Connect with us

Tech

Connecting the dots on diversity in cybersecurity recruitment

Published

on

Connecting the dots on diversity in cybersecurity recruitment

Critical thinking and problem-solving are considered vital attributes for the cybersecurity professional — so it’s time our industry applied those capabilities to connect the dots between the skills shortage and lack of diversity.

There’s no question that recruiting talent in sufficient numbers right now is a growing challenge — but it’s one that I believe a more inclusive talent pipeline would help to alleviate.

In its Cybersecurity Workforce Study 2021, industry body (ISC)2 found that 2.7 million information security jobs remain unfilled worldwide. While this number is down from 3.1 million in 2020, we’re a long way from where we need to be. In the face of increased digitization and a rising tide of attacks, the current cybersecurity workforce of 4.2 million people globally needs to grow 65% to keep up with the demand for its skills.

In other words, we’re going to need to draw from a wider talent pool to plug the gaps. But as researchers from Washington, D.C.-based think tank the Aspen Institute point out in their Diversity, Equity and Inclusion in Cybersecurity report, diversity efforts to date “have not addressed the overwhelming white-ness and male-ness of the cybersecurity field.” Estimates suggest that only 4% of U.S. cybersecurity workers self-identify as Hispanic, 9% as Black and 24% as women, the report noted.

It’s clear that our industry faces serious future risks if it doesn’t find ways to recruit new talent to fill the growing number of vacancies. But more than that, its current lack of diversity poses more immediate risks because company systems aren’t homogeneous, and neither are potential assailants.

The authors of The Business Value of a Diverse Infosec Team from the cybersecurity think tank Institute for Critical Infrastructure Technology make this point forcefully: “Homogeneous experiences and perspectives yield less success compared to problem-solving done by teams with varied backgrounds.”

Proactive cybersecurity strategies, by contrast, aggregate a multitude of perspectives, which brings the benefit of innovation, problem-solving and consensus-building.

Shifting the narrative

As the chief information security officer (CISO) at search-powered solutions company Elastic, I believe that individual information security leaders can do a great deal to shift the narrative, at least within their organizations. What this takes is a hefty dose of fresh thinking when it comes to recruitment.

The cybersecurity team I lead as an LGBTQIA+ female CISO includes people who represent the array of human nature when it comes to neurodiversity, sexual orientation, gender identity, race and age. The picture is just as varied when it comes to background, educational pathway and industry experience.

But let me be clear: Diversifying the cybersecurity talent pipeline is not just a numbers game for me. I’m not just focused on onboarding in sufficient numbers to run a fully staffed team. It’s also about improving the quality of that team and the work we perform.

Put simply, a more diverse cybersecurity team is a better cybersecurity team. In a multidisciplinary field like this, different perspectives are critical. When threats and tactics change around us daily, the diverse viewpoints on my team help counter complacency by bringing new thinking to situations. Our adversaries, after all, are continuously trying new tactics, finding new ways to bypass controls and identify vulnerabilities. My team’s different perspectives bring a more disruptive “hacker mindset” to our work in countering attacks.

Our industry’s overreliance on specialists with the “right” qualifications and educational backgrounds might actually be a weakness — a point of view reinforced for me by David Epstein’s 2019 book, “Range: Why Generalists Triumph in a Specialized World.” Epstein argues that generalists with wide-ranging interests are more creative, more agile and able to make connections that their more specialized peers can’t see, especially in complex and unpredictable fields — a description that is a good fit for cybersecurity.

The value of diverse thinking within my current team is evident in the ongoing data protection certification process that we perform for customers. For this key compliance process, diversity is our strength, because our team can quickly get beyond “the way things have always been done” and find better, more efficient and — critically — safer ways to meet changing compliance objectives.

Another example where I’ve seen a clear-cut advantage of diverse thinking is from my team’s approach to supporting our fully distributed workforce. Being a distributed company by design, with almost 80% of our employees working remotely, demands that my team think differently when it comes to data privacy and protection. Our constant innovation in supporting secure remote working meant we were already prepared in this area when the pandemic hit, while cybersecurity teams at other companies were still struggling to make the leap.

Taking action

What matters most, of course, is transforming words into action. For me, it helps that I work for an organization that prioritizes inclusivity and acceptance for all employees in its Source Code.

