In an industry where 10-15% of staff are women, the InfoSec team at Akamai–a cybersecurity, content-delivery network and cloud-service provider–is now 40% women. Driving that change–from 28% two years ago–took only a few, simple practices that might work in many other organizations. We drove those changes in partnership between the talent-acquisition team and the hiring managers; they could have been driven from either side of the organization. Hiring isn’t the only area that needs attention, of course; career development and an inclusive work environment are critical to retaining the staff you attract. But if you don’t attract them in the first place, that’s a challenge.
Engaging the hiring managers, with support from upper management, is critical. They’re the front line, and the ones who have the most visibility into problems, and the ability to change. Start them with a simple question: “What does your hiring pipeline look like?” There’s a good chance that many managers haven’t looked in depth at the demographics of their recruiting pipeline, from application through screening through interviews. This gives you an opportunity to identify where bias or discrimination exists in the recruiting process, but, just as importantly, it can get those managers on board in understanding if the challenges exist before the recruiting process starts. When we did this for our team, it was pretty clear that our bigger challenge was in the pipeline; we were hiring women at the same rate they applied, but they weren’t applying at the rate we wanted.
So, we needed to source our applicants from a wider population than we had been approaching. We experimented with a number of different steps to do so, and all of them had some success. Our clear goal was to hire great people, who would both fit into and help improve our team’s culture and capabilities, but to have a demographic a bit more reflective of the wider population. We recognized that, in many ways, recruiters have to passively accept the candidates that apply. So, our task became more subtle: How do we get a wider variety of people to apply? Better marketing seemed like an answer, and our core marketing artifact was the job description.
Improving the job descriptions was both easier, and harder, than you might expect. One step was to reduce the number of required qualifications on positions; there is an increasing set of evidence that unnecessary qualifications correlate with fewer women applying for a position. Some of those can’t just easily be eliminated (for instance, degree requirements), because they are tied to criteria for visa eligibility for certain job families. But the language in the job descriptions can also be challenging, so some of our managers experimented with looking for subtle, gender-coded language to alter.
Another area we addressed was looking outside the security industry. A challenge that many security teams have is that, when they’re small, they have to hire people who can do anything and everything. For a three- or five-person team, that makes sense–you absolutely need an architect who can engage deeply about distributed-systems design with principal engineers, then pivot to program manage across multiple engineering leaders a safety initiative, and then walk into a customer executive meeting and manage a team on the side. But as a team grows, that breadth and depth isn’t necessary across the board (although it can be a career aspiration). What was interesting to realize is that, often, the needed depth in a position isn’t in a traditional “security” skill.
Our InfoSec team, like many, has positions that look more like “librarian” or “journalist.” Rather than hiring deep security experts, and trying to teach them those skills, we’ve hired actual librarians and journalists. Those are shrinking career fields, so there are skilled professionals available. Targeting those folks, directly and indirectly, has given us access to new populations; and some of those career fields have very different demographics from the security norms.
We wanted to be more active. One step was to open up our pipeline into new environments. We could take advantage of the Akamai Technical Academy program, which generally produces more candidates who are women, minorities and veterans. The ATA candidates also tend to bring in new and fresh perspectives from other career areas, which only made the team stronger.
These ideas are all about the hiring pipeline, but that isn’t the only area to work on! Building an inclusive culture to improve retention, developing your existing staff and having a flexible and accommodating environment are all important areas to pay attention to.
But our team made it past 40%. And that’s great progress.
Andy Ellis is chief security officer at Akamai.