RSA Conference 2024 recently came to a close, with over 40,000 attendees from more than 130 countries at Moscone Center in San Francisco.1 As expected, AI was a major topic this year, featured in keynotes, during sessions, and on the expo floor among many of the more than 600 exhibitors.
Undoubtedly, AI is already having a real-world impact on cybersecurity jobs, too. ISC2 CEO Clar Rosso shared recent research in her session, “AI in Cyber: Is the Cyber Profession Ready for Its Impact?”
The good news is that between early and late 2023, confidence in AI preparedness increased significantly. That doesn’t mean there aren’t significant concerns. Employee skills gaps (in both cloud and AI), lack of regulation, and ethics all remain issues. In fact, AI concerns over ethics and compliance are leading to a surge in hiring for legal teams instead of security teams.
Building an Inclusive Community in Cybersecurity
For the past few years, the RSA Conference has offered sessions on inclusive security. Many of last year’s sessions focused on closing the cybersecurity skills gap (now estimated at nearly 4 million people by ISC22) through education and partnerships. This year’s track went broader, looking at diversity, burnout, neurodivergence, accessibility, and more. The conference even offered a “Quiet Space” this year: a room with low lighting and faint music for attendees who needed a break from the crowds and noise.
Building a More Diverse Security Industry
Diversity, or rather the lack thereof in cybersecurity, was the subject of Wednesday’s first inclusive security session. According to ISC2, women comprise just 26% of cybersecurity workers under age 30.3 That drops to 14% among workers 40+, also highlighting a lack of female leaders in cybersecurity. Racial and ethnic diversity has improved, especially among younger workers, but some groups are still severely underrepresented. This demonstrates a disconnect between hiring managers who state improving diversity is a priority and the reality of the industry, according to speakers Dr. Brian Gant and Lamont Orange. They encouraged organizations to examine bias throughout the hiring process as well as to partner with K-12 schools and higher education to help build a diverse candidate pipeline for the future.
Creating a Better Working Environment
Improving the diversity of the cybersecurity workforce spans both hiring and employee retention. Two sessions focused on how to improve work environments for various groups, specifically women and neurodivergent people. Presented by Forrester analysts Jeff Pollard and Joseph Blankenship, “Avoid Being Accidentally Offensive (Guys Guide to Being an Ally)” recounted not just horror stories from female colleagues but also the ways people are sometimes unintentionally exclusive. Examples included:
- Talking over people
- Blocking someone’s exit route
- Assigning traditional gender roles (like asking a female colleague to take notes or arrange catering)
- Not recognizing someone is a subject matter expert because they don’t fit one’s preconceived notions
“Harnessing the Strengths of Neurodivergent Staff for Cybersecurity” looked specifically at how certain Autism Spectrum and ADHD traits may make people well-suited to specific security roles. For example, “multi-threaded” people (as may be seen in those with ADHD), excel at quick task switching for incident response or disaster recovery, while “single-threaded” people (more associated with Autism) have the focus needed for forensics. Speaker Rick Doten also covered how neurodivergent people may interview differently and how managers can help support neurodivergent team members.
Making Security Accessible for All
Accessibility is also key to inclusivity, as presented by Abhilasha Bhargav-Spantzel and Aditi Shah. A senior data and applied scientist at Microsoft, Shah, who is blind, shared how she uses accessibility tools and machine learning models to perform her work. The session also covered how many security methods, such as CAPTCHAs and biometrics, can exclude users, as can websites that don’t work with accessibility tools (see the Web Content Accessibility Guidelines to learn how to improve your own site’s accessibility). The speakers also recommended more accessible security tools, including offering alternate options to meet the varied needs of all people.
If you weren’t able to attend RSA Conference 2024, most sessions are available on the conference website (paid registration required). Many of the speakers and organizations also have additional content available to read or watch online for free.
- Hugh Thompson, RSA Conference “The Power of Community” keynote, May 2024
- ISC2, Cybersecurity Workforce Study, 2023, Nov 2023
- Ibid.