Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Why Diversity of Thought in the Workplace Matters

Organizations Need Strong Leadership Backing in Order Train Managers on More Inclusive Management Styles

Organizations Need Strong Leadership Backing in Order Train Managers on More Inclusive Management Styles

Workplace demographics have evolved greatly in the past half century with women and minorities represented in much larger numbers than at any time previously.  Gender, age, and ethnic diversity – among others – have become valued benchmarks for companies in gauging whether employee talent and executive leadership adequately reflects the overall population.  Diversity is clearly good for business, but for reasons that go far beyond optics or good PR.  Simply put, the more diverse your workforce, the more diverse their perspectives. Hiring people of varied backgrounds and views generates the kind of thoughts and ideas vital to working smartly and quickly, which is especially important in the cybersecurity industry where discerning an attacker’s motives and strategies is critical to staying one step ahead.

Cyber intelligence tradecraft is an integral component of cyber security. Security analysts daily collect and interpret data to direct strategic decisions and inform leadership. Successful cyber intelligence programs successfully synthesize data, research, trends and techniques to build useful actionable intelligence. However, doing this effectively requires that analysts interpret new evidence free from any cognitive bias that could lead to conclusions confirming existing ideas and positions. 

Cognitive biases are mental shortcuts made to quickly process information and decide on an action. Not every cognitive bias leads to bad decision making, but many can. In fact, hackers and threat actors bank on cognitive biases to get their targets to download malware or give up protected data. Some examples of common cognitive biases include:

• Automation bias: Overly relying on automated systems to generate information and guide decisions. 

• Confirmation bias: Interpreting, focusing on, or recalling information that confirms preconceptions. 

• Selective perception: Letting expectations affect perception. 

• Zero-risk bias: Preferring to reduce a small risk completely rather than reducing a larger risk by a bigger overall margin. 

Advertisement. Scroll to continue reading.

Maintaining objectivity and guarding against biases and reflexive group think is especially important to security analysts tasked daily with evaluating an ever-increasing amount of complex data.  Distributive decision-making can help reduce cognitive biases that may lead to limiting group think, while building a diverse workforce of people with a multitude of different characteristics is a natural way to ensure diversity of thought.  The more unique the experiences/backgrounds of the analysts who comprise your security team, the better and more comprehensive their ideas, intelligence and analysis are likely to be.

A Deloitte University Press GovLab report (PDF) points out that by increasing diversity of thought, employees are less likely to disregard new information or be afraid to challenge the status quo. Employees will feel safer to present new ideas and, more importantly, to disagree. In turn, this may also lower cognitive dissonance (e.g. believing one thing, but doing the other). The report details the many benefits diversity of thought may offer organizations broadly, and by extension security teams specifically, noting that “Even the slightest nuance of one worker’s thinking, if appropriately harnessed, could bring value to the organization.” such as:

• Guarding against groupthink and expert overconfidence leading to more thorough and innovative information processing. 

• Increasing the scale of new insights to connect multiple tasks and ideas together in a new way. 

• Helping organizations identify the right employees to align individuals to specific teams and jobs where their unique skills would be most beneficial. 

Ultimately, diversity of thought fosters psychological safety, which is a shared belief among teams that they perceive they are safe to take risks, and is one of the core indicators of highly effective teams. While the benefits of promoting diversity of thought are clear, it’s not easy to make these changes. 

Organizations need strong leadership backing in order train managers on more inclusive management styles and reconsider their organizational policies to ensure they cater to a diverse workforce. As a service-based company, we value constructive conflict, differences in opinion, and promoting the unique backgrounds and traditions our workforce brings. These diverse teams not only allow us to harness different skill sets for cybersecurity’s unpredictable moments, but are instrumental in getting the “best” out of our employees, not just the “most.”

Written By

Alastair Paterson is the CEO and co-founder of Harmonic Security, enabling companies to adopt Generative AI without risk to their sensitive data. Prior to this he co-founded and was CEO of the cyber security company Digital Shadows from its inception in 2011 until its acquisition by ReliaQuest/KKR for $160m in July 2022. Alastair led the company to become an international, industry-recognised leader in threat intelligence and digital risk protection.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem