Connect with us

Tech

Connecting the dots on diversity in cybersecurity recruitment – TechCrunch

Published

on

Critical thinking and problem-solving are considered vital attributes for the cybersecurity professional — so it’s time our industry applied those capabilities to connect the dots between the skills shortage and lack of diversity.

There’s no question that recruiting talent in sufficient numbers right now is a growing challenge — but it’s one that I believe a more inclusive talent pipeline would help to alleviate.

In its Cybersecurity Workforce Study 2021, industry body (ISC)2 found that 2.7 million information security jobs remain unfilled worldwide. While this number is down from 3.1 million in 2020, we’re a long way from where we need to be. In the face of increased digitization and a rising tide of attacks, the current cybersecurity workforce of 4.2 million people globally needs to grow 65% to keep up with the demand for its skills.

In other words, we’re going to need to draw from a wider talent pool to plug the gaps. But as researchers from Washington, D.C.-based think tank the Aspen Institute point out in their Diversity, Equity and Inclusion in Cybersecurity report, diversity efforts to date “have not addressed the overwhelming white-ness and male-ness of the cybersecurity field.” Estimates suggest that only 4% of U.S. cybersecurity workers self-identify as Hispanic, 9% as Black and 24% as women, the report noted.

It’s clear that our industry faces serious future risks if it doesn’t find ways to recruit new talent to fill the growing number of vacancies. But more than that, its current lack of diversity poses more immediate risks because company systems aren’t homogeneous, and neither are potential assailants.

The authors of The Business Value of a Diverse Infosec Team from the cybersecurity think tank Institute for Critical Infrastructure Technology make this point forcefully: “Homogeneous experiences and perspectives yield less success compared to problem-solving done by teams with varied backgrounds.”

Proactive cybersecurity strategies, by contrast, aggregate a multitude of perspectives, which brings the benefit of innovation, problem-solving and consensus-building.

Shifting the narrative

As the chief information security officer (CISO) at search-powered solutions company Elastic, I believe that individual information security leaders can do a great deal to shift the narrative, at least within their organizations. What this takes is a hefty dose of fresh thinking when it comes to recruitment.

The cybersecurity team I lead as an LGBTQIA+ female CISO includes people who represent the array of human nature when it comes to neurodiversity, sexual orientation, gender identity, race and age. The picture is just as varied when it comes to background, educational pathway and industry experience.

But let me be clear: Diversifying the cybersecurity talent pipeline is not just a numbers game for me. I’m not just focused on onboarding in sufficient numbers to run a fully staffed team. It’s also about improving the quality of that team and the work we perform.

Put simply, a more diverse cybersecurity team is a better cybersecurity team. In a multidisciplinary field like this, different perspectives are critical. When threats and tactics change around us daily, the diverse viewpoints on my team help counter complacency by bringing new thinking to situations. Our adversaries, after all, are continuously trying new tactics, finding new ways to bypass controls and identify vulnerabilities. My team’s different perspectives bring a more disruptive “hacker mindset” to our work in countering attacks.

Our industry’s overreliance on specialists with the “right” qualifications and educational backgrounds might actually be a weakness — a point of view reinforced for me by David Epstein’s 2019 book, “Range: Why Generalists Triumph in a Specialized World.” Epstein argues that generalists with wide-ranging interests are more creative, more agile and able to make connections that their more specialized peers can’t see, especially in complex and unpredictable fields — a description that is a good fit for cybersecurity.

The value of diverse thinking within my current team is evident in the ongoing data protection certification process that we perform for customers. For this key compliance process, diversity is our strength, because our team can quickly get beyond “the way things have always been done” and find better, more efficient and — critically — safer ways to meet changing compliance objectives.

Another example where I’ve seen a clear-cut advantage of diverse thinking is from my team’s approach to supporting our fully distributed workforce. Being a distributed company by design, with almost 80% of our employees working remotely, demands that my team think differently when it comes to data privacy and protection. Our constant innovation in supporting secure remote working meant we were already prepared in this area when the pandemic hit, while cybersecurity teams at other companies were still struggling to make the leap.

Taking action

What matters most, of course, is transforming words into action. For me, it helps that I work for an organization that prioritizes inclusivity and acceptance for all employees in its Source Code.

