Multifaceted and values driven
Cybersecurity at Siemens
Successful cybersecurity teams have to be something more than a collection of individuals who are just as diverse and multifaceted as the attackers whom they must vanquish every day. They should also be a community of shared values. This is the only way that they can successfully fend off the multiplying number of menaces they confront in cyberspace.
Cyberattacks are launched from everywhere – and this frequently means from unexpected directions. The attackers range from teenage hackers and criminal syndicates to government-sponsored strike forces that have unlimited resources at their disposal. Their methods are multidimensional: denial-of-service attacks, ransomware smuggled into supply chains and phishing e-mails that lure users into clicking links or documents that appear to be ever so innocent. Their aims are just as multidimensional: sabotage, espionage and blackmail. The damage caused by these hackers costs companies billions and billions of dollars.
Companies that are determined to defend themselves need teams of cybersecurity experts who are not cut from the same cloth. They must have an array of experiences, talents, perspectives, mindsets and résumés. The reason is simple: It is this diversity of ideas and recommendations that produce the solutions that can counter today’s threats.
A number of studies have confirmed that cognitively diverse teams are more successful. A McKinsey report analyzed the data of 366 companies and concluded that companies that have a higher degree of ethnic and gender diversity perform significantly better in commercial terms. On the other hand, teams consisting of motley assortments of individuals run the risk of remaining in a constant state of disagreement. This is why these teams must share the same values, a quality that is just as important as diversity. It is a principle that applies in many places. Individuals who care for the elderly should share a commitment to helping fellow human beings. Employees at a technology company should be motivated by innovation – and society as a whole should promote equal opportunity and inclusion along with diversity. “A good team is always a community of shared values,” says Natalia Oropeza, Chief Cybersecurity and Chief Diversity Equity & Inclusion Officer at Siemens AG.
Siemens – a company with about 300,000 employees and hundreds of factories – registers around 1,000 cyberattacks each month.
Tough fight for the most talented people
Siemens achieves both goals in its cybersecurity department. Diversity touches on something much more than gender here (see the information box) – it also applies to age, ethnic background, sexual orientation, social background and nationality. Siemens operates five major cybersecurity locations around the world, and they are staffed by employees who come from more than 25 different nations. Natalia’s team consists of a range of different mindsets that foster innovation, creative thinking and fast problem resolution. At the same time, such values as equal opportunity and inclusion play a key role in Siemens’ corporate culture along with diversity. The result: a powerful global team. It is a team that is certainly needed: Siemens – a company with about 300,000 employees and hundreds of factories – registers around 1,000 cyberattacks each month. To make matters worse, the number is growing. Each attack must be successfully blunted in the shortest amount of time. The team also develops innovative security solutions designed to keep it one step ahead of the attackers. It works to ensure that all employees in the Group understand just how important cybersecurity is to the jobs they perform everyday.
A team’s diversity also acts as a calling card that piques the interest of greater numbers of job candidates in the company. A survey conducted among users of Glassdoor – a website where employers are rated – found that 67 percent of respondents view diversity as an important job-selection criterion. Such considerations play an even greater role in cybersecurity. The reason is quite simple: This area faces an ever-shrinking pool of experts and has to fight tooth and nail to hire the most talented individuals as a result.
It is a situation that also affects the entire cybersecurity industry: The industry’s culture must be changed from top to bottom in order to remain attractive. Such change extends all the way to the type of words that the industry uses. In the past, the term “master/slave” was used to describe data-transmission hierarchies in networks. But the term is now falling out of fashion as the industry moves forward. Questions are also being raised today about AI programs that have been trained with data sets that were selected only by a homogeneous group of individuals. “The male-dominated world of hacking assumed for years that there was a technological solution for everything,” says the cybersecurity expert Mirko Ross. “But that is not true. We need cultural change to address many social problems. Companies can help fuel this change.”
Intensified employee commitment
Job seekers are interested in something more than a diverse culture. They are also looking for something that could be described as a home. And why shouldn’t they? They spend much of their lives at and with work. This means that an employee must be able to identify with the values of an organization. These are values that may not be particularly noticeable from the outside. Instead, they are the values that employees experience on the job every day and that ultimately determine whether they identify with the company.
Equal opportunity means flexible work conditions for employees who have children at home or have to care for elderly individuals. It also means that every employee has access to the same information and receives equal pay for doing the same job. Inclusion ensures that every voice in a company is heard, including those expressing uncomfortable truths.
It all pays off for companies in the end: A study conducted by Deloitte found that inclusive work cultures and diversity resulted in increased employee commitment. This approach “helps people find meaning in their work – and to commit themselves accordingly,” Oropeza says. “It is a situation from which companies and employees profit equally. Siemens has two goals for its cybersecurity teams: They should not only be diverse, but also make employees feel at home. This is good. But there is certainly much more to do.”
When it comes to diversity, the most-talked-about issue is gender diversity. By tradition, men dominate technical jobs. Around the world, women make up less than one-third of individuals with jobs related to the four STEM subjects (science, technology, engineering and mathematics). The level is even lower in cybersecurity, where the average total is just 20 percent. Global technology companies like Siemens are now working to systematically increase the number of women in these jobs.
As part of this effort, Siemens has teamed up with institutions of higher learning to methodically support women who are studying STEM subjects. Networks have also been created within the company itself to give women a voice and career opportunities like those enjoyed by men. Employees are also undergoing training that will help them recognize their unconscious biases. An implicit association test developed by Harvard University found that more than 70 percent of respondents associated men with careers and women with families.
During the recruiting process at Siemens, the company makes sure that job candidates speak with the widest range of interviewers. The results are encouraging: At Siemens, women make up nearly 30 percent of managers on the first and second levels in cybersecurity – even though men compose 74 percent of the company’s workforce.
by Hubertus Breuer