Jump to Content
Security & Identity

Why diversity is a cybersecurity imperative for GCAT

December 7, 2022
M.K. Palmore

Director, Office of the CISO, Google Cloud

Hear monthly from our Cloud CISO in your inbox

Get the latest on security from Cloud CISO Phil Venables.

Subscribe

Our quarterly Security Talks series brings together experts from Google Cloud security teams and the industry to share information on our latest security products, innovations and best practices. Below is the keynote address for our Security Talks on Dec. 7, 2022, presented by MK Palmore, director, Office of the CISO at Google Cloud.

Diverse threats call for diverse teams, which is why one of the goals of the Google Cybersecurity Action Team (GCAT) is to foster a more diverse, equitable and inclusive cybersecurity workforce.

GCAT debuted in October 2021 as an effort to bring world class security, compliance, privacy, and engineering expertise to our customer interactions, creating a premier security advisory team within Google Cloud that supports the digital transformation efforts of our customers. GCAT’s clear and persistent focus is on the importance of cybersecurity in everything that we do. 

Building GCAT was an opportunity to combine existing talent and expertise across a number of domains at Google Cloud that we felt were important for the customer journey. By its nature, GCAT creates cross-team collaboration across the broad spectrum of security fields, including Compliance, Trust, Solutions, and Site Reliability Engineering. The core of the team brings together leadership and expertise across security, customer and solutions engineering, compliance, privacy, and trust. It's an impressive team of experts who are helping our customers achieve their desired cybersecurity outcomes.

While the global cybersecurity workforce added 464,000 jobs over the past year, there is still a global cybersecurity employment gap of more than 3.4 million positions, according to research published by security industry nonprofit ISC2.  Yet while seats go unfilled, cybersecurity has been identified as the top area of concern for enterprise risk across the globe. The importance of securing our digital assets and infrastructure has never been more vital.  

Tackling the challenge of the talent pool requires three initiatives to happen broadly across the industry:

  1. Hiring managers have to widen the lens they use to identify talent.

  2. We have to do a better job at describing the skills necessary for success in written job descriptions.

  3. We have to do a better job at understanding that each new hire may still require continuous training and development to be a fully functioning and valuable member of an overall team.   

Why does diversity in hiring matter?

Cybersecurity is a team sport, and our response to adversarial behavior should be all-encompassing. We have to avail ourselves of the best solutions possible to achieve our desired outcome of protecting business enterprise and consumers. The cybersecurity field is in need of new, fresh perspectives to meet our greatest challenges. Crucially, the stakeholders and benefactors of these changes are increasingly those within diverse communities, so we must do a better job at including these communities in building the solutions that will help us all be safer.

Some steps we’ve taken internally include the creation of a Diversity, Equity, and Inclusion council that is focused on the three pillars of hiring and representation, culture and inclusion, and progression and retention.  We understand that there needs to be heavy investment to help impact the organization across the recruiting cycle, the hiring process, and the development initiatives associated with employee growth. This is no small undertaking and is only part of the commitment we have to this overall challenge.

We also support efforts to develop cybersecurity training specific to new entrants into the field.  We recognize the value in training, and are supporting our own internal efforts to produce and develop training while also financially supporting initiatives by nonprofits in this space, to bring cybersecurity focused training to a more diverse community.

The need to make our security teams as diverse and inclusive as possible has become an imperative for cybersecurity teams all over the world. We are proud of our emphasis on this internally and in the coming year hope to share some projects we believe will make a difference in this realm. We stand ready to innovate and help change the cybersecurity industry and we are going to accomplish this with the most inclusive and diverse teams we can assemble to help bring change to our industry.  

Ultimately, creating more diverse teams is critical to our overall success.

You can watch MK Palmore’s Security Talks keynote here.

Posted in