This gives managers and employees alike a clear set of cues as to who we are as an organization and who we aspire to be, telling employees: “Just come as you are.” By creating an environment that is inclusive for all employees, through a commitment to equal pay, emphasis on internal hiring and prioritizing skills over location, we can hire and retain the best talent wherever they reside.

This year, our company’s aspirational DEI goals include a 40% hiring rate target for women or non-binary individuals, with a 30% hiring rate target for technical roles — globally. And for underrepresented groups, our hiring rate target in the U.S. is 35%, with 27% for technical roles.

With that backing, I’ve personally taken positive steps to ensure that Elastic increases diversity in its cybersecurity talent pipeline. So here are my pointers for other information security leaders:

  • Broaden the scope of qualifications. Look beyond traditional schooling and minimum career experience to see skills, qualifications, experiences and capabilities gained from shorter programs, online certificates, other jobs and participation in cybersecurity communities that support core foundational understanding of systems and their vulnerabilities.
    Some of the most successful teams that I’ve built over the years have not only come from a variety of IT backgrounds, such as systems architecture, business analysis and project management but from outside of the IT discipline entirely. For example, I hired a former emergency medical technician who moved into healthcare fraud analysis before joining my team. Former lawyers have brought attention to detail. People with a marketing background have proved adept at tackling customer data privacy challenges with empathy, while those from the financial sector bring new thinking to compliance issues.
    But what they all have in common, and what has made them strong additions to my infosec teams, is their curiosity, a willingness to question, and excitement to learn and try new things. These transferable experiences are just as important, if not more important, than specific skills.
  • Encourage underrepresented groups. Add language that explicitly states your interest in groups often left out of hiring pools, such as women, people of color and members of the LGBTQIA+ community. Job descriptions should make explicit that the company fosters a welcoming environment for everyone and encourages personal and professional development of its cybersecurity talent.
    For example, I have recruited for an intern program recently immigrated individuals who do not have the standard security qualifications. Most of these recruits quickly moved into full-time roles and outperformed cybersecurity veterans. I have also taken steps to work more closely with local community colleges on sourcing graduates and with recruitment specialists who focus on supplying more diverse candidates for cybersecurity roles, such as CyberSN.
  • Make your hiring process accessible. Many would-be applicants are discouraged if the hiring process isn’t adapted for those with accessibility needs. We’ve worked to ensure that everything from our recruiting site to our internal digital properties and tools follows international guidelines and translates to a positive environment for all candidates and employees.
    Anonymized hiring is an important part of this process. I regularly review resumes with the identifying information stripped to ensure that unconscious bias plays no part when we’re making judgments on job candidates.

Cybersecurity teams need people with diverse life experiences, education and skills, so our recruitment efforts need to reach a far wider audience. If they don’t, we risk overlooking talent and excluding viewpoints that could be instrumental in delivering on our mission as an industry. If we allow that to happen and continue instead to compete for the increasingly sparse talent that fits nicely with age-old biases, we’ll only have ourselves to blame.

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Tech

Rivian shares down more than 17% following report of Ford sell-off – TechCrunch

Published

on

Rivian’s stock price fell more than 17% Monday, a drop prompted by a CNBC report that Ford was selling 8 million shares of the EV automaker.

Ford held a 12% stake, or about 102 million shares, of Rivian.

Over the weekend, David Faber of CNBC reported that Ford would sell 8 million of its Rivian shares through Goldman Sachs. Faber followed up on Monday, describing the sale as “done.” The sell-off came as an insider lockup for the stock expired Sunday.

TechCrunch will update the article if Ford responds to a request for comment.

The news has further accelerated the decline of Rivian’s share price since its IPO last year. Rivian debuted as a publicly traded company in November with an opening share price of $106.75, a price that made it one of the largest IPOs in U.S. history and put its market cap above GM as well as Ford. (At the time, GM’s market cap was $86.31 billion; Ford’s was $78.2 billion.)

Rivian’s share price reached as high as $179.47 a week later, before coming back down to earth. Rivian shares have fallen more than 75% since its public market opener.

That freefall has also affected its largest shareholders, Ford and Amazon. Last month, Ford reported it lost $3.1 billion in GAAP terms in Q1, largely due to a write-off of the value of its stake in Rivian. 

Amazon reported a $7.6 billion loss on its investment in Rivian.

