To succeed in a high-stress, complex, dynamic environment — such as a cyber incident response or security operations center — you need a diverse team of talent. The professionals on your team need to perform different roles with different skills, hopefully leveraging different perspectives on the task at hand. Everyone's strengths are needed to overcome each individual weakness. In business-book-speak, having a diverse team helps us avoid falling victim to ‘group think’ and instead take advantage of the ‘wisdom of the crowd.’
As we discussed in Part 1 of this series, there are more available cyber positions than ‘traditional’ candidates to fill them. Leidos eagerly aims to increase our pipeline for new talent and build more diverse teams to tackle the world’s most challenging cyber issues. We want people to constructively question ideas, empathize with our clients' challenges, and generate innovative solutions in a hotly contested, ever-changing environment.
Too often, the cyber industry exhibits a recruiting bias toward computer science or engineering majors for careers in cybersecurity. As a result, we almost immediately lose diversity of thought, or cognitive diversity. Cognitive diversity is defined as differences in perspective or information processing styles; these styles detail how someone interacts with information and how they rely on their own opinion vs. the opinions of others.
We often refer to diversity by demographic indicators such as age, gender, or race. However, according to a study by two U.K. researchers, it is a high degree of cognitive diversity that improves the performance of a team in the face of new, uncertain, and complex situations — which is precisely what the cyberspace environment demands.
Cognitive diversity is best assessed through behavioral interviewing and assessments, and is not always visible when looking at your team. We can also use proxy indicators of cognitive diversity by identifying teammates who have different formal education, different work experiences, and different levels of adaptability to confront cyber challenges.
Different formal education
Cybersecurity roles and positions leverage a variety of skills and knowledge, and not all of these skills and knowledge are learned through advanced degree programs. Despite the addition of cybersecurity degrees and an emphasis on computer science majors, not all cybersecurity jobs require a college degree — the so-called ‘new collar’ jobs. There are more and more exceptional community college-based or military-provided training programs that prepare candidates for immediately valuable positions and longer-term career paths in cybersecurity.
Cyber positions often come with requirements for a variety of certifications, which aim to validate and prove the knowledge of the practitioner; the values and types of these certifications vary by role. By combining team members of different educational backgrounds, teams can pull on knowledge and skills from individual contributors to make a bigger impact.
Different work experiences
We look for employees with an array of work experiences — from past military or National Guard careers, systems administration, accounting/finance, law, etc. — to draw on those acquired skills needed to perform cybersecurity services and deliver solutions. For example, if we’re looking for candidates who will be working with clients onsite (especially during a stressful time, which happens a lot!), we might look closely for those with past customer service positions in retail or food service.
Believe it or not, skills gained from those experiences are helpful in genuinely expressing our commitment to our clients through the delivery of high-quality service that centers on their needs.
Different levels of adaptability
We like to think of cyber positions along a continuum, based largely on a practitioner's adaptability of their knowledge, skills, and abilities to the situation at hand (we will discuss this more in Part 5 of the series). For instance, roles such as compliance management and information assurance are attuned to those who are able to create order from chaos and remain detail-oriented when confronted with a vast array of information. Conversely, those who have the ability to identify alternative ways to use a network or novel ways to gain access to critical information make successful penetration testers. We need a mix of people who on the one hand, can be highly adaptive to an emerging threat, and who on the other hand, continue to focus on the daily tasks to protect and defend critical networks and information.
Any discussion of diversity almost always circles back to demographic features of age, gender, and culture. Across our worldwide workforce, we see how U.K.-educated staff approaches problems from a different perspective than those in the U.S. or Australia.
“As a U.S.-educated female, I know that I have different decision biases in analytical thinking and threat analysis than many of my male colleagues, who often have military backgrounds.” — Meghan Good.
Together, we have constructive arguments, pull on completely opposite sets of experiences, and yet develop improved consensus on the way ahead. It is sometimes a lesson in frustration, communication, and even diplomacy to debate with integrity, decide with agility, and ultimately work together to improve the outcome of whatever challenges we face. Data proves that this approach is paramount to success.
McKinsey research shows that gender-diverse companies are 15 percent more likely to outperform their peers and ethnically-diverse companies are 35 percent more likely to do the same. Deloitte Australia research shows that inclusive teams outperform their peers by 80 percent in team-based assessments.
To leave you with an analogy, let's look at a dynamic team sport such as soccer. A successful soccer team almost always needs a great goalkeeper, but a team full of only great goalkeepers likely wouldn't fare too well. Thus, in the similarly dynamic environment of cyberspace, you need a well-rounded team of experts in order to make the biggest impact.
To read this series in its entirety, please click below:
- Part 1: Where we are and where we need to be
- Part 2: How we build capacity
- Part 3: Striving for cognitive diversity
- Part 4: Successful candidates aren't one-size-fits-all
- Part 5: What does success look like?