This gives managers and employees alike a clear set of cues as to who we are as an organization and who we aspire to be, telling employees: “Just come as you are.” By creating an environment that is inclusive for all employees, through a commitment to equal pay, emphasis on internal hiring and prioritizing skills over location, we can hire and retain the best talent wherever they reside.

This year, our company’s aspirational DEI goals include a 40% hiring rate target for women or non-binary individuals, with a 30% hiring rate target for technical roles — globally. And for underrepresented groups, our hiring rate target in the U.S. is 35%, with 27% for technical roles.

With that backing, I’ve personally taken positive steps to ensure that Elastic increases diversity in its cybersecurity talent pipeline. So here are my pointers for other information security leaders:

  • Broaden the scope of qualifications. Look beyond traditional schooling and minimum career experience to see skills, qualifications, experiences and capabilities gained from shorter programs, online certificates, other jobs and participation in cybersecurity communities that support core foundational understanding of systems and their vulnerabilities.
    Some of the most successful teams that I’ve built over the years have not only come from a variety of IT backgrounds, such as systems architecture, business analysis and project management but from outside of the IT discipline entirely. For example, I hired a former emergency medical technician who moved into healthcare fraud analysis before joining my team. Former lawyers have brought attention to detail. People with a marketing background have proved adept at tackling customer data privacy challenges with empathy, while those from the financial sector bring new thinking to compliance issues.
    But what they all have in common, and what has made them strong additions to my infosec teams, is their curiosity, a willingness to question, and excitement to learn and try new things. These transferable experiences are just as important, if not more important, than specific skills.
  • Encourage underrepresented groups. Add language that explicitly states your interest in groups often left out of hiring pools, such as women, people of color and members of the LGBTQIA+ community. Job descriptions should make explicit that the company fosters a welcoming environment for everyone and encourages personal and professional development of its cybersecurity talent.
    For example, I have recruited for an intern program recently immigrated individuals who do not have the standard security qualifications. Most of these recruits quickly moved into full-time roles and outperformed cybersecurity veterans. I have also taken steps to work more closely with local community colleges on sourcing graduates and with recruitment specialists who focus on supplying more diverse candidates for cybersecurity roles, such as CyberSN.
  • Make your hiring process accessible. Many would-be applicants are discouraged if the hiring process isn’t adapted for those with accessibility needs. We’ve worked to ensure that everything from our recruiting site to our internal digital properties and tools follows international guidelines and translates to a positive environment for all candidates and employees.
    Anonymized hiring is an important part of this process. I regularly review resumes with the identifying information stripped to ensure that unconscious bias plays no part when we’re making judgments on job candidates.

Cybersecurity teams need people with diverse life experiences, education and skills, so our recruitment efforts need to reach a far wider audience. If they don’t, we risk overlooking talent and excluding viewpoints that could be instrumental in delivering on our mission as an industry. If we allow that to happen and continue instead to compete for the increasingly sparse talent that fits nicely with age-old biases, we’ll only have ourselves to blame.

Source: Tech

Tech

Dashworks is a search engine for your company’s sprawling internal knowledge

Published

on

As a company grows, the amount of important information employees need to keep track of inevitably grows right along with it. And, as your tech stack gets more complicated, that information ends up split up across more places — buried in Slack threads, tucked into Jira tickets, pushed as files on Dropbox, etc.

Dashworks is a startup aiming to be the go-to place for all of that internal knowledge. Part landing page and part search engine, it hooks into dozens of different enterprise services and gives you one hub to find what you need.

On the landing page front, Dashworks is built to be your work laptop’s homepage. It’s got support for broadcasting company wide announcements, building out FAQs, and sharing bookmarks for the things you often need and can never find — your handbooks, your OKRs, your org charts, etc.

More impressive, though, is its cross-tool search. With backgrounds in natural language processing at companies like Facebook and Cresta, co-founders Prasad Kawthekar and Praty Sharma are building a tool that allow you to ask Dashworks questions and have them answered from the knowledge it’s gathered across all of those aforementioned Slack threads, or Jira tickets, or Dropbox files. It’ll give you a search results page of relevant files across the services you’ve hooked in — but if it thinks it knows the answer to your question, it’ll just bubble that answer right to the top of the page, Google Snippets style.

