Managing for Inclusion Across the Talent Lifecycle: The Key to Diversity, Equity, and Inclusion in Cybersecurity

One way to break the logjam might be to take a longer view.

It’s one thing to say we want diversity in the cybersecurity space, and even to take steps to achieve it, but intellectually at least, companies know that to win the talent war in this ever-more-competitive market for tech expertise, they need to look for new faces in new places. They may even agree with the view that more diversity contributes to more creativity and innovation.

But, even with the best of intentions, making true diversity and inclusion a reality is rife with challenges and pitfalls. We know this by the results: despite the many efforts to hire and retain diverse talent, so many still fall through the cracks and leave early, or are missed entirely in the hiring process.

Only 9% of CIOs are women, and higher-profile, higher-paying jobs throughout tech organizations have similar underrepresentation. So it’s unfortunate but not surprising that half of all women leave tech jobs early, twice the rate of men. Ethnic minorities, LGBTQ and intersectional people are neither hired, promoted nor retained at the same degree as the majority.

One way to break the logjam on this issue today, ironically, might be to take a longer view.

Companies that want to do more than pay lip service to the goal of diversity would do well to consider the entire lifecycle of a diverse hire, and what happens before, during and long after they sign on to your organization. There are four stages to this lifecycle, which also represent four potential points of failure, where unconscious bias is often “baked into” the process, stymying even the most sincere efforts.

By focusing on each stage individually, shoring up its deficiencies, and rooting out the inherent unconscious bias, we can build a stronger, leak-proof talent pipeline, and a more supportive environment where diverse hires can

Stages of the Talent Lifecycle


The efforts to create an inclusive culture must begin in the recruitment process.  Virtually all elements of recruiting in tech, from the way job postings are written, to how jobs are advertised are tainted with unconscious bias, but there is very little screening or training to guard against this or root it out.

According to a recent report by McKinsey and, “Fewer than one in four companies uses tools to reduce bias when reviewing résumés, even though reviewers often fail to give equal consideration to women, people of color, and other underrepresented groups.”

The study found, among other things, that only 19% of companies require unconscious bias training for employees involved in hiring. A mere 4% require training for employees involved in performance reviews. And fewer than 30% remind employees to take steps to avoid bias at the outset of both processes.

University of North Carolina at Chapel Hill Executive Development notes: “Unconscious bias can skew talent and performance reviews. It also affects who gets hired, promoted, and developed—and this unwittingly undermines an organization’s culture.”  It is critical that companies take concrete steps to counter it.

``Fewer than one in four companies uses tools to reduce bias when reviewing résumés, even though reviewers often fail to give equal consideration to women, people of color, and other underrepresented groups.” - McKinsey &

Where’s the Talent?

One common defense leveled by those responsible for hiring at tech companies, including cybersecurity, is that the diverse candidates “just aren’t there.”  But this all depends on what one’s definition of “there” is, according to Elaine Marino, CEO of Equili and Founder of the LadyCoders Conference.

“Most blame the pipeline for the lack of diversity in tech,” says Marino.  “My question to them is, have you attended Women Who Code, Girl Develop It, Grace Hopper, Hackbright Academy? Or mentored at Hack The Hood, Black Girls Code, Latinas in STEM, Qeyno Labs? My first response when I hear there are no diverse candidates is to encourage people to meet candidates where they are, mentor, teach, or even just attend and listen. Diverse candidates are not going to be where the majority congregates. You have to go to them. “

For women and other groups who are underrepresented in cybersecurity, a barrier to entry can also be the accessibility of training and cost of getting certified.

“Another way companies can enhance recruiting and onboarding of new talent is eliminating the obstacles at the entrance,” according to Carmen Marsh, CEO of Inteligenca. Inteligenca developed a training program called “100 Women in 100 Days” to train and certify women in the top four cybersecurity certifications at no cost. To overcome the obstacle of new cybersecurity professionals of finding entry-level positions, they also help graduates find an internship with the local companies who are willing to train on the job.