Source link

Continue Reading

Tech

Why Twitter’s top lawyer has come under fire from Elon Musk

Published

on

Placeholder while article actions load

Vijaya Gadde came reluctantly to the decision that cemented her reputation on the right as Twitter’s “chief censor.” For years, the company’s top lawyer had resisted calls to boot then-President Donald Trump from his favorite social media platform.

Even after a violent pro-Trump mob stormed the U.S. Capitol, Gadde explained during an emotional virtual company town hall on Jan. 8 that Trump hadn’t broken enough of Twitter’s rules against glorification of violence to merit a permanent ban of his account.

Three hours later, after her team produced evidence that Trump’s latest tweets had sparked calls to violence on other sites, Gadde relented, according to two people familiar with the matter who spoke on the condition of anonymity to describe internal discussions. She reached then-CEO Jack Dorsey in French Polynesia, and they agreed to lower the boom.

Elon Musk wants ‘free speech’ on Twitter. But for whom?

“After close review of recent Tweets from the @realDonaldTrump account,” the company announced in a blog post, “… we have permanently suspended the account due to the risk of further incitement of violence.”

The ban on Trump, which continues to this day, is the most prominent example of the deeply polarizing decisions that have led conservatives to accuse Twitter of political censorship. As billionaire Elon Musk, a self-declared free-speech absolutist, seeks to acquire the social network, these decisions — and Gadde herself — are coming under fresh scrutiny.

Critics have derided her as Twitter’s “top censorship advocate,” a barb amplified by Musk, who tweeted a meme with a photo of Gadde that cast her as an icon of “Twitter’s left wing bias.” Musk’s legions of followers have tweeted calls for her firing, some of them racist. (Gadde, 47, is Indian American.)

Twitter colleagues describe Gadde’s work as difficult but necessary and unmotivated by political ideology. Defenders say her team, known as the trust and safety organization, has worked painstakingly to rein in coronavirus misinformation, bullying and other harmful speech on the site, moves that necessarily limit some forms of expression. They have also disproportionately affected right-leaning accounts.

But Gadde also has tried to balance the desire to protect users with the values of a company built on the principle of radical free speech, they say. She pioneered strategies for flagging harmful content without removing it, adopting warning labels and “interstitials,” which cover up tweets that break Twitter’s rules and give people control over what content they see — strategies copied by Twitter’s much larger rival, Facebook.

Many researchers and experts in online harassment say Gadde’s policies have made Twitter safer for its roughly 229 million daily users and say they fear Musk will dismantle them if the sale goes through.

“If Musk takes things in the direction he has been signaling — which is a rather simplistic view that more or less anything goes in the name of free speech — we will certainly see the platform go back to square one,” said Rebekah Tromble, director of the Institute for Data, Democracy and Politics at George Washington University.

Twitter workers face a reality they’ve long feared: Elon Musk as owner

Whatever happens to her policies, Gadde signaled at a staff meeting late last month that her days at Twitter may be numbered, telling employees that she would work to protect their jobs as long as she is around, according to a person who attended the meeting.

She did not respond to requests for comment. Twitter declined to comment. Musk did not respond to a request for comment.

This story is based on interviews with 10 current and former Twitter employees, as well as others familiar with decisions made by Gadde and her team, who spoke on the condition of anonymity to describe private company discussions.

“I do believe very strongly — and our rules are based on this framework — that free expression is a fundamental right, that everyone has a voice and they should be able to use it,” said Gadde in a 2019 interview with The Washington Post. There is a line between doing that and committing what we call abuse or harassment, and crossing over into a place where you’re preventing someone else from using their voice.”

Gadde is a previous donor to Kamala Harris and other Democrats, and in 2017 she helped lead Twitter’s $1.59 million donation to the ACLU to fight Trump’s executive order banning immigration from majority Muslim countries.

Among employees, Gadde is known for taking a legalistic yet pragmatic approach to content moderation. As with Trump after the Jan. 6 insurrection, she often has argued against limiting speech and has rejected colleagues who wanted to take a stronger approach to removing content, moving to do so only after careful consideration.

For years, she has been the animating force pushing Twitter to champion free expression abroad. In India and Turkey, for example, her team has resisted demands to remove content critical of repressive governments. In 2014, Gadde made Twitter the only Silicon Valley company to sue the U.S. government over gag orders on what tech companies could say publicly about federal requests for user data related to national security. (Five other companies settled.)

