Fighting Ageism in Cybersecurity

In recent years, some of the technology industry’s biggest players have ramped up their push for improved diversity among their employee base. However, the tech industry remains troubled by a number of structural obstacles and tends to lag behind when it comes to diversity and inclusion.

While many tech companies openly struggle with their lack of racial and gender diversity and regularly release workforce demographics in an attempt to appear transparent, these organizations often refuse to reveal the average age of their workforce and offer minimal internal support to older employees. The focus on sexism and gender discrimination has obscured one of the industry’s longest-held issues: ageism.

In many cultures, advanced age is often held in high regard and seen as a measure of knowledge or source of wisdom. But in the workplaces of many of America’s tech companies, advanced age is not considered a benefit. According to a report from the job-hiring website, Indeed, 46 percent of respondents said that the average employee age at their company was between 20 and 35, and 43 percent of respondents said they worried about losing their job because of their age.

Statistics illustrate that the median age at companies like Facebook (28) and Google (30) is significantly lower than the median age of the American labor force as a whole (42), according to the U.S. Bureau of Labor Statistics. In fact, the tech industry appears as so averse to age diversity that articles about lawsuits, age bias and declining salaries after a certain age have become entirely too common, and incidents seem to be occurring with greater frequency.

The perception that employees need to be young in order to have a solid understanding of the latest technologies may be a cliché at this point, but it’s become a widespread impression that many have difficulty overcoming. As a result, the tech sector has taken on a youthful culture in which employees in their mid-30s are already often seen as “over the hill.” In fact, a Guardian article recently chronicled the experiences of young tech workers seeking surgical remedies in order to avoid appearing old.

But who can blame them for wanting to cement their place in order to continue working in what oftentimes looks like one of the only sectors of the economy with a guaranteed future? Compounding the issue, the cybersecurity industry currently has about 350,000 open positions in the U.S., and is anticipating a predicted global shortfall of 3.5 million cybersecurity jobs by 2021. With so many positions available, why then is the industry seemingly so opposed to older workers?

Startup Culture

Part of the issue stems from the tech industry’s roots in startup culture. Startups often feature a workplace environment that values creative problem solving, but startup companies also tend to be skewed toward long hours and low pay. In this context, being older is seen as a liability as the assumption is those employees have outdated skills and due to their family commitments, won't work long, hard hours or accept an entry-level or low-paying position.

The startup culture appears so biased toward younger professionals, it has people asking, “is 30 too old to work in a startup?” Hiring and firing based on age is illegal, but the startup culture employed by countless companies in the cybersecurity space contributes to age discrimination across the industry. Unless you’re a professional athlete, being asked to accept that your career will end in your 30s or 40s sounds ludicrous, but it’s the reality faced by many “aging” employees in cybersecurity.

Millennial Perks

Millennials are the largest generation in the U.S. labor force and are close to constituting a majority of the tech workforce as well. As a result, companies are battling to attract young talent with increasingly extravagant perks. From ping-pong tables to cold brew on tap, taco Tuesdays, company-wide happy hours and team-building trips to Top Golf or similar outings, many cybersecurity companies look to foster energetic environments that can actually sometimes alienate or exclude older workers.

Take the experience of Dan Lyons into account. After being laid off by Newsweek, Lyons was hired by HubSpot. After 20 months filled with “incidents in which colleagues demonstrated they shared (the CEO’s) low regard for older workers,” Lyons left the company and penned a memoir about his experience as a 50-something guy trying to work in the world of startups. Suffice it to say, HubSpot’s culture ultimately alienated Lyons and excluded him from the work environment being cultivated.

While some of the perks that attract young people may also appeal to older employees, older people generally look for more materialistic perks. In addition, they tend to seek alignment with their passion and interests, so they can envision a long-term future with the company. Perks like flexible hours and a flatter management structure are universally appreciated.

In order to attract an older workforce, cybersecurity companies should consider implementing:

    • Advanced policies for eldercare support.
    • Financial planning education ahead of retirement.
    • Counseling on Medicare and supplemental insurance.
    • A formal employee resource group designation for those of a certain age (e.g., the Google Greyglers are Google employees 40 and older).
    • New roles for retirees (such as a company historian).

Benefits of Diversity

Embracing diversity isn’t just the right thing to do, it’s good business. From additional sales revenue to increased profit, diversity offers countless benefits.

A 2009 analysis from the American Sociological Association found that companies with greater racial or gender equality enjoyed more sales revenue, more customers and higher profits. A study in 2011 revealed that management teams with employees from a wider range of educational and work backgrounds created more innovative products. And a 2016 study showed that companies with more female executives were more profitable.

Beyond gender and ethnicity, some companies in the cybersecurity space actually appreciate the diversity of age, understanding that diversity tends to lead to better business outcomes and higher financial returns. In fact, research by David Galenson of the University of Chicago illustrates that approaches to problem-solving differ between generations, finding that older people tend to do better at solving complex, problematic issues due to the in-depth level of understanding acquired over the course of their careers.

Additional statistics from the Pew Research Center exhibit that there’s only modest differences in cybersecurity knowledge by age, illustrating that the long-held notion that technology advances so quickly that older people simply can’t keep up with the innovations is simply not true. Simply put, coding is coding, and there’s no reason why a 50-year-old engineer can’t learn a new programming language.

Another benefit of age diversity is skill diversity. In a world marked by rapid digitalization, the cybersecurity field not only needs people who speak the ‘tech’ language and who know how to secure their devices and systems, it also requires people who know how to talk to potential business partners, stakeholders and the general public about securing their devices and systems. Employees who can bridge the gap between the technical side of cybersecurity and the business side of a company are invaluable.

In fact, most jobs in cybersecurity companies don’t actually involve cybersecurity. The majority of jobs lie in marketing, sales and customer support. Every generation of employee brings something different to the table, and oftentimes, these skills complement each other.

Diversity of age provides multiple perspectives. A 60-year-old African-American woman with extensive expertise in marketing brings a different perspective than a 25-year-old white, male engineer fresh out of college does. Working on a diverse team with people between 20 and 70 years old ensures various perspectives and multiple ways of approaching situations.

Diversity of experience and thought is critical for any organization or industry to thrive. In fact, companies who appeal to a wider (more diverse) audience often understand that their workforce should reflect their target customer base and work to be more diverse and inclusive during the hiring process. And with cybersecurity seeming to take on increased importance for everyone, of every age, every day, it’s never been more important for cybersecurity companies to champion diversity, whether of age, gender or ethnicity.

How can the Cybersecurity Cater to Older Employees?

In order for the cybersecurity industry to attract employees of all ages, companies should consider incorporating age-inclusive language and practices into existing diversity and inclusion initiatives. Hiring professionals should remove terms like “recent graduate” and “digital native” from job postings to help encourage older professionals to apply for these positions.

In addition, cybersecurity firms ought to examine identifying and implementing culture initiatives and benefits that cater to not only Millennials but other generations. As previously mentioned, there are numerous policies, initiatives and additional ways for companies to support and attract an aging workforce. From eldercare support to kombucha on tap, company-wide happy hours and retirement planning education, cybersecurity companies should ensure their benefits and perks are inclusive of and attractive to the best and brightest of all ages.

Talent is talent, regardless of age, and society requires much more talent in the critical field of cybersecurity to ensure we are all protected from hackers and bad actors seeking to do damage. Consequently, we need to figure out how to spread the word about the opportunities the field presents for people across a huge range of skills and backgrounds.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

Dive deeper into this topic