Once you’ve recruited your new diverse hires, the next critical stage in the lifecycle of a diverse hire where innovative approaches are needed is onboarding. How do you bring these people into the organization in a way that makes them feel that they are valued and that they belong, and aren’t just a token gesture?

First, put the emphasis on including them, rather than making them productive and profitable from day one. This may mean slowing down at first, rather than ramping up. The bias towards new hires who can “hit the ground running” has been entrenched in corporate culture and language for years. This may result in having more diverse hires running in the wrong direction — out the door — if they’ve had a negative or less-than-inclusive experience during onboarding.

Let them know that the company is committed to diversity and inclusion, early during the orientation/onboarding process. Loop them in on the company or team’s big picture strategy so they can feel a part of it from the beginning, and give them the lowdown on how the team communicates (Slack? Email? Walking into the supervisor’s office?). Most of all, listen and get feedback… and make sure the entire team is “with the program” when it comes to inclusivity. An established clique, operating out of mere habit, can unwittingly undo all of management’s best efforts.


Studies show that leadership opportunities and leadership development training are simply not as accessible to underrepresented groups as it is to the dominant majority in tech. Again, this is often unintentional, but the results are the same.

One reason this happens is that women end up doing more of the “housework” in the company than men — the less glamorous behind-the-scenes work like taking notes or minutes at meetings —  which does not showcase their unique talents or set them up for being noticed or promoted. In a national study surveying 3000 engineers, female engineers of color were 35% less likely than white men to report having equal access to desirable assignments; white women were 20% less likely.  Because women are so busy and so invisible doing these thankless jobs and become identified with low-level activities, they’re not considered or selected when leadership training is available, or when a key job becomes vacant. The guy who knocked it out of the park on the glamour assignment is the only obvious choice. One idea to combat this is to rotate the “housework” jobs among members of the team so no one is “stuck” with them and everyone gets a chance to shine.

Performance management is a significant part of most companies’ professional development, and it is an area where management attention to unconscious bias is critical.  Kieran Synder showed that there is an “abrasiveness bias” in tech and it hurts women disproportionately when it comes to performance reviews.  “Men are given constructive suggestions. Women are given constructive suggestions – and told to pipe down,” she writes, as their assertiveness in teams is interpreted much more negatively than the same characteristic is with men.  Of the critical performance reviews in her study, men received negative personality criticism in 2 out of 83 reviews. For women, that form of criticism was found in 71 of 94 reviews.

Change is not only needed in the unconscious bias in management.  Development is another area where huge payoff is possible by helping tech professionals be clear about their contributions and abilities at work.  Performance attribution bias is a fancy way saying that credit is not given where credit is due, and it comes not only from others but from oneself.  This brings up the need to coach individuals on the finer points of self-advocacy

Claudia Schabel of Schabel Solutions noted that it is often difficult for women, in particular, to advocate for oneself.  “It is helpful for organizations to counter this with an organizational culture that promotes peer-advocacy and for recognition to be consciously given, so it is publicly acknowledged.”  Schabel continued, “It is not uncommon in meetings to observe men receiving credit for ideas that originated with female peers, and this can be gracefully handled when a colleague verbally notes, “Yes, that is building off the idea that so-and-so offered moments ago.”   

The point of this is that when we create space where all contributions are heard and acknowledged, it is more likely that more people will make contributions.  Schabel elaborated: “Rectifying gender imbalance by removing structural barriers to women’s professional development and progress is critical to businesses growth.”

To the right are a few points of potential obstacles and suggested solutions that Schabel Solutions offered: Download Here

There’s a sense of disconnect, disappointment, and even betrayal when candidates who have been attracted and onboarded in a way that makes them feel included and valued, then discover that the workplace culture itself has not gotten with the program.


If an organization and its leaders do what they can to eradicate both known and unconscious bias in each of the first three stages of the lifecycle, better retention is the logical result. You’ve found, brought in and trained these candidates with as much inclusivity and sensitivity as you can. But what if hiring managers and HR do everything right, and yet they still fail to retain women and minorities?  Why do these people still leave?

