CEO DailyCFO DailyBroadsheetData SheetTerm Sheet

The cybersecurity risk no one saw coming

October 1, 2021, 7:17 PM UTC

Truth and reconciliation takes front and center, and why your noble quest to hire more Black women will backfire. Plus, a bonus track from our colleague Jonathan Vanian: Why cybersecurity is a diversity imperative.

But first, here’s your National Day for Truth and Reconciliation week in review, in Haiku.

I wave my Orange
Shirt toward a cloudless sky. Will
you hear my story?

I wave my Orange 
Shirt toward your Majesty’s Crown.
What is your duty?

I wave my Orange 
Shirt toward the dusty ground. Where
are secrets buried?

I see your Orange
Shirt waving in the distance.
Am I not alone?

See my Orange Shirt.
Hear our collective voices.
What will you do now?

Wishing you a peaceful weekend.

Ellen McGirt
@ellmcgirt
Ellen.McGirt@fortune.com

In brief

Corporate cybersecurity strategies and diversity initiatives are more interlinked than some executives may think.

Consider the fact that many hacks occur when an unwitting person clicks on a bogus link cloaked inside a so-called phishing email. Similar to how marketers attempt to understand the psychological reasons why people may click on certain links in a newsletter, hackers are also becoming experts at analyzing human behavior. Because fraudsters are trying to trick people into clicking on malicious links, it makes sense that they may study the behavioral patterns of their victims in order to craft the perfect, personalized scam email.

But not everyone behaves the same way online.

Hispanics in the U.S., for instance, tend to use Facebook’s WhatsApp messaging service more so than other similar apps, previous research has shown, and those Latinx communities have been recently subject to specific disinformation campaigns tailored to their culture.

This is why having people of color on a corporate cybersecurity team can be so important, says Camille Stewart, the global head of product security strategy at Google and a Harvard University cyber fellow.

“Understanding cultural nuance and how a technology service shows up differently based on your background will allow you to anticipate whatever the threat is,” Stewart says.

Stewart worked on a recently released report published by the Aspen Tech Policy Hub about the dismal state of diversity in cybersecurity. Like other sectors in technology including artificial intelligence, people of color are not represented in the cybersecurity industry in proportion to the overall U.S. population, the report detailed, with 9% of cybersecurity professionals identifying as Black, 4% as Hispanic, and 8% as Asian.

“The field remains remarkably homogeneous, both among technical practitioners and policy thinkers, and there are few model programs or initiatives that have demonstrated real progress in building diverse and inclusive teams,” the report said.

For companies and government agencies to ensure that they are staying ahead of hackers, they need people from diverse backgrounds to help inform their security policies. As Stewart says, cybersecurity is a “human-centered problem” that is “technology-enabled,” meaning that while technology plays a major role, quality cybersecurity experts can also be strong in non-techie areas like psychology and the law.

Companies that only seek cybersecurity job candidates from prestigious universities with notable computer science programs are missing out on myriad applicants who can help with a variety of important security roles, including training the workforce to know how to spot personally crafted phishing scams.

“This is a space where all of those outdated paradigms of you should have done these things and check these boxes or have these backgrounds and have these skill sets are limiting, at best, and detrimental, realistically,” Stewart says.

The report “delves a little bit into pushing back on the some of the traditional routes for recruiting people in cybersecurity,” which can be very network-based, says Meha Ahluwalia, an Aspen Tech Policy Hub project manager and one of the report’s authors.

It also “pushes back” on the “certification-heaviness of the field,” because many of these cybersecurity certifications can be expensive, a barrier to many people of color who come from impoverished backgrounds, she says. The report’s panel experts were “mixed on whether those are effective gauges of someone's ability to do a cybersecurity job or really just their ability to get that certification,” Ahluwalia says.

Ultimately, if companies are going to make cybersecurity a priority, they should focus on their hiring practices.

“It is proven that diverse teams bring better and more innovative outcomes,” says Stewart. “Whatever they are trying to secure, whether it is internal technologies or a user-facing technology, understanding the way that it shows up in the lives of your users is going to help you secure it.”