Elon Musk boosts criticism of Twitter executives, prompting online attacks

“She wasn’t a censorship warrior or a free expression warrior,” said a former colleague familiar with Gadde’s approach. “She is pragmatic, but not doctrinaire.”

A dedication to free speech has been part of Twitter’s DNA since its founding in San Francisco 16 years ago. Early executives were such believers that they famously referred to Twitter as “the free speech wing of the free speech party.” That approach made Twitter ripe for abuse in its early days, and the platform developed a reputation as unsafe — particularly for high-profile women, who endured threats of rape and other sexist attacks.

Back then, Twitter’s attitude was, “we don’t touch speech,” said University of Virginia law professor Danielle Citron, an expert on online harassment. In 2009, Citron prepared a three-page, single-spaced memo for the Twitter C-suite, explaining the legal definition of criminal harassment, true threats and stalking.

Gadde joined Twitter’s legal team two years later, leaving her post at the Silicon Valley firm Wilson, Sonsini, Goodrich and Rosati. People who worked with her said her move was inspired by the Arab Spring uprising, when pro-democracy activists used Twitter and other social platforms to organize protests across the Middle East. The Arab Spring solidified the belief among Twitter’s leaders that their job was to protect speech, not police it.

Twitter was soon engulfed in scandal, however. In 2014, online trolls launched a brutal campaign against women in the video game industry. The attacks — which came to be known as “GamerGate” — were carried out on multiple tech platforms. But they were most visible on Twitter, where women received highly graphic threats of violence, some including the woman’s address or an exact time of attack.

The incident was a wake-up call for the company, said software engineer Brianna Wu, one of the women targeted in GamerGate, who worked with Twitter to improve the site.

In an op-ed published in The Post, Gadde wrote that she was “seriously troubled by the plight of some of our users who are completely overwhelmed by those who are trying to silence healthy discourse in the name of free expression.”

Elon Musk wants a free speech utopia. Technologists clap back.

By then, Gadde had been promoted to general counsel, overseeing all legal and trust and safety matters facing the company.

In response to GamerGate, Twitter streamlined the company’s complicated nine-step process for reporting abuse and tripled the number of people on its trust and safety team, as well as other teams that protect users, according to the op-ed and other reports at the time.

But the moves to clamp down on harassment soon stirred fresh controversy. Internal emails obtained by BuzzFeed in 2017 showed Gadde and other executives engaged in messy, seemingly ad hoc deliberations over whether to shut down the accounts of alt-right provocateur Milo Yiannopoulos and right-wing flamethrower Chuck C. Johnson, who had tweeted that he was raising money in the hopes of “taking out” a leader of the Black Lives Matter movement.

Johnson, who says his comment was part of a “journalistic project,” has complained that Twitter never offered a clear reason for the ban. He sued the company over it and lost. He has since abandoned his alliance with Trump and declared his support for President Biden, he said, leading to attacks online. Because his Twitter account is still suspended, Johnson argues he is unable to defend himself.

About the same time, Twitter was confronted with another conundrum: the candidacy of Trump, who made Twitter central to his 2016 presidential campaign. With nearly 90 million followers at his peak, Trump routinely lobbed tweets at political opponents, journalists and even private citizens, triggering waves of online harassment.

After Trump’s election, Gadde and Dorsey convened a “free speech roundtable” at the company’s San Francisco headquarters, where top Twitter executives heard from Citron, former New York Times editor Bill Keller and Tom Goldstein, former dean of the graduate journalism school at University of California at Berkeley. During the meeting, which has not been previously reported, Citron expressed concerns about online harassment, especially directed at journalists.

Gadde “understood how speech could silence speech,” Citron recalled, “and could be incredibly damaging to people’s lives.”

Goldstein declined to comment on the meeting. Keller said the group discussed how new standards could bring order to the “wild west” of social media.

Elon Musk acquires Twitter for roughly $44 billion

Internally, some employees faulted Gadde for ineffectiveness, as rules were unevenly applied across the massive platform. Three former workers said her trust and safety unit did not coordinate well with other teams that also policed the site.

Even as the company took action to limit hate speech and harassment, Gadde resisted calls to police mere misinformation and falsehoods — including by the new president.