The Role of Culture

Sometimes despite the best intentions and actions on the part of managers, the organizational culture is just not yet up to speed with newer, more inclusive hiring practices. There’s a sense of disconnect, disappointment, and even betrayal when candidates who have been attracted and onboarded in a way that makes them feel included and valued, then discover that the workplace culture itself has not gotten with the program.

Small, seemingly innocuous missteps can foment a lot of resentment because of what they represent. Elaine says, “When I was a developer, I would attend a tech conference and come home with a bag of large men’s t-shirts, which I promptly doled out to my boyfriend and brother. In the first year it’s sort of funny, and even the second year you may not mind, by year five, year 10, year 15… the question becomes, why is there still nothing here for me? Companies need to take a holistic approach to how they treat underrepresented groups at their organizations and make sure they aren’t unintentionally sending signals that ‘you do not belong.’ “

The Good News

If we can bake in bias, we can bake in inclusivity – it just takes intention to do it differently.  It requires installing a new set of habits at every stage of the talent lifecycle, Recruitment, Onboarding, Development, and Retention. It means giving everyone, not just HR, the memo — and the responsibility — of supporting the company’s inclusivity mission.

The good news is, that with time, the new “unconscious bias” will be toward diversity and inclusion in cybersecurity and other tech industries, rather than away from it. How will we know the shift has happened? We’ll see it in the faces of our new hires…especially the women and minorities who are still with us years later.

Want to Hear More?  Join our Monday morning seminar at RSA® Conference, March 4, 2019

Why W Risk Group is Focusing on Gender Equity and Culture in Tech

When I got out of grad school with my Master’s in Computer Science, women made up 34% of the computing workforce. Today that number is as low as 18% by some reports. The pipeline of women coming into tech and computing seems to be improving, but we have a major leak at the end of that pipeline: women are leaving computing in mid-career. This has disastrous consequences for all of us.

My company is committed to changing the downward trend of women leaving tech in the next 20 years. That’s why we made our leadership development program, MOJO Maker for Women in Tech, based on resilience.

It all comes down to #Diversity #Equity and #Inclusion

But resilient leadership isn’t enough. The tech industry culture has been tough on women and under-represented groups of every kind and this has been reflected in their demographics. We can’t have the conversation about professional resilience without also having the conversation about culture and talent. And that all comes down to a conversation about diversity, equity, and inclusion.

I invite you to join us at the RSA Conference on March 4th, 2018 at the Talent Seminar (session SEM-M06 on the conference scheduler) to learn what your company can do to make a difference – in your culture, the lives of your workforce, your product and to make a positive contribution and impact for your customers. We’re grateful to professionals like Elaine Marino (CEO Equili & Founder LadyCoders), Carmen Marsh (CEO, Inteligenca) and Claudia Schabel (President, Schabel Solutions) for sharing their insight and expertise with us, in this article and in the Monday morning seminar.


This series is the collaborative work of  Karen Worstell, CEO of W Risk Group and founder of MOJO Maker for Women in Tech and Elaine Marino, CEO of Equili and founder of LadyCoders.  We’re using our combined decades of experience as women leaders in Tech to bring you actionable, executive level strategies that you can use to build, develop, and retain your talent in an intentional way that contributes directly to your bottom line AND advances your company capacity for innovation and increase productivity. That’s what our initiative “Solving the CyberSecurity Talent Crisis” for RSA® Conference 2019 is all about.  Follow us online, and let us hear from you! Learn more at or engage with us on Twitter at @karenworstell.

Find more information about the RSA® Conference 2019 or to share the shorter blog published by RSAC click here

Get the Talent Track Articles Delivered to You

Let us send the Talent Track Updates to you automatically as they are published (about one a month).

Thanks!  We will send you a confirmation email that ensures we have the right email recorded.