You’ll see discussions about how important diversity is in a workplace from any social media platform to maybe within the organization that you work at. My mindset regarding diversity, specifically in security, wasn’t ensuring we had a diverse group of people working in the SOC. No, it was all about if they had passion.
As I mentioned in my other blog post, “My 6 SOC Analyst Questions,” one of my questions is, “Who is somebody that you look up to in the security field and why?” This question is so important to me because it gives me a feel of maybe what subcategory of security they’re interested in, but more importantly, are they aware of people in the field? It shows me a level of interest. For example, pick a sport on TV: even the most casual watchers can give you a player name or two and an aspect of their play. A person who is excited and memorizes every detail of a sport – I’m looking for that quality but for security.
So, no matter if librarian, chef, or cashier at a grocery store, I’m always looking for that passion. Suppose a chef comes into an interview and shows me that they’ve been working hard in Tryhackme every day after cooking. That speaks volumes to me, and it would be somebody to advocate for hiring versus somebody who might have that security background but no interest in improving. So, my decisions have been easy up to this point.
But what if you hire that librarian and another one and another, and suddenly your team is made up of 80% of librarians? It seems far-fetched, but it isn’t. People are more inclined to hire those with a similar background. The term for this is Homophily, a concept in sociology describing the tendency of individuals to associate and bond with similar others. This isn’t necessarily a bad thing. In some ways, when I’m in the interview process, I’m doing the same thing, trying to find somebody who is similar to me and has that passion for security.
There is a problem with my above examples with only hiring librarians. They all had similar backgrounds. Maybe they’re taught and shown how to have good organizational skills, which in the middle of an incident response might be key to making a timeline of events when there’s a large amount of data. But let’s say librarians had a common quality (and I am not saying they do) such as communication issues. Let’s pretend talking to people is not their forte; they’re more comfortable organizing information or books than talking to people, and nowadays, you don’t even check out a book through a librarian. Now imagine that 80% of your workforce has this quality because they all come from this background. This is a huge gap that would need to be filled in security. Communication with users and other coworkers is crucial to any investigation.
Diversity can help fill these gaps; instead of making all of your staff do a Dale Carnegie class to work on their communication skills or general people skills, bringing in a cashier might be a way to give the rest of the team insight on how to communicate with users and solve their problems in sometimes higher-stress situations. A more diverse team has the potential to spark discussions and generate a range of ideas. When individuals with different life experiences collaborate, it encourages a learning environment.
It may seem tempting to gather a team of like-minded individuals. Still, the true measure of effective leadership lies in the ability to take a step back and assess the collective skill set, identify potential gaps, and bring in individuals who not only complement but enhance the team’s capabilities. This is what diversity means to me, and I’ll still be looking for passion, but this kind of diversity is something I’m looking for in interviews.