“As much as we and many of the individuals might have deeply held beliefs about what is true and what is factual and what’s appropriate, we felt that we should not as a company be in the position of verifying truth,” Gadde said on a 2018 Slate podcast, responding to a question about right-wing media host Alex Jones, who had promoted the falsehood on his show, Infowars, that the Sandy Hook school shooting was staged.

A year later, nearly every other major platform banned Jones. Twitter initially declined to do so, saying Jones hadn’t broken any of its rules. Within a month, however, Gadde reversed course, banishing Jones for “abusive behavior.” In a 2019 appearance on the “Joe Rogan Experience” podcast, Gadde explained that Jones had earned “three strikes” by posting videos that did violate Twitter’s rules, including one she deemed an incitement to violence against the news media.

Jones did not respond to a request for comment. At the time, he called Infowars “a rallying cry for free speech in America,” adding that he was “very honored to be under attack.”

Gadde and her team later escalated the company’s efforts to fight disinformation — along with spam and fake accounts — after news broke that Twitter, Facebook and other platforms had been exploited by Russian operatives during the 2016 campaign. The company began removing a million accounts a day in a broad effort to crack down on abuse.

In a move described as signature Gadde, Twitter also launched an initiative called “Healthy Conversations” that sought feedback from hundreds of experts about how to foster more civil dialogue. That effort led to updated hate speech policies that banned “dehumanizing speech” — such as racial slurs and negative stereotypes based on religion, caste or sexual orientation — because it could have the effect of “normalizing serious violence,” according to a company blog post.

In subsequent years, Dorsey became increasingly absent and would effectively outsource a growing number of decisions to Gadde, including those around content moderation, three of the people said.

Gadde also was key to a 2019 decision to ban political advertising on the platform, according to four people familiar with the decision, arguing that politicians should reach broad audiences on the merits of their statements rather than by paying for them. Other companies copied the move, enacting temporary pauses during the 2020 election.

Throughout Trump’s presidency, at the company’s monthly town halls, Twitter employees regularly called on Gadde to ban Trump, accusing him of bullying and promoting misinformation. Gadde argued that the public had a right to hear what public figures such as Trump have to say — especially when they say horrible things, the people said.

How Twitter decided to ban Trump

Meanwhile, Gadde and her team were quietly working with engineers to develop a warning label to cover up tweets — even from world leaders such as Trump — if they broke the company’s rules. Users would see the tweet only if they chose to click on it. They saw it as a middle ground between banning accounts and removing content and leaving it up.

In May 2020, as Trump’s reelection campaign got underway, Twitter decided to slap a fact-checking label on a Trump tweet that falsely claimed that mail-in ballots are fraudulent — the first action by a technology company to punish Trump for spreading misinformation. Days later, the company acted again, covering up a Trump tweet about protests over the death of George Floyd that warned “when the looting starts, the shooting starts.” More such actions followed.

Later that year, Gadde was involved in a decision that drew widespread criticism. In October 2020, the New York Post published an exclusive story based on material found on a laptop allegedly belonging to Biden’s son Hunter. Gadde and other trust and safety executives suspected the story was based on material obtained through hacking and therefore violated the company’s rules against publishing such material.

Anxious to avoid a repeat of Russia leaking hacked material during the 2016 election,Twitter executives took the unusual step of temporarily locking the newspaper’s Twitter account and blocking Twitter users from sharing a link to the story.

Even within liberal Twitter, the decision was controversial, two of the people said. It was not entirely clear the materials had been hacked, nor that the New York Post had participated in any hacking. A Post investigation later confirmed that thousands of emails taken from the laptop were authentic.

Amid mounting outrage among conservatives, Gadde conferred with Dorsey and announced an 11th-hour change to the hacked-materials policy: The company would remove only content posted by the hackers themselves or others acting in concert with them. It also would label more questionable tweets.

Dorsey later tweeted that the decision to block mention of the New York Post story was a mistake. Recently, Musk tweeted that “suspending the Twitter account of a major news organization for publishing a truthful story was obviously incredibly inappropriate.”

Here’s how The Post analyzed Hunter Biden’s laptop

Now employees are worried that Musk will undo much of the trust and safety team’s work. Many people silenced by policies adopted under Gadde are clamoring for Musk to avenge them. Johnson, for example, said he has appealed via text to Jared Birchall, head of Musk’s family office, asking when his account might be restored.