Image Credits: Dashworks

Right now Dashworks can hook into over 30 different popular services, including Airtable, Asana, Confluence, Dropbox, Gmail, Google Drive, Intercom, Jira, Notion, Slack, Salesforce, Trello, and a whole bunch more — with more on the way, prioritized by demand.

Giving another company access to all of those services and the knowledge within might be unsettling — something the Dashworks team seems quite aware of. Kawthekar tells me that their product is SOC-2 certified, that all respective data is wiped from their servers if you choose to disconnect a service, and that, for teams that are equipped to host the tool themselves, they offer a fully on-prem version.

This week Dashworks is announcing that it raised a $4M round led by Point72 ventures, backed by South Park Commons, Combine Fund, Garuda Ventures, GOAT Capital, Unpopular Ventures, and Starling Ventures. Also backing the round is a number of angels, including Twitch co-founder Emmett Shear and Gusto co-founders Josh Reeves and Tomer London. The company was also a part of Y Combinator’s W20 class.

Image Credits: Dashworks

Source: Tech

Continue Reading

Tech

Daily Crunch: Google will offer G Suite legacy edition users a ‘no-cost option’

Published

on

To get a roundup of TechCrunch’s biggest and most important stories delivered to your inbox every day at 3 p.m. PST, subscribe here.

Hello and welcome to Daily Crunch for January 28, 2022! It’s nearly blizzard o’clock where I am, so please enjoy the following newsletter as my final missive before hunkering down. In happier and better news, TechCrunch Early Stage is coming up in just a few months and not only am I hype about it, I’ll hopefully be there IRL. See you soon! – Alex

The TechCrunch Top 3

  • Google invests up to $1B in Airtel: With a $700 million investment and $300 million in “multi-year commercial agreements” with Airtel, and Indian telco, Google has made its second major bet on Indian infra. Recall that Google also put money into Jio, another Indian telco. The deal underscores the importance of the country in the future of technology revenues.
  • What’s ahead for Europe: On the heels of news that European startups had an outsized 2021 when it came to fundraising, TechCrunch explored what’s ahead for the continent. Some expect a slowdown from peak activity, while others anticipate further acceleration. Regardless of which perspective you favor, European venture investment is expected to remain elevated for some time to come.
  • Zapp raises $200M: And speaking of European startups, Zapp, the U.K.-based quick-convenience delivery startup, just raised a massive Series B. The company previously raised $100 million, meaning that this round was big in absolute and comparative terms. As we see some consolidation in the fast-delivery space, this deal caught our eye.

Startups/VC

  • Are charter cities the future for African tech growth? TechCrunch’s Tage Kene-Okafor has a great piece up on the site noting that “African cities have the fastest global urban growth rate,” which is leading to overcrowding. Some folks think that “charter cities offer a solution.” Special economic zones of all types have been tried before – will they offer African tech a faster route forward?
  • Personalized learning is hot: Our in-house edtech expert Natasah Mascarenhas has a great piece out today on personalized learning startups – Learnfully, Wayfinder, Empowerly, and others – that are taking the lessons of remote schooling to heart and working to make products that work better for our kids. It’s an encouraging, fascinating story.
  • Rise wants to remake team calendaring: There is no shortage of apps in the market to help individuals and teams work together. But we might not need as many as we have. That’s why Rise is making me think. The team calendaring app just raised a few million, and could replace a few tools that myself and friends use. I wonder if the solution to the Tool Overload of 2022 is tools that do less, intentionally.
  • Canvas wants non-tech folks to be able to squeeze answers from data: Developers are in short supply, so no-code tools that allow folks who don’t sling code to do their own building are blowing up. Similarly, a general dearth of data science talent in the market is creating space for tools like Canvas, which “is going all in with a spreadsheet-like interface for non-technical teams to access the information they need without bothering data teams,” TechCrunch reports.
  • Zigbang buys Samsung IoT business: The IoT promises of yesteryear are coming true, and not. Samsara recently went public on the back of its IoT business. That was a win for the category. That Zigbang, a South Korean proptech startup, is buying Samsung’s IoT unit feels slightly less bullish.
  • Series F-tw? Once upon a time I would have mocked a Series F as indication that the company in question had failed to go public. But that was then. Today Series Fs are not that rare. Indian B2B marketplace Moglix just raised one, which doubled its valuation to $2.6 billion. Tiger co-led the $250 million round.

