One way to counter common -- and expensive -- cybersecurity issues like ransomware attacks is hiring people who...
think differently, according to Tarah Wheeler, information security researcher and founder of Red Queen Technologies. When hiring information security professionals, organizations would be well-served by recruiting a diverse set of talent, Wheeler advised.
"As ransomware becomes this problem and calls attention to the larger nature of the problems in cybersecurity, what we see is that people who think, look and act differently than we do come up with solutions we never saw before," she said during her keynote address at the 2017 ISSA International Conference in San Diego. Wheeler spoke with SearchCIO at the ISSA Conference to further discuss the benefits of embracing diversity in cybersecurity and why it's important to empower people who think outside the box.
Editor's note: The following interview has been edited for clarity and length.
Why is it important to embrace diversity in cybersecurity?
Tarah Wheeler: When people think differently, they see the problem space differently. People that come up with brilliant solutions have to do it because they're the first person to think of something. Or, and more likely, they're the first person to think of something and have the power to do anything about it. What we need to say to ourselves is not just, "Are we finding people that think differently," but, "Are we empowering them to make noise when they find a problem and a solution to that problem?"
Someone who is a different color than I am, a different gender than I am, are going to think differently because they're a human being. But the distance between how I think and they do is created, in our society, by how they've had different experiences than me.
A great professor of mine, back in my undergrad days, once said to me, "We're not using the fact that you're a woman to give you this scholarship. We're using the fact that we think it's likely, probabilistically likely, that because you're a woman you experienced some problems some of our male candidates didn't have, that we want to try to level the playing field a little bit." And I thought that was a great way to think about it. You're using the fact that I look differently than you to predict, not determine, that I probably had some different experiences in our society.
Dig Deeper on Risk management and compliance
Related Q&A from Mekhala Roy
With attackers looking to maximize their ROI, they are employing what is called a phishing kit to run scam campaigns. In this Ask the Expert, learn ... Continue Reading
For a cybersecurity program to be effective, CISOs must be viewed as business enablers. Kudelski Security's John Hellickson offers tips on how CISOs ... Continue Reading
Regulations like the GDPR promise to enforce stricter data protection rules. While a data loss prevention program can help, it requires end-user ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.