Taking steps to break down systemic racism in cybersecurity

Written by and

Racism, like cybersecurity, is a national security issue. Systemic racism prevents diverse perspectives from informing policy and security. As a result, it hampers our ability to understand and combat misinformation and to address our society’s vulnerabilities so as to prevent our adversaries from exploiting them.

Systemic racism also blinds us from seeing and leveraging the diverse experiences before us, undermining our ability to understand how all communities use technology and to ensure different voices are welcomed, heard, and protected in our national security institutions. We all have a role to play in the security of our nation, and there are so many institutional, systemic, and overt racial biases that make this problem so complex. So how do we start to dismantle them?

We must start by acknowledging that these problems exist in our industry and begin taking tangible steps to educate ourselves on the impact of slavery and systemic racism on the lives of Black Americans and all BIPOCs. How do we operationalize our enhanced understanding, empathy, and desire to be actively anti-racist? There are many ways to engage individually, organizationally and globally; however, it seems people hesitate to engage for fear of making a mistake. It’s also easy to think that as one person, there isn’t much you can do, but even small actions can have a big impact.

Making change is hard, but it’s necessary. Taking lessons from “Switch: How to Change Things When Change Is Hard” by Chip and Dan Heath, there are a number of steps we can take. These include breaking down the problem, tackling specific issue areas (“shrinking the change”), providing crystal clear direction, rallying the crowd, and motivating people to take specific action.  These actions work.

Those actions underpin the theory of change that motivated us to host the #ShareTheMicInCyber on June 26. As the community acknowledges that it is not doing enough, it is seeking ways to stand up and do better. #ShareTheMicInCyber was our attempt to break down barriers, engage the cybersecurity community, and promote sustained action. It started as a partnership between two people and evolved organically into a social media movement.

The aim was to spur an online conversation on Twitter and LinkedIn with the view of  addressing a number of specific issues stemming from systemic racism in cybersecurity–how to highlight the experiences of Black practitioners in this field, catalyze a critical conversation on race in the industry, shine a light on Black practitioners’ accomplishments to identify them as experts in their fields, as well as to create professional opportunities and bring the community together.

#ShareTheMicInCyber paired Black practitioners with prominent allies, lending their social media platforms to the practitioners for the day.  The event yielded tangible impact–based on the number of followers of the allies, organizations, and influential amplifiers, we estimate a combined reach of 1.5 million Twitter users. Practitioners were asked to join meetings and advisory boards, and over $10,000 was raised to support training and certifications for our practitioners. Beyond these opportunities, the online discussion revealed an ongoing struggle with racism in cybersecurity–highlighting critical aspects of the job experienced by so many that are often swept under the rug and invisible to their white colleagues.

Black practitioners also discussed the recurring need to have to defend their existence and deal with feeling unqualified or having to “code switch,” all things that drain mental and emotional energy that are better spent on the job. These are just some of the issues that we must continue to identify and address if we are to disrupt the system and make lasting change in the cybersecurity and national security industries.

Most diversity efforts are focused on the diversity pipeline into cybersecurity but there are a number of talented Black and Brown practitioners already working in this space. We decided that elevating their voices and stories was important. These practitioners’ colleagues need to know they are here, understand their struggles in this industry, and create space for them to build a platform. The talent pipeline will continue to suffer if the next generation cannot see themselves in the industry or are defined by stories of exclusion and isolation.

Where do we go from here?  The conversation cannot be limited to a day on social media. We know that more must be done—we cannot sit back, pat ourselves on the back, and go on with our lives. Sustained effort is needed, but we acknowledge this will be a continual process of learning and action.

The community’s input and experiences are critical to making change.  Here are some ideas if you don’t know where to start:

  • Start with yourself: Invest time in acquainting yourself with the vast literature on systemic racism.
  • Get buy-in from senior leaders within your organization: ask your leaders what they are doing to propel the conversation on systemic racism and to promote allyship within the organization and across the industry. Then hold them accountable.
  • Be a change-maker yourself: Actively engage Black practitioners in your conversations and conferences. Acknowledge their subject matter expertise. Offer mentorship. Do your part.

This a call to action. You can harness the movement and work together towards building a field that is inclusive, filled with diverse voices and think about the impacts of race can have in how we build and implement technical and policy security controls.

Camille Stewart is an attorney and strategist in cyber and the Head of Security Policy & Election Integrity for Google Play & Android.  Lauren Zabierek is the Executive Director of the Cyber Project at the Harvard Kennedy School’s Belfer Center for Science and International Affairs.