Workforce diversity goes beyond just setting a hiring strategy: You may have to overhaul your culture to ensure new hires feel welcome and can thrive. That accountability ultimately rests with the executive team and the CEO.

“Too often, diversity has been seen as only an HR program and not core to the business,” explained Ian Cook, vice president of people analytics at Vancouver-based workforce analytics startup Visier.

In order to build a sustainable change in diversity, he added, you need to have a leadership group that understands the process, represents the company you want to be, and can build the type of inclusive culture which makes diversity real and not just a numbers game.

As Cook also noted, often companies looking to improve diversity automatically look to hire more people from underrepresented groups. Their approach might prove even more successful if they grow and promote into management existing employees from diverse backgrounds.

Tech can have a reputation as a "boys club,” with many publicly documented cases where people from diverse backgrounds have been disadvantaged at specific tech companies.

“To avoid being grouped with the rest of the IT sector, companies need to combine clear statements about their intent and actions toward building a diverse and inclusive culture, with a level of transparency about their current state and progress towards goals,” he said. “Statements without action are worse than doing nothing.”

Those points were seconded by Deb Hill, director of HR for workspace management specialist FM:Systems, who said businesses must be intentional when it comes to their diversity, equity and inclusion (DEI) profile. 

“Software and IT have typically been primarily male and white, and so the challenge is how to do we change that dynamic within the organization,” she said. “We really believe that support comes from the top.”  

Hill explained it’s about ensuring that diverse viewpoints are amplified throughout the organization, and how you build talent development programs that help the next generation of leaders be more diverse. “Internally, we have an employee resource group called GROW—Growing Relationships and Opportunities for Women—in place for a couple of years,” she continued. “This group has provided a way for women in technology to connect more deeply and talk about challenges specific to women, and it serves as a peer support group. That has contributed to the increase number of females in the organization over the past two years. 

Hill’s company is currently establishing other employee resource groups, such as one for people of color. “We want those groups to be employee led,” she noted. “This isn’t an HR initiative: We want employees to feel like they have a say in what kind of content they want, what sorts of career development opportunities would be best for them.” 

FM:Systems CEO Kurt von Koch admitted there’s been a lot of lip service paid to diversity initiatives, adding many organizations say the candidates “just aren’t there.” His experience suggests that when you go out and make the added effort, it can be done.

“It’s in the actual numbers and in the actual makeup of your organization—how you get to that is showing your progress and providing that transparency throughout the organization,” he said. “Here’s our progress, here are the successes, and here’s where we’re still behind—being transparent is another important element of where the rubber meets the road.”  

Heather Paunet, Senior Vice President at Untangle, a San Jose, Calif.-based provider of comprehensive network security for SMBs, said cybersecurity, as an industry, thrives because so many professionals come from different backgrounds and skill sets. 

Some general advice for employers to attract a more diverse security workforce: Go beyond the standard EEO statement. Show your progress on your website. Work with associations such as International Consortium of Minority Cybersecurity Professionals (ICMCP) to support and bring in diverse talent.

“Making hiring managers aware of general actions that can lead to a less diverse security workforce can be helpful,” she said. “Without thinking about it too deeply, we can have a natural pull towards people that are more like us based on their backgrounds and skill sets and education, and perhaps work experience.”

Lisa Plaggemier, chief strategy officer at MediaPro, a Seattle, Washington-based provider of cybersecurity and privacy education, pointed out that, while a lot of people will lay the responsibility for fostering a culture of inclusivity at the feet of senior leadership or HR, the reality is it’s up to every individual.

“Companies are made up of individuals, and the way you conduct yourself matters,” she said. “Don’t wait for a corporate ‘program’ or training—take the initiative yourself to make your team a better place for people who come from underrepresented groups. If you’re in a managerial role, consider that everyone doesn’t respond to the same management style.”

That may mean you need to adjust to connect with and foster high-potential talent from different backgrounds. “The best bosses I’ve worked for were men who understood how to mentor women—many of us tend to be more risk adverse and less bold than our male counterparts—so they altered their management style to work with me on my challenges,” she continued. “At the end of the day, I think it comes down to culture—company culture, team culture. You want to create a culture where everyone feels welcome and comfortable. People feel it when they interview with your team.”

As Hill pointed out, if you’re not retaining diverse talent, trying to attract that diverse talent is for naught. “Increasingly, the focus is still on diversity, but it’s about that inclusion part and how we ensure employees feel connected and they feel like they belong in the organization,” she said. “As an employee, I want to be able to bring my whole self to work, and how I can feel more connected to the people I work with, both the people who have similar backgrounds and experiences, and those who have different backgrounds and experiences.”