Everywhere we look today, in our country and our industry, there seems to be a prevalent divisiveness. We are the snake eating itself, cannibalistic and harmful. We fight over the inclusion, and value, of women or LGBT, proper human behavior, the credibility of certifications and the lack of quality of new people to the industry. How can we succeed in our mission, to those organizations that we try to protect if we continue down this path? We certainly don't have to agree on everything, but we should be attempting to identify those clear principles that define us as an industry.
This article was submitted as a CFP to GrrCon 2018. It was not accepted, but as I have done with previous attempts, I give it to the community.
That is a big, ugly subject that will be difficult, if not impossible, to fix. Thankfully, I am not here for that. I am only here to provide my story and my experiences. With a tip of the hat to @cybersecstu for the inspiration and motivation to think about origins, and all the women in Infosec that champion the cause of diversity and inclusion.
I am either 2nd generation off the boat from Ireland. My father's father, born in the late 1800s, was adopted in Boston. My father, born in 1949, grew up in abject poverty in northern Michigan. They had a house and that's about it. I was born in the blizzard of 1978. I have tasted the sweet, sweet nectar of government cheese. Here I am.
Why does this matter? Why was this considered a CFP for GrrCon?
Because we all matter.
Our histories, our parents, our unique experiences. They all matter.
I am a know-nothing, broke down cable/phone guy. I am the son of a carpenter. I occasionally, and probably poorly, write poetry. I have a book collection 300+ strong. I get emotional at weird things. Within a generation, I am descended from an actual immigrant. My daughter is a member of the first people whose historical grounds include this exact spot (southwest Michigan).
I am a college dropout. I don't have a long history of 133t haxoring. Exactly 11 years ago I was in landscaping, building rock walls.
Why does this matter? Because - why does any of it matter!
It doesn't. None of it matters. It's all about what we do from here, right now.
(You thought I was going to go all nihilistic right there, didn't you?)
Why do I care, and why am I speaking so passionately about it? I deal with discrimination daily. We all do, whether we realize it or not. I can be as guilty as anyone else in being discriminatory, and I know it. But I know it and try to change it.
In your organization, how do you intentionally or unintentionally discriminate? Does everyone have a seat at the table, or is it full of white males?
Do your job descriptions include obscene requirements? Do the managers make all of them the minimum to get an interview? Do you actually get to see all the raw resumes, or are they filtered by your Applicant Tracking System?
Does anyone remember "garbage in, garbage out"? That is not to say anyone is garbage! It is only to highlight if we, as an industry, do not change how we go about things, we are never going to get different results. Without new and different perspectives, we are bound to stagnate and fail.
There is an old adage that variety is the spice of life. If true, which it most certainly is, why do we continue to look for the same bullshit?
I am the IT Manager at XYZ, a tribal gaming entity, and I have a few insights I would like to share.
- Out of the many interviews that I have done as a manager, the women candidates far outshone their male counterparts. Every one of them.
- Varied backgrounds make for more complete, and complimentary environments.
- People have unexpected talents if you bother to look for them.
- Micromanagement, like fear, is the mind killer. Free your people to be themselves.
So, at XYZ, here are the demographics of my team:
- 16% of my total staff are women
- 36% are minority or women
- 64% white male
The demographics of XYZ are completely different, illustrating the fact that there is a problem getting people into tech that are not white males.
My most talented Administrator is gay. He is absolutely brilliant, and I would put him up against nearly any person who manages a network.
My most dependable tech is a church mouse, barely says a word. But he will take any problem that I give him and find a way to fix it.
A future DBA was originally hired to work on hardware - printers.
A tech came in and wanted to originally focus on customer service. She is amazing at Health IT.
That is my band of misfits. They all have flaws. They all have talents. And I count myself lucky that they work for me.
I am not going to touch the entire certification credibility issue, but how many people have applied to jobs and been filtered out because they didn't have one? I have been in tech 20 years, have published, and currently presenting here, and I still can't get to an actual interview. That is happening to other people and is a stark indication of the problem.
If the Information Security industry is facing such a shortage of labor, why are we shooting ourselves in the foot? People can be trained and processes can be learned. Are we setting the bar to entry artificially high? What is driving it?
All businesses are not alike, and neither are security environments.
Let us forget about what we think we know and come to a new realization. Everyone can contribute to the cause. We all have different perspectives and ideas. Let us embrace the diversity!
So, here I am, a red-bearded white male, and I am not going to beg for change. I am going to be the change that I want to see in this industry. I am going to fight for that change, and I am going to support others that want to join that fight.
That is my promise to all of you here. I am going to do more, be better, in promoting and assisting in making change happen.
Together, we are the change.
Main Image Credit : The awesome piece of artwork used to head this article is called 'New York' and it was created by graphic designer Matt Chase.