Written
by
Joanne
Hall,
School
of
Science,
RMIT
University
and
Maria
Beamond,
School
of
Management,
RMIT
University.
Cyber
threats
and
attacks
are
increasing:
Australian
organisations
face
unprecedented
risks.
Although
an
increasing
number
of
tech
companies
are
active
cyber
defenders,
many
report
difficulties
in
recruiting,
retaining,
and
developing
cybersecurity
talent:
Inclusive
talent
management
could
be
the
answer.
Diverse
cyber
adversaries
require
diverse
cyber
defenders.
In
the
workplace,
teams
with
talent
from
diverse
backgrounds
enable
cyber
threats
to
be
examined
from
multiple
perspectives.
However,
an
organisation
only
gets
value
from
the
diversity
of
their
workforce
if
the
underrepresented
groups
are
empowered
to
contribute.
Inclusive
talent
management
assumes
that
everyone
has
‘a
talent’;
empowering
everybody
to
boost
the
success
of
their
organisation.
The
OECD[1]
defines
diversity
along
six
dimensions:
migration;
ethnic
groups,
national
minorities
and
indigenous
peoples;
gender,
gender
identity
and
sexual
orientation;
special
needs
including
learning
disabilities
and
physical
impairments;
and
giftedness
including
neurodiversity.
We
also
suggest
that
diverse
academic
background,
professional
experience
and
age
are
also
important
dimensions
of
diversity.
Each
of
these
dimensions
may
need
specific
talent
management
strategies
to
recruit,
retain
and
train
(or
retrain)
potential
cybersecurity
talent.
However,
an
inclusive
organisational
culture
is
an
imperative.
Organisations
with
a
culture
that
makes
them
more
welcoming
and
inclusive
increase
their
competitive
advantage.
Inclusive
talent
management
practices
are
not
yet
widespread
in
the
cybersecurity
industry.
Let’s
look
at
some
of
the
ways
that
inclusive
talent
management
could
be
applied
to
cybersecurity
workforce.
Recruitment
Job
advertisements
frequently
request
a
number
of
years
of
work
experience.
However,
a
curious,
creative
professional
actively
involved
in
their
community
could
rapidly
acquire
deep
technical
skills
and
organisational
knowledge.
Limiting
to
recruit
and
attract
talent
with
a
specified
duration
of
experience
could
exclude
the
most
enthusiastic,
curious,
creative,
and
community-engaged
cybersecurity
talent
from
your
shortlist.
Technical
and
non-technical
skills
are
required
in
all
cybersecurity
roles.
Technical
skills
can
often
be
learned
in-house,
whereas
the
non-technical
skills
(or
soft
skills)
can
be
more
difficult
to
gain.
For
example:
a
former
emergency
nurse
with
some
technical
training
might
be
good
in
an
incident
response
role
because
they
can
keep
calm
in
a
crisis.
A
former
librarian
might
be
good
in
a
governance
role
as
they
have
the
patience
to
read
extensive
documents.
A
person
who
is
blind
may
note
vulnerabilities
because
they
interact
with
technology
in
different
ways
to
a
seeing
person.
A
neurodiverse
talent
may
have
traits
such
as
hyperfocus,
precision,
persistence
and
the
ability
to
identify
patterns.
Recruitment
which
focuses
on
technical
skills
and
experience
may
fail
to
attract
those
with
highly
developed
non-technical
skills,
and
nonstandard
perspectives.
Recruitment
processes
need
to
be
flexible
enough
to
engage
with
the
diverse
dimensions
of
talent.
For
instance,
neurodiverse
talent
often
presents
poorly
in
an
interview,
yet
are
very
capable
in
a
technical
role.
For
a
client
facing
role,
and
interview
may
be
appropriate,
however
interview
panels
need
to
be
diverse
to
attract
diverse
talent;
such
as
if
all
members
of
an
interview
panel
of
the
same
gender
or
cultural
background
may
turn
off
candidates
with
different
gender
or
cultural
background.
Recent
graduates
are
ambitious
and
enthusiastic,
but
little
experience
on
where
best
to
build
and
direct
their
innovative
ideas
and
energies.
Broad
ranging
and
structured
support
can
rapidly
turn
an
inexperienced
graduate
into
a
valuable
team
member.
Recent
graduates
expect
lower
salaries
than
experienced
professionals,
making
recent
graduates
an
attractive
addition
to
an
established
team.
Some
graduates
have
experienced
unpaid
internship
experiences;
or
international
graduates
are
vulnerable
to
exploitation
by
unethical
migration
agents
or
by
intensive
workload
are
few
examples
of
what
is
happening.
Curiosity
and
creative
problem
solving
are
some
of
the
most
sought
after
attributes
in
cybersecurity
staff.
Yet
very
few
job
advertisement,
key
selection
criteria
or
promotion
rubrics
mention
curiosity
or
creativity.
Well-resourced
curiosity
turns
a
little
bit
of
knowledge
into
subject
matter
expertise.
Well
supported
creativity
turns
tricky
problems
into
achievable
solutions.
Hiring
for
curiosity
and
creativity
and
providing
resources
and
support
can
create
teams
with
deep
knowledge
that
can
creatively
solve
tricky
problems.
Retention
Valuing
staff
contribution
can
be
done
in
many
ways.
Salary
is
important,
but
not
everything.
Some
people
enter
cybersecurity
for
the
technical
challenge,
some
for
the
humanitarian
ideal
of
keeping
the
community
safe,
some
because
they
think
hacking
is
‘cool’,
some
because
would
like
to
go
back
to
the
workforce,
or
some
just
because
they
have
the
skills.
