“I get questions all the time from my colleagues who don’t look like me, asking how they can help, how they can show up and be a part of this,” says Palmore, who is Black. “So, I tell them ‘People entering this industry need to see you and I together coexisting, leading, and effectively engaged on this issue. That shows them it’s important to you as well.’”

“It’s an all-hands-on-deck effort,” Palmore continues. “We need everyone participating in that, not just diverse leaders. Because as diverse leaders, we can’t do all of this on our own. It’s just an impossible, insurmountable task if we don’t have allies with us helping to educate, inform and grow this new workforce.”

Women making fewer strides in cybersecurity

Female underrepresentation is yet another issue that cybersecurity shares with other industries. Although women make up roughly half the world’s population, ISC2’s DEI data suggest they account for only 24% of cybersecurity professionals under the age of 30 and the incoming generation of cybersecurity workers is still largely male.

Rosso blames this on a lack of gender diversity in the profession’s higher echelons, which creates a role model vacuum. (Based on ISC2’s research, only 15% of cybersecurity professionals aged 50 to 59 are women.) “If I don’t see somebody like me in a leadership position in an organization, I question if there’s a place for me there,” Rosso says.

She cites another potential culprit: women not receiving the same amount of money or power as their male counterparts in cybersecurity. “There will be people who tell you the reason women leave [cybersecurity] is because they’re having babies. That’s not the reason women are leaving,” Rosso says. “[It’s because] they’re not experiencing equity in terms of pay and advancement opportunities. And we have to fundamentally change that.”

Rosso speaks from firsthand experience. After her first year as CEO of ISC2, the organization did a compensation review and detected instances of pay inequity among its female and visible minority staff. Though she says the situation has since been “fixed” (ISC2 also created an equity review body for promotions), it was an eye-opener. “You might think you’re good based on affirmative action reporting. Well, you’re not good until you’re line-by-line looking at what you’re paying people,” she says.

The ASIS Foundation makes a similar recommendation in its report, urging organizations to collect diversity data so they can establish a baseline, measure progress over time, and “hold colleagues accountable through key performance indicators.”

CSOs and CISOs have the clout to push for that kind of accountability, in their own companies and the wider industry. It’s one way leaders can confront the diversity gap between them and the next crop of incoming talent. “The younger generation of male, female and more diverse individuals are saying ‘this is what we want to see within our organization. We want to have a voice,’” Rosso says.