Women in tech was a key community topic at this year’s Black Hat USA conference
The issue of diversity in the information security industry was a hot topic at Black Hat USA last week, as more companies look to create a more inclusive workplace.
Speaking at the security conference, which was held online and in person this year, Symantec’s Oryan De Paz and Omer Yair shared how the security vendor approaches recruitment while keeping diversity in mind.
Yair told attendees that their talk, titled ‘The Ripple Effect: Building a Diverse Security Research Team’, was conceived during the process of Symantec acquiring Javelin Networks, an Israel-based security start-up.
Read more of the latest news from Black Hat USA
Several media platforms in Israel had reported on the takeover, sharing a picture of the company which, at the time, was all male.
“There were no misogynists, no sexists, or any bad culture on our core team, yet initially it consisted entirely of men,” Yair, endpoint security team lead at Symantec, explained.
“We understood that there was an unconscious bias on our team, and we committed to change it.”
Yair and his team set about growing the number of female colleagues in their research team, making key changes in the way they recruit employees as well as the way they manage the team on a day-to-day basis.
The endpoint security team now consists of 50% female, 50% male staff.
Diversity toolbox
Yair shared some of the “tools” the team developed to enable them to achieve their mission statement.
When it came to job applications, Yair said it was important to “measure, and measure again” the resumés they were receiving to ensure they were considering a fair balance of men and women for roles.
They took notes from studies on how to increase the number of women who are attracted to a job post, and also contacted various women in tech groups to directly reach their target audience.
Work-life balance
Aside from growing diversity within new roles, Yair also shared how they committed to fostering a healthy work-life balance within the team.
For example, employees are measured on their output rather than time spent working, allowing them to focus on the pace of their work and not how many hours they’re sat behind a desk.
They are empowered to set “unavailable” hours on their calendars, during which meetings will not be scheduled.
DON’T MISS Respect in Security: New infosec campaign aims to stamp out harassment
Workers are also encouraged to “step out of their comfort zone” in their role, whether by learning a new skill or another avenue.
Yair said: “Those team members that are stepping out of their comfort zone… create another ripple effect because we improve the self-efficacy of the team members, we increase their self confidence and [the level of] professionalism.”
The cycle continues
Concluding, Yair said that by increasing diversity within the team, it in turn made for a happier and healthier workplace – one that now attracts a more diverse set of applications.
He said: “We started on this journey to increase diversity and that was our vision – our strategy was to increase the quality of inclusion in the workplace, that created a better atmosphere for us, which allowed us to increase the diversity.
“When you have a more diverse team and workforce, you can easily create a more, equal, inclusive environment, that [in turn] creates a better atmosphere, and the circle continues.”
YOU MAY LIKE Black Hat 2021: Zero-days, ransoms, supply chains, oh my!