. I guarantee that it communicates that you see them as a human and not as a machine.
Burnout is widespread across a lot of fields but very much so in security. It can feel like you are jumping from fire to fire in security and like you can’t even trust the ground you walk on. This anxiety adds up over time. When you have regular one-on-one meetings with your team, ask them periodically how they are doing? It’s easy to get lost in the mundane task and project management and forget the person behind that work. In all my one-on-one notes, I have a section for venting. Anything goes in that section, without judgement. You don’t have to have an unending meeting all about venting but provide space to vent so they can better focus on the work at hand. Sometimes that’s all they need. A quick “I gotta vent”, which gives them a chance to “feel the feels” and then move on.
Be an ally
Even if you yourself aren’t an under-represented individual in security, there is so much that you can do to help. One of the most impactful things I’ve done is leading an employee resource group (ERG). ERGs don’t just have to be for under-represented groups, they can be for any group wanting to connect with similar individuals across the company. I’ve seen ERGs for parents, for people who cycle to work, people who are care providers for loved ones, etc. All of them are important elements in helping your team feel connected to the company as a whole. I can tell you from experience, it can be very demoralizing to be the odd one in the larger company. Having these groups let’s everyone know that they have someone else they can talk to.
I would also encourage you to mentor people on your team, even beyond under-represented folks. You as a security leader have experience that others want to know about. This ties back into the whole of how to build trust and connection with your team. Ask them what their vision for their growth path is and see how you can help them achieve that. You also must be honest with them about the potential for that growth path. One of the most impactful moments in my career was when my boss told me that there wasn’t a sufficient growth potential for me at my company. With his encouragement, I went to another company to continue growing my career. It left an indelible mark in me on how I manage people.
Be an advocate also for clear paths to promotion. Biases can creep into the promotion process if guidelines are not set forth and can leave under-represented folks feeling disfavored when they do not get a promotion they were hoping for. These don’t have to be quantitative metrics but at least be transparent with them along the way so that nothing is a surprise.
In Summary, building an inclusive team is hard. But it makes all the difference, and in the end, is worth every bit of the work. You have the ability and tools to work with an amazing group of people, who will think the same about you. It’s worth the time and effort! Trust me, or better yet, ask my team!