Why diverse thinking is becoming a security imperative

For an industry built around anticipating the unexpected, cybersecurity can sometimes become surprisingly predictable.

Teams recruit from the same talent pools, and leaders rely on familiar playbooks. Security programmes repeat processes that worked five years ago and hope they still work against today’s threats.

That, according to Trina Ford (CISO at iHeartMedia), is a problem.

Over on the podcast, she said more people in the industry need to understand what diversity really means:

“Many think that it’s black or white or it’s male or female – and that’s not diversity. Diversity can come from the way you think, your experiences; how you approach things.”

Looking at diversity from this angle is important – because instead of just being representation, diversity is inextricably linked to operational capability. And in a threat landscape facing AI, social engineering, insider risk, and ever-more creative adversaries, that capability is critical. 

The best security teams don’t all think alike

Ford argues that modern cybersecurity challenges can’t be solved with old thinking.

“The way we used to do things – if we all see a problem the same way – that’s not going to work in our favour,” she said. “We have to be open to hearing how others may see it, or the way they think about it.” 

This makes a lot of sense. Attackers adapt constantly, so security teams that rely on rigid thinking or homogeneous experiences can struggle to spot emerging risks until they become incidents.

That’s why Ford believes organisations need teams built around different perspectives, backgrounds, and problem-solving styles.

“Whether it is from an age, a gender, a race, a country you’re from – diversity works very well when you’re trying to be creative.”

Interestingly, some of the strongest examples she shared had little to do with conventional cybersecurity hiring pipelines: 

“I was just thinking about the fact that at one point I brought someone in from sales – they had no idea about security but they brought this uniqueness to the programme. And now they’re excelling at other companies.” 

The industry still tends to treat cybersecurity as a technical profession, when in reality, modern security programmes rely on communication, psychology, governance, risk management, and relationship-building. 

Or, as Ford put it (much more succinctly), “Cyber is not about being technical.” 

Security became more human after COVID

We also don’t talk enough about how leadership changed after the COVID-19 pandemic. Since then, Ford said, “it’s been about the people. It’s not about the technology, the process.” 

And that shift is still changing the way cybersecurity teams are built today. Burnout remains widespread, and hybrid work has completely changed team dynamics. CISOs are expected to manage culture as much as controls. At the same time, security leaders face mounting pressure to retain talent in an already stretched market.

Ford believes leaders need to respond by building more inclusive, psychologically aware environments.

“We have to make sure that we have a pulse check on our people,” she said. “We allow them to be creative.”

And she argues that creativity only happens when people feel heard. 

Diversity without inclusion doesn’t work

We’re all human – and we all crave a sense of belonging. Ford spoke candidly about how people naturally gravitate towards those who look or think like them – even in professional settings.

“We have to actually get out of our own way.” 

That honesty cuts through the polished language that often dominates corporate diversity discussions. Inclusion isn’t just about policies or conference panels. It is also very much about whether people feel welcome enough to contribute.

Representation is important – when you see someone who looks like you or who comes from a similar background doing the job you want to do, it validates the idea that you could do that job too. But diversity also requires everyone in a team to develop an inclusive mindset; to actively work against their inclination to stick with people like them, and to start conversations and build relationships with people who are different from them. 

If you’re a CISO, here are five steps you can take to build a more diverse and inclusive team: 

• Hire for perspective (not just certifications) 
• Bring non-traditional backgrounds into security conversations 
• Reward creativity and collaborative problem-solving
• Encourage teams to challenge assumptions openly
• Treat diversity as a resilience strategy – not a compliance exercise 

Cybersecurity has never been short of technology, but it does often lack fresh thinking. And in an industry where attackers evolve constantly, that could be the biggest risk of all.