{"id":91806,"date":"2020-08-31T11:00:30","date_gmt":"2020-08-31T18:00:30","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=91806"},"modified":"2023-05-15T23:06:08","modified_gmt":"2023-05-16T06:06:08","slug":"microsoft-security-cultivate-diverse-cybersecurity-team","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2020\/08\/31\/microsoft-security-cultivate-diverse-cybersecurity-team\/","title":{"rendered":"Microsoft Security: How to cultivate a diverse cybersecurity team"},"content":{"rendered":"
In cybersecurity, whether we are talking about cryptocurrency mining<\/a>, supply chain attacks<\/a>, attacks against IoT,<\/a> or COVID-19-related phishing lures<\/a>, we know that gaining the advantage over our adversaries requires greater diversity of data to improve our threat intelligence. If we are to future proof bias in tech however, our teams must also be as diverse, as the problems we are trying to solve.<\/p>\n Unfortunately, our cybersecurity teams don\u2019t reflect this reality. A 2019 report by (ISC)2<\/sup><\/a> found that less than 25 percent of cybersecurity professionals are women. People of color and women aren\u2019t paid as well as white men and are underrepresented in management. Time and again, studies have found<\/a> that gender-diverse teams make better business decisions<\/a>\u00a073 percent of the time. What\u2019s more, teams that are also diverse in age and geographic location make better decisions 87 percent of the time. With a talent shortfall estimated between 1.5 million<\/a> and 3.5 million<\/a>, we must recruit, train, and retain cyber talent from a wide variety of backgrounds in order to maintain our advantage.<\/p>\n You can see the evidence that diversity drives innovation when you look at artificial intelligence (AI) and machine learning. The AI capabilities built into Microsoft Security solutions are trained on 8 trillion daily threat signals\u00a0from a wide variety of products, services, and feeds from around the globe (see Figure 1). Because the data is diverse, AI and machine learning algorithms can detect threats in milliseconds.<\/p>\n <\/p>\n Figure 1: Trillions of signals from around the globe allow Microsoft Security solutions to rapidly detect and respond to threats. <\/em><\/p>\n Just last year, the World Economic Forum compiled several studies that provide further evidence that diversity sparks innovation.<\/a> Cities with large immigration populations tend to have higher economic performance. Businesses with more diverse management teams have higher revenues. A C-suite with more women is likely to be more profitable. When people with different backgrounds and experiences collaborate, unique ideas can flourish. What\u2019s more, if you want to build technology solutions that are inclusive of everyone, diverse teams help avoid bias and develop features that meet the needs of more people.<\/p>\n So how do you increase the diversity of your team? Expand the pipeline. Invest in your team. And create an inclusive culture.<\/p>\n To recruit the very best people from all backgrounds, start by prioritizing unique perspectives. Machine learning, artificial intelligence, and quantum computing hold promise for addressing cyber threats; however, technology is not enough. Some problems can only be solved by people. You need teams that can anticipate what\u2019s next and respond quickly in high-stress situations.<\/p>\n If everybody on the team has similar skills and backgrounds, you risk group think and a lack of creativity. It\u2019s why diverse teams make better decisions than individuals 87 percent of the time<\/a> (all-male teams only make better decisions than individuals 58 percent of the time).<\/p>\n To attract the diverse talent you need, expand your criteria.<\/a> Look beyond the typical degrees, experience level, and certifications that you typically recruit for. Leverage training programs that help people acquire the technical skills you need. For example, BlackHoodie<\/a> is a reverse engineering program for women. Consider people without college degrees, veterans, and people looking to switch careers. Work with colleges and other groups that represent disadvantaged communities, such as historically black colleges and universities.<\/p>\n Cybersecurity teams around the globe are understaffed, while the amount of work continues to grow. Security operation center (SOC) analysts suffer from alert fatigue because they must monitor thousands of alerts\u2014many of them false positives. Stress levels are high, and individuals work long hours. These work conditions can lead to burnout, which makes people less effective.<\/p>\n Reduce routine tasks with AI, machine learning, and automation<\/strong>. AI, machine learning, and automation can empower your team by reducing the noise, so people can focus on challenging threats that are, frankly, more fun. Azure Sentinel<\/a> is a cloud-native SIEM that uses state of the art, scalable machine learning algorithms to correlate millions of low fidelity anomalies to present a few high-fidelity security incidents to analysts. Our research has shown that customers who use Azure Sentinel achieved a 90 percent reduction in alert fatigue.<\/a><\/p>\n Figure 2: Azure Sentinel makes it easy to collect security data across your entire hybrid organization from devices, to users, to apps, to servers on any cloud.<\/em><\/p>\n Provide growth opportunities and training. <\/strong>The threat landscape changes rapidly requiring security professionals to continuously upgrade their skills. Human beings also need new challenges to stay engaged<\/a>. Provide opportunities for everyone to use creative problem-solving skills. Encourage individuals to learn from each other, such as through an apprenticeship program. Offer regular training for people at all levels of your organization. The Microsoft SOC focuses its training programs on three key areas:<\/p>\n Take care of employees\u2019 mental health<\/strong>. Stress is driving too many people to leave cybersecurity. In fact, stress has motivated 66 percent of IT professionals to look for a new job<\/a>. Fifty-one percent would be willing to take a pay cut for less stress. Late nights and high-pressure incident response take a toll on employees. In these circumstances, it\u2019s important to respect time off. People should be able to enjoy their days off without worrying about work. A collaborative culture that is forgiving of mistakes can also reduce the pressure. Ask your team how they are doing and really listen when they tell you. Their answers may trigger a great idea for alleviating stress.<\/p>\n People go where they are invited, but they stay where they are welcome<\/a>. As you bring new people into your security organization, foster an environment where everybody feels accepted<\/a>. All ideas should be listened to and considered. People who express ideas that challenge old methods can lead to breakthroughs and creativity. Here are a few ideas for making sure everyone feels included:<\/p>\n As we look past the COVID-19 pandemic, we can expect that cybersecurity challenges will continue to evolve. AI, machine learning, and quantum computing will shape our response, but technology will not be enough. We need creative people to build our products, design our security programs, and respond to threats. We need teams that are diverse as the problems we face.<\/p>\n To learn more about Microsoft Security solutions visit our website.<\/a>\u00a0 Bookmark the\u00a0Security blog<\/a>\u00a0to keep up with our expert coverage on security matters. Also, follow us at\u00a0@MSFTSecurity<\/a>\u00a0for the latest news and updates on cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":" A diverse cybersecurity team will help you generate the innovative ideas you need to confront today and tomorrow\u2019s cyber threats. <\/p>\n","protected":false},"author":96,"featured_media":91810,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3659],"topic":[3683,3685],"products":[3726],"threat-intelligence":[],"tags":[3750],"coauthors":[1849],"class_list":["post-91806","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-best-practices","topic-security-management","topic-siem-and-xdr","products-microsoft-sentinel","tag-cryptocurrency-mining"],"yoast_head":"\nDiversity fuels innovation<\/h2>\n
Expand the pipeline<\/h2>\n
Invest in your team<\/h2>\n
\n
Create an inclusive culture<\/h2>\n
\n