Let’s make 2025 cyber’s most diverse year yet

Welcome to the new 183 cyber warriors who joined us last week. Explore our weekly delivery of inspiration, insights, and exclusive interviews from the global BHMEA community of cybersecurity leaders. 

This week we’re focused on…

Diversity in cybersecurity. 

Why? 

Because time and time again, we talk to cybersecurity leaders who highlight the critical importance of diversity in the field. Yet real change remains slow. 

Minority groups in cybersecurity vary from country to country. Recent data from the US Bureau of Statistics, for example, shows that while progress has been made, there’s still only 11% Black representation, 8% Asian representation, and 12.6% Hispanic representation in the US cybersecurity sector. 

And in every country around the world women remain a minority in cybersecurity. Globally, women hold approximately 25% of all cybersecurity jobs. It’s an improvement (up from just 10% in 2013), and research suggests that if we continue on the expected trajectory, women will account for 30% of cybersecurity roles by the end of 2025. 

We believe in the value of a diverse workforce for the future of cyber resilience. So to keep the conversation going, we look to our brilliant Black Hat MEA community to explore what diversity in cyber really means. 

Cybersecurity needs everyone 

When we interviewed Sam Curry (CISO at Zscaler), we asked him what he wishes everyone knew about cybersecurity and he said:

“...there is room for everyone in Cybersecurity. I used to play rugby, and I loved that there was a place on the team for every body type and shape. Cybersecurity is like that: we want everyone and every perspective. It’s not just the right thing, but it is a competitive advantage because we have human adversaries. That means gender, religious, ethnic, neurological and every other form of diversity enriches us, and it’s not just for technical people!”

And that includes neurodiverse talent 

Stuart Seymour (CISO at Virgin Media) urges the cybersecurity sector to pay more attention to the value of neurodiverse security practitioners – who can bring valuable strengths to their work. 

“My neurodiversity (dyslexia) I believe has significantly helped me in my career,” he told us’ “I have been able to see things differently and sometimes arrive at solutions quicker.” 

“This has played out in cyber incident response, where often I just started at the problem backwards and followed a chain of events from back to front. Earlier in my career when reports were handwritten, dyslexia and spelling were an issue – but now we have spell check (a godsend for me), that aspect has alleviated.”

It’s so important that we don’t think of diversity as a check box exercise, and instead increase our understanding of how different ways of thinking, and different life experiences, can enhance security work and cyber resilience. And from this perspective, neurodiversity is a good starting point for conversations about diversity in all its forms. 

“Dyslexia is, for me, about thinking differently or another perspective,” Seymour said; “it should not be seen as a limiter. I really do think that neurodiversity is a massive plus – in the right role – in cyber. I actively recruit neurodiverse candidates for specific roles.”

We asked why (and for what kinds of roles) he sees neurodiverse talent as particularly valuable, and he explained it like this: 

“One of the traits of some neurodiverse individuals is the reliance on constants and routine. The fruit bowl is always there. I always have lunch at 13:00, I always have this place mat, not that one. A degree of discomfort arises when the fruit bowl is not there but here; lunch is late; and there is a different place mat.

“In essence there is the absence of the normal and the presence of the abnormal, which if you think about it, is just what the Security Operations Centre is there to spot. Some neurodiverse people have their senses highly in tune with this and are able to spot even the slightest deviances that neurotypical people miss.” 

How to build an inclusive hiring strategy 

The two overarching reasons why diverse talent are excluded from the cybersecurity industry are: 

1. A lack of representation and accessible cybersecurity education means that often, individuals from minority groups don’t see cybersecurity as a viable career path for them.
2. A lack of understanding from the people responsible for hiring cybersecurity professionals – who might not recognise the strengths that diverse talent can bring to their team. 

That second problem is one that every single person involved in hiring security practitioners can help to combat. 

This year, we encourage you to embrace the power of diverse perspectives. And by this, we mean: work on your own perspective so you can recognise that every individual from a minority group brings their own unique experience and strengths. 

Your job is to explore their potential as individuals, not as members of a minority group – and consider how you could match their individual strengths with certain cybersecurity roles. Employers can set diverse talent up to excel by recognising the qualities they can bring that no one else can. 

Be expansive. Create space for new ideas to be explored. Develop a working environment that celebrates difference and welcomes unexpected perspectives. 

A diverse cybersecurity sector for the future 

Let’s make 2025 the year we focus on the value of diversity and create a more equitable landscape for people from all backgrounds to make their mark. 

What does diversity in cybersecurity mean to you? Open this newsletter on LinkedIn and share your perspective. We’ll see you in the comment section.

Catch you next week,
Steve Durning
Exhibition Director

Join us at Black Hat MEA 2025 to grow your network, expand your knowledge, and build your business.