Those
motivated
by
technical
challenges
may
not
be
interested
in
managerial
career
pathways,
as
well
as
those
who
are
retired
may
like
to
work
few
days
per
week;
those
motivated
by
humanitarian
notions
may
like
to
choose
their
projects
based
on
end
user
groups;
those
who
want
to
be
a
hacker
may
not
like
client
engagements
that
require
a
business
suit;
and
those
motivated
by
their
own
skills
(such
as
neurodiverse
talent)
may
not
be
interested
in
any
of
the
former.
Providing
opportunities
for
work
that
matches
an
employee’s
motivation
leads
to
staff
feeling
valued.
Equitable
opportunities
include
large
things
like
promotion
pathways;
project
allocation;
travel
opportunities;
special
training
and
mentoring
opportunities
fitting
the
different
diverse
dimensions
of
talent;
and
creating
a
safe
workspace
in
relation
to
e.g.,
team
meetings,
task
allocation
and
the
way
that
someone
is
introduced.
Studies
indicate
that
white
men
often
speak
most
in
team
meetings
and
interrupt
their
female
or
non-white
colleagues.
Neurodiverse
talent
feels
valued
and
supported
at
work
when
employees
provide
a
place
where
they
can
be
safe
and
relaxed
with
non-distractions
and
pressures.
Indigenous
talent
value
organisations
that
support
connectivity
with
their
community,
and
provide
cultural
awareness
training
within
organisations,
development
and
training
opportunities,
and
ongoing
support
and
mentoring.
When
mature
age
talent
make
fewer
mistakes,
are
more
reliable,
and
have
higher
productivity
rate
than
their
younger
colleagues,
they
look
for
flexibility
in
the
workplace,
still
want
the
social
engagement
and
intrinsic
rewards
but
with
less
career
focus.
Creating
organisational
strategies
to
support
diverse
dimensions
of
talent
not
only
enhance
retention
and
productivity
but
also
a
sustainable
workforce,
reputation,
and
competitive
advantage.
Training
Employers
can
offer
study
leave
or
payment
of
course
fees
to
support
their
staff
to
upskill
into
a
cybersecurity
domain
or
create
their
own
training
strategic
support.
Many
universities
and
TAFEs
offer
cybersecurity
courses
of
various
lengths
and
foci,
from
the
highly
technical,
to
a
business
focus,
for
highly
theoretical
to
practical
implementations.
Various
courses
of
study
are
eligible
for
commonwealth
funding
support.
However,
training
may
need
to
fit
with
needs
of
diverse
dimensions
of
talent.
Training
and
retraining
are
valuated
to
most
diverse
dimensions
of
talent.
Private
training
organisations,
industry
bodies
and
vendors
offer
short
courses
that
can
train
people
in
a
specific
area
of
knowledge.
Organisations
can
consider
arranging
for
a
team
of
employees
to
do
a
specific
short
course
of
most
relevance.
This
can
be
useful
for
those
in
a
cybersecurity
role
who
need
to
learn
a
new
technology,
or
those
in
an
adjacent
role
looking
to
enter
into
a
cybersecurity
role.
Vendor
training
(or
retraining)
packages
may
offer
good
value
if
your
organisation
is
already
using
the
vendors’
products,
but
can
be
used
to
advertise
new
products,
which
may
not
be
the
best
use
of
your
staff
time.
Be
aware
that
the
private
training
space
is
diverse
with
many
quality
operators
vying
for
space
alongside
shams.
We
teach
our
staff
to
spot
a
scam
email,
we
can
also
try
to
spot
a
sham
training
offering.
Sharing
knowledge
and
skills
within
an
organisation
builds
capacity.
Rotating
staff
into
a
cybersecurity
team
for
a
few
months,
and
rotating
cybersecurity
staff
into
another
team
for
a
few
months
can
build
cross
disciplinary
skills,
and
productive
working
relationships
across
business
units.
Training
and
development
are
two
of
the
most
valuated
aspects
within
the
diverse
dimensions
of
talent,
attracting
these
talent
and
retention.
Inclusive
Talent
Management
for
Cybersecurity
Inclusive
talent
management
means
ensuring
that
all
staff,
including
diverse
dimensions
of
talent,
have
equitable
opportunities
for
career
development,
and
are
supported
to
engage
in
formal
training
and
development,
and
knowledge
sharing
experiences
if
they
are
interested.
-
Attract,
recruit,
and
retain
diverse
dimensions
of
talent
through
an
inclusive
company
culture -
Ensure
that
job
advertisements
and
instructions
to
recruiters
will
not
exclude
cross
trained
or
informally
trained
staff. -
Take
a
chance
on
a
recent
graduate,
especially
if
you
are
adding
strength
to
an
existing
team. -
Get
value
from
the
diverse
perspectives
in
your
organisation
by
ensuring
that
everybody
is
empowered
to
contribute
all
their
best
ideas. -
Build
technical
and
managerial
career
paths
within
your
organisation. -
Investigate
upskilling
options
(training,
retraining),
universities,
TAFEs,
private
training
organisations
and
vendors
can
provide
useful
training
options
that
can
be
fitted
to
diverse
talent,
but
don’t
get
scammed! -
Design
ways
to
share
cybersecurity
skills
within
your
organisation.
Strength
through
Diversity:
Education
for
Inclusive
Societies
(https://www.oecd.org/education/strength-through-diversity/Design-and-Implementation-Plan.pdf)
About Author
