I am not your typical hacker.
I’m from rural Mississippi. Both of my parents grew up on farms, and I spent summers mowing lawns for my mom’s church friends. We didn’t have a computer at home. Lawyers and judges like Thurgood Marshall, doctors and ministers, and my father—a manufacturing engineer—were the role models I looked up to in the South.
There was no glamour in the idea of being a computer programmer. The emerging field of high tech was something I was aware of, but a career in cybersecurity wasn’t even on my radar. And, even if it had been, for me as a black kid there was no one in cybersecurity who looked like me that I could have used as a role model. If it wasn’t for one particularly impactful moment, I likely wouldn’t have known that the career I have now was even an option.
When I was in middle school, my parents took me on a weekly trip to the bookstore. On this particular visit, I found the magazine 2600: The Hacker Quarterly. I read a story about John Lee, aka “John Threat.” In the early 90s, he went by the alias “Corrupt” and was part of the hacker group Masters of Deception. I had no idea what a hacker was, let alone that there were black hackers out there. It immediately sparked something in me.
I wanted to learn everything I could about computers and cybersecurity. I had a sense that it could open up the world for me. So, I started reading everything I could get my hands on and taught myself how to code, which led me to a math and science magnet school. My career in technology would not have been possible without the early access to the internet I had at that school. I went on to hold senior security roles at Twilio, Bank of America, and Square before my current role as the chief security officer at Gusto.
Knowing John Threat existed ignited my interest in cybersecurity. Granted, he is not a perfect role model and certainly has a complicated legacy. The federal government indicted him for wiretapping in 1992. But he was the only hacker role model I identified with. Besides, what could be more enthralling to a young boy than something called the Great Hacker War?
It’s hard to overstate the importance of representation, especially when it comes to teaching children that they have the potential to achieve far beyond their everyday realm. Unfortunately, we’re still very far away from a diverse cybersecurity industry. There still aren’t many role models out there for women and people of color.
People who identify as racial or ethnic minorities make up only 26% of the cybersecurity industry. What’s more, they tend to be concentrated in nonmanagement positions, with few people of color in leadership despite high rates of education. Meanwhile, women make up only 11% of cybersecurity professionals, and more than half report they have experienced discrimination while in those roles.
Cybersecurity’s diversity problem has severe and widespread implications. It puts every business and person who uses the internet at risk. Bank accounts, social media platforms, and corporate networks are being protected by a group of people who look the same, think the same, and were educated in the same way. There will be blind spots—and blind spots mean vulnerability.
Human error and social engineering scams cause the majority of security breaches that occur today. These attacks use techniques such as phishing emails to manipulate human behavior and trick users into revealing sensitive data or account access. In order to prevent these attacks, the security industry needs to understand the psychology and behavior of all users, not just those from a single background.
Cybercrime is projected to cost $6 trillion in damages worldwide by 2021, which is double that of 2015. Malicious actors (the “bad” hackers) are constantly trying to get two steps ahead of those who are trying to stop them. Why give them one more advantage?
Building a more inclusive industry
To build a more diverse industry, we need to build a more inclusive culture that welcomes people from all backgrounds, including nontraditional backgrounds, who don’t necessarily have degrees from a small handful of elite institutions. That starts by changing the stereotype of the cybersecurity pro. When I worked at a startup early in my career, a manager told me to my face that I didn’t “look like security,” despite a résumé and a computer engineering degree that said otherwise. This attitude has no place in the industry and needs to change.
What’s more, many cybersecurity professionals adopt the mystique of the elite hacker, which can make it seem like a standoffish clique. I understand the appeal of the hacker persona—who doesn’t want to be seen as the coolest person in the room? But it’s not serving us. Elitism creates barriers to entry and intimidates people from pursuing cybersecurity roles, especially if they don’t have role models to look up to.
Until there are more women and people of color represented in the industry, it’s up to all cybersecurity professionals to serve as role models. That means being the most approachable person in the room, not the coolest. We need to encourage everyone to participate in cybersecurity, instead of hiding behind our hoodies.
Fredrick “Flee” Lee is the chief security officer of Gusto.