Much as the Human Element has influenced the curriculum and content you will see at RSA Conference 2020, (ISC)2 Security Congress also has an entire track dedicated to the Human Factor. The topics on this track range from diversity and inclusion to hiring and retaining talent.
One of the featured sessions on this first day of Congress was a panel of four women discussing Diversity, Equity and Inclusion: How to Create a Winning Security Company Culture. Moderator Ericka Chickowski, Executive Editor, Digirupt.io, started off the conversation asking panelists to define the difference between diversity and inclusion. “Inclusion is inviting a path, creating an environment where there is the opportunity to have lots of people that are not all the same,” said Manju Mude, Security Director, Verizon Media.
According to Jennifer Steffens, CEO at IOActive, diversity is hugely important when trying to solve complex problems in security. In answering the question of why diversity matters, Steffens said it “brings together disparate people who have diversity of thought, different perspectives, different ways of problem solving rather than just a like-minded group in which nobody challenges each other.”
Jennifer Minella, VP of Engineering & Security at Carolina Advanced Digital, Inc., took that point a step further, suggesting that diversity for diversity’s sake is a fruitless endeavor. Instead, she has actively searched for examples of where diversity has proven beneficial. “I am more of a data person,” she said, before offering an anecdotal example of gender-based differences in processing information presented in the book Moonwalking with Einstein.
Gender is only one part of diversity, which is why inclusion also needs to be part of the discussion. An inclusive culture in which leaders not only know the names of their employees but actually know them as individuals is a point Gordon Rudd, Third Party Risk Officer at Venminder, also talked about in his session, Creating Scalable, Sustainable Cybersecurity for Any-Sized Corporation.
“Waving at somebody in the hallway does not engender trust. Humans in general don’t really want to be intimate with the people they work with,” Rudd said.
A critical component of creating a security program is training and cross-training. “If you’re not training, you’re not going to win. Humans are kind of funny, they want to go on vacation. Primary on vacation, secondary out sick, and you have a situation. Make sure you have redundancy with your human factors,” Rudd said.
For Holly Hoffman, Senior Facilitator, Disney Institute, who delivered the lunchtime keynote today, organizations need to be intentional and strategic if they want to differentiate themselves not only for their customers but for their employees as well. For organizations that are recruiting, they need to be looking for the right people, but searching for candidates on skills alone is “fatally flawed,” Hoffman said. Instead, it’s important to be thinking deliberately about the words you are choosing because language is powerful. Being intentional with the words you choose in the job description is important but it’s also necessary to look at the whole person.
In large part, Hoffman focused on the theme of inclusion and how to build a culture of excellence. Hoffman’s passion for people reverberated through every word as she recounted the history of Walt Disney and his attention to detail. Part of how the Disney Institute works to carry out the Disney legacy is continuing to carry out that attention to detail. “Some people may never notice, but others will, and that is what makes all the difference,” said Hoffman, reminding attendees that “Exceptional service is architected from systems and processes that you control.”
Just as the RSAC theme of the Human Element is applicable across so many tracks and topics, the Human Factor track at (ISC)2 Security Congress emphasized the importance of human relationships and how creating a culture that is rooted in values will foster professional growth and enhance the overall security of the organization.