Birchall did not immediately respond to a request for comment.

Though Johnson does not plan to tweet, he said, he wants his account back on principle. According to text messages first reported by the Wall Street Journal and subsequently viewed by The Post, Birchall replied: “Hopefully soon.”

Birchall also shed light on one of the biggest questions looming over the Musk takeover: Will Musk undo Gadde’s decision to ban Trump? At a recent TED conference, Musk said he supports temporary bans over permanent ones.

Musk “vehemently disagrees with censoring,” Birchall texted to Johnson. “Especially for a sitting president. Insane.”

Source link

Continue Reading

Tech

Gradient Ventures backs Mentum’s goal to democratize investment services in LatAm – TechCrunch

Published

on

Investment in stocks or retirement accounts can seem like a complicated process if you are not sure where to begin.

Mentum is out to change that in Latin America, and is working on customizable investment APIs and widgets so businesses in Latin America can build and offer fully digital investment products, like local mutual funds, ETFs and stocks, to their customers. The products are also compliant with local regulations.

Co-founder and CEO Gustavo Trigos started the San Francisco-based company in 2021 with Simon Avila and Daniel Osvath. The trio, who participated in Y Combinator’s summer 2021 cohort, come from a mixture of backgrounds in payments, technology, APIs and investment services.

All of them came to the U.S. from Latin America to study and work, and in the course of using some of the investment apps offered in the U.S., they struggled to find similar products in Latin America that provided a way to fully invest. And, in Latin America, just 2% of the population in each country have access to investment products, and that’s mainly because they are high-net-worth individuals, Trigos said.

He noted in talking to folks at Chile-based Fintual, which is operating in the retail investing space, why there was not more competition, and what they discussed was a huge gap in the infrastructure and understanding the regulations in each country.

“You have to start from scratch in each country,” Trigos told TechCrunch. “We saw no one was building it, so we did.”

Mentum is not alone in working to provide an easier way for Latin Americans to learn about investing and try it out. In the past year or so, some significant venture capital dollars have been infused into companies, like Vest, Flink and Grupo Bursátil Mexicano, that have also developed investment products as a way to boost financial inclusion within the region.

Trigos considers Mentum a technology company operating in the fintech space versus a fintech company. It started in Colombia and acts as a middle layer, developing technology that companies can build on top of.

One of the early approaches the company took was to reach out to 10 of the top broker-dealers in each country to understand the regulations and build relationships to get the greenlight to do business. While Trigos called that process “burdensome,” once Mentum did that, it was able to more easily repeat the process in Chile and now is eyeing Peru and Argentina for expansion.

Initially, Mentum targeted fintech companies because they already knew how to work with APIs, but then demand started coming in from traditional banks and even supermarkets, insurance companies, credit unions and super apps that deliver food.

Mentum’s widgets. Image Credits: Mentum

Having so many different kinds of companies eager to offer investment products is a big reason why the company wanted to make its products easier to use, Trigos said.

“We analyzed hundreds of apps to see what the general experience should look like, then we created widgets that do require some code, but we also have a desktop simulator in beta that will require no code to set up the experience,” he added.

Mentum’s products are still in beta, but plans to launch them this year were accelerated by $4.2 million in funding, led by Google’s Gradient Ventures, with participation from Global Founders Capital, Soma Capital Y Combinator and co-founders of Plaid and Jeeves.

Trigos intends to use the new capital to increase its headcount from the seven employees it has now, including setting up its founding team. One of his goals for the year is to grow in Colombia and Chile by integrating five clients in each country. The company will work on product development and features that will enhance the experience, like more payments and adding DeFi and crypto.

Mentum already has two strategic partnerships with broker-dealers and is currently in the integration process with two of its fellow YC-backed fintech companies in Colombia and another 25 companies interested in launching its products.

“The financial services industry is undergoing a massive transformation in Latin America. APIs have created new opportunities for the way we bank,” said Wen-Wen Lam, partner at Gradient Ventures, in a written statement. “With its innovative technology, Mentum has opened up a wide range of possibilities for Latin America fintech apps. We’re excited to back Gus and his team as they usher in the next generation of banking.”

Source link

Continue Reading

Trending