Lack of Black cyber execs is hampering job retention, experts say
The lack of visible Black cybersecurity leaders is making it difficult for Black employees to see a future in the industry, according to job recruiters, hiring managers and industry veterans.
The big picture: Cybersecurity companies and leaders have spent years trying to recruit more Black talent to the industry — prompting investments in partnerships with historically Black colleges and universities and community colleges.
- But some employees and hiring managers told Axios that the industry is still behind in creating a workplace that ensures those new hires stay in the field long term.
What they're saying: "A Black person in tech more than likely is going to have some type of individual, intersectional identity that [their] organization cannot even speak to being able to support or nurture because it's not visible," Safi Mojidi, founder of Hacking the Workforce, told Axios.
- "The onus is put back on us as cybersecurity leaders to either create a change by creating our own organizations — or really choosing to step into an organization and try to be the change that you want to see," he said.
By the numbers: Only 6.8% of chief information security officers identified as Black or African American in 2021, according to recruiting site Zippia.
- Black CISOs also make less money, with an average salary of $138,500 in 2021. Compare that to the average of $143,000 among white CISOs and nearly $159,000 for Asian CISOs.
- Meanwhile, Black talent makes up 15% of the overall cybersecurity workforce, according to a McKinsey report released this month.
Why it matters: Without a diverse executive suite, cybersecurity companies' diversity and inclusion promises feel empty to Black job candidates, experts argue.
- Having Black leaders shows candidates that the organization is open to promoting Black hires and has an internal culture that welcomes diverse backgrounds, Mojidi said.
Details: Pariss Chandler, CEO of job board Black Tech Pipeline, told Axios that within the first 90 days of their jobs, some new hires say they've already faced racial microaggressions, as well as an undue burden to teach their white colleagues about Black culture.
- At the 90-day mark, Chandler checks in with new hires she helped recruit to learn about their experience in the company. During these calls, Chandler has never heard about extreme cases of outright racism. Usually, it's just "small to mid types of conversations."
- Many of these smaller cases happen in company Slack channels where diversity and inclusion teams start conversations "around being underrepresented," Chandler said.
- "That's uncomfortable for that one Black person who works there," she said. "It feels like there's a spotlight on you."
Between the lines: It's still tough to get Black cybersecurity workers to take leadership roles because of the unique challenges that come with those positions.
- The CISO job is already a high-stress role, and the position is usually a scapegoat during major cybersecurity incidents, meaning fewer people even want the job to begin with, said O'Shea Bowens, founder and CEO of Null Hat Security.
Yes, but: There have been some improvements in the last couple of years to recruit, retain and promote Black workers.
- The country's acting national cybersecurity director, Kemba Walden, is a Black woman. The office also recently brought in Camille Stewart Gloster, co-founder of the #ShareTheMicinCyber initiative, to run its cyber workforce and supply chain security programs.
The bottom line: Employers need to ensure they're thinking about new Black hires' entire journey — not just about getting them in the door.
Sign up for Axios’ cybersecurity newsletter Codebook here.