Jonathan Vanian 
@JonathanVanian
jonathan.vanian@fortune.com

On point

September 30 is Orange Shirt Day, which has become an annual day to remember the century-long harm caused by the forced removal of Indigenous children from their families into what was known as the Canadian Residential School system. It is now considered a form of cultural genocide. The schools were designed to be engines of assimilation and were initially developed in partnership with Christian churches. The conditions were often horrific, disease and abuse was rampant, and mass graves are still being uncovered. (There was, of course, a U.S. counterpart to this, as well.) It was named for the favorite orange shirt that residential school survivor Phyllis Webstad was forced to give up at six years old when she entered the system. Webstad is from the Stswecem'c Xgat'tem First Nation; the author and activist has seen the movement for reconciliation grow into an official national holiday and focus of government inquiry. Oh, and a money-making scam for grifters. Yay, capitalism. Here are more ways to honor the spirit of the movement.
Orange Shirt Day

Why your “ideal candidate” cannot save you S. Mitra Kalita, diversity expert and co-founder and CEO of URL Media, pulls no punches as to why this sudden trend in hiring managers seeking women of color to hire into senior positions (typically just one position) is a problem waiting to explode. The post-George Floyd urgency is real. “There’s a new model for leaders trying to operate with a multicultural lens. You’ve got to have your No. 2 be a Black woman or a woman of color,” says consultant Dee C. Marshall. But absent a real strategy beyond optics, or more pointedly, a clear plan to create a more inclusive culture, what these Black women will be asked to do will likely devolve into performative tokenism that will exhaust them and derail your plans. “You don’t need a diverse hire. You need a diverse culture.” Please read and share.
Time

 

This edition of raceAhead was edited by Wandy Felicita Ortiz.

On Background

How the U.S. stole thousands of Native American children They were taken by missionaries, taken into foster care, ripped from their families. Some were given up by parents who had believed it was the only way to save them. “Saving us from ourselves,” says one woman in this wrenching video. The nineteenth century strategy for assimilating Native children was to strip them off their culture by taking them off the reservation into boarding schools, many of which were known for their abuse and cruelty. The twentieth century evolution of this strategy was to give them to white families. In this episode of Vox’s Missing Chapter series, Native Americans explain how these policies have impacted their communities.
Vox on YouTube

Meet the Tuskegee Airman from the Dominican Republic There are plenty of Afro-Latinx figures who have been lost to history, so many, in fact, that  The Root created a very cool series about them “Mi Gente Afrodescendiente,” or “My People of African Descent.” Esteban Hotesse was the only Dominican member of the Tuskegee Airmen and became one of the organizers of the Freeman Field Mutiny, after a group of pilots of color who entered a white-officers club on a military base in Indiana entered against orders to protest racial segregation in the armed forces.  Orange is the New Black actor Dascha Polanco narrates this short video. 
The Root

Here’s how to fix capitalism and spur innovation Mariana Mazzucato has become known as one of the most influential economists in the world, by focusing her studies on an area of tremendous interest: The economics of innovation and the high tech industry. That expertise gives her capitalism-saving idea a real boost. Her plan? Stop with the austerity and encourage governments to invest. Google was an early beneficiary of an early grant from the National Science Foundation, similar grants provided early boosts to three of Elon Musk companies, including Tesla. (What BIPOC-owned businesses do you know that could benefit from this investment?) Her paper on the subject seems to have touched a nerve. “It wasn’t just early research, it was also applied research, early stage finance, strategic procurement,” she says. “The more I looked, the more I realised: state investment is everywhere.”
Wired UK

Mood board

RaceAhead-Orange Shirt Day
"Hear our collective voices. What will you do now?"— Indigenous musicians perform during an outdoor official ceremony commemorating Orange Shirt Day, and observe the first National Day for Truth and Reconciliation on Thursday, 30 September 2021.
Artur Widak—NurPhoto/Reuters

This is the web version of raceAheadFortune’s daily newsletter on race, culture, and inclusive leadership. To get it delivered daily to your inbox, sign up here.