And if you are looking down the barrel of a blizzard, TechCrunch’s Equity podcast has your downtime covered. Enjoy!

European, North American edtech startups see funding triple in 2021

Image Credits: Bet_Noire (opens in a new window) / Getty Images

Pre-pandemic, VCs were notoriously reluctant to invest in education-related companies. Today, edtech startups are seeing higher average deal sizes, more seed and pre-seed funding from non-VC investors, and an influx of generalists.

According to Rhys Spence, head of research at Brighteye Ventures, funding for edtech startups based in Europe and North America trebled over the last year.

“Exciting companies are spawning across geographies and verticals, and even generalist investors are building conviction that the sector is capable of producing the same kind of outsized returns generated in fintech, healthtech and other sectors,” writes Spence.

(TechCrunch+ is our membership program, which helps founders and startup teams get ahead. You can sign up here.)

Big Tech Inc.

  • Northern Light Venture Capital’s He Huang says the Chinese robotics market is overheated: Per the investor, robotics in China is “riddled with speculation and overvalued companies,” calling the situation a bubble. It’s worth noting that China’s central government is working to retool where its tech investment dollars flow.
  • Robinhood goes down, back up: This morning, in the wake of the company’s lackluster earnings report, TechCrunch dug through why Robinhood’s stock sold off in after-hours, pre-market, and early trading sessions yesterday and today. And then Robinhood turned around and gained ample ground during the rest of the day. It’s a weird market moment, but good news for the U.S. fintech all the same.
  • Google to allow legacy G Suite users to move to free accounts: After angering techies still using the “G Suite legacy free edition” by announcing that it was ending the program and requiring payment, the search giant has decided to ”offer more options to existing users,” TechCrunch reports. Somewhere inside of Google, a business decision just met the market and was flipped on its head. Makes you wonder who is calling the shots over there, and if they previously worked for McKinsey.

TechCrunch Experts

Image Credits: SEAN GLADWELL / Getty Images

TechCrunch wants you to recommend growth marketers who have expertise in SEO, social, content writing and more! If you’re a growth marketer, pass this survey along to your clients; we’d like to hear about why they loved working with you.

Source: Tech

Continue Reading

Tech

3 experiments for early-stage founders seeking product-market fit

Published

on

At Human Ventures, we have a fund for pre-seed and seed-stage investments, a venture studio and an Entrepreneur in Residence (EIR) program.

Through this work, we’ve discovered a lot about how different founders fulfill their journey of customer discovery and product-market fit. One of the largest challenges for pre-seed and seed stage founders is determining where to start: There are a million things to do. What should you do at each stage?

We interviewed three founders from our portfolio, all of whom ran discovery experiments to find their product-market fit at different stages of their company’s development.

Here’s what they had to share:

Pre-MVP/customer discovery phase: Tiny Organics

Tiny Organics is a plant-based baby and toddler food company on a mission to shape childrens’ palates so they’ll choose and love vegetables from their earliest days. The company raised $11 million in their Series A in 2021 and is growing at over 500% annually.

Founders Sofia Laurell and Betsy Fore joined our venture studio as EIRs and went through a six-week discovery sprint. As Sofia explains, they knew they wanted to build something to make parents’ lives easier and threw a lot of initial ideas at the wall from the Finnish baby box 2.0 (Sofia is Finnish) to an easier way to create Instagrammable baby pictures.

They went through multiple exercises to test the viability of new parents’ most pressing and urgent needs:

  • Conduct a “Start with Why” exercise
  • Define the “Jobs to be Done”
  • Create a lean canvas for each (viable) concept
  • Define the user journeys
  • Conduct user surveys using platforms like pollfish.com and 1Q (instant survey tool)
  • Identify and define their customer personas
  • Conduct customer interviews and synthesize them
  • Construct concept prototypes

They also met prospective customers, conducting a focus group of 10-15 moms. When the founders asked them to text them what they were feeding their children along with pictures for a week, they realized the lack of healthy finger foods in the market, thus sparking the idea for Tiny Organics.

Source: Tech

Continue Reading

Trending