Hiring a diverse range of infosec employees benefits hospitals in ways not often discussed. In addition to employment equality, for instance, cybersecurity teams comprised of people with varying backgrounds is one key to both fighting enemies and taking care of patients.
“In cybersecurity, I always take the view that our adversaries don’t fit into one demographic, therefore, why should we?” asked Mischel Kwon, CEO of MKACyber, a managed security operations services firm, and former deputy CISO for the U.S. Department of Justice. She also founded the Cyber Diversity Foundation to support diversity and inclusion in the field of cybersecurity.
If one examines how organizations secure their systems, they look at weaknesses in the systems and how the systems might be attacked, the threat model around the entity.
“When security professionals have a broader lens through which to look at security, we’ll be able to provide better answers and support in protecting our systems,” Kwon said.
As a business discipline, cybersecurity requires perpetual innovation. Innovation is inherently risky. The opportunities for making expensive mistakes are quite high.
“To reduce this risk, we need to engage the perspectives of diverse people with diverse backgrounds, education, and opinions,” said Mansur Hasib, program chair, cybersecurity technology, at The Graduate School at University of Maryland University College, and author of the book “Cybersecurity Leadership.” “Such diversity in hiring cybersecurity professionals will naturally result in better gender and racial balance as well. If you are going to build a winning baseball team, you cannot fill the team with only pitchers or catchers.”
And diversity in hiring cybersecurity professionals, including the CISO, is just as important in healthcare for these same reasons, and others.
“When you boil it down, the mission of a healthcare entity is to support our communities, and our communities are diverse,” Kwon said. “From a healthcare perspective, this requires empathy and understanding about customer service and patient care, in addition to understanding cybersecurity.”
In order to embrace this notion and work within it, a healthcare organization needs a workforce that truly understands diversity.
Kwon added that it would be great to get to a place where healthcare organizations and executives don’t have to think about “diversity,” meaning they don’t think about it as different and it’s not something they have to try so hard at.
“We have to remember that we are human beings and we do have unconscious bias and need to be able to look that in the face and say, ‘I might not be looking at this in the right way,’” she said. “Looking at it in a broader way, in a different way, will help my position, my role and ultimately help to provide for patients better.”