For many years, organizations have focused a lot on diversity, equity, and inclusion (DEI) programs and policies, seeing those efforts as the right thing to do as well as a smart business strategy. This is especially true in cybersecurity, where dealing with complex threats requires creative and diverse solutions.
But as the Trump administration rolls back federal DEI programs and political views shift, some sectors are cutting back on DEI support. This has left many organizations — and their cybersecurity leaders — wondering how to maintain DEI efforts or whether they should at all while balancing compliance and building diverse, effective security teams.
Conversations with CISOs and other cybersecurity experts show that DEI is still considered important, but companies are approaching it in different ways.
How DEI and cybersecurity can be complementary
Cybersecurity depends on spotting threats early, noticing unusual activity, and reacting quickly. Old security methods aren’t enough anymore, especially since attackers come from different backgrounds, have various goals, and use diverse tactics.
As Matthew Sharp, CISO at Xactly Corp, puts it, cybersecurity is inherently complex, and a diverse team brings a wealth of perspectives that drives innovative problem-solving.
“Our team’s varied backgrounds have significantly improved our ability to both prevent and respond to threats,” he says. “Different viewpoints help us recognize patterns that others might overlook — for example, social engineering tactics designed to exploit specific cultural or behavioral norms.”
If organizations don’t prioritize DEI in their cybersecurity hiring, they could miss important threats, Sharp says. Teams that all think alike are more likely to have blind spots and may not recognize new cyberattacks that take advantage of cultural or behavioral differences. In a fast-changing threat environment, this lack of perspective can slow down responses and weaken security.
“If DEI and balanced team structures are deprioritized, organizations risk groupthink, operational silos, and diminished resilience,” he says. “A diverse, well-balanced team isn’t just about representation — it’s essential for driving sustainable, adaptive cybersecurity strategies.”
Staffing diversity can help avoid homogenous thinking
Similarly, Sam McMahon, senior manager of IT and security at Valimail, underscores the necessity of representing different backgrounds and mindsets.
“In my experience, even small security teams benefit greatly from the variety of perspectives that come with different backgrounds and skill sets,” he says. “We know that the majority of incidents have a human element. Having a diverse team means that we have a variety of experiences and backgrounds that avoids homogenous thinking.”
McMahon believes inclusion is both the right thing to do and a smart strategy because when people feel valued, they are more likely to share their ideas and speak up, which leads to better security and problem-solving.
That bottom-line benefit is part of what also inspires Gutierrez, chief science officer at talent acquisition and management platform SHL, to champion DEI.
Gutierrez argues that a diverse security team is better equipped to identify vulnerabilities, think like attackers, and innovate faster than a homogenous one.
“A common misconception about DEI is that it conflicts with meritocracy, as if prioritizing DEI undermines excellence,” she says. “In reality, DEI enables meritocracy by ensuring that talent is recognized and rewarded based on ability, free from bias or systemic barriers. This is especially critical in cybersecurity, where diverse perspectives are essential to defending against an ever-evolving threat landscape.”
For Paolo Gaudiano, co-founder of Aleria, a tech company focused on measuring inclusion, the link between DEI and cybersecurity is crystal clear.
“Recently we collaborated with Women in CyberSecurity to determine whether and how inclusion may also influence the risk of cybersecurity incidents,” he says. “The idea is based on the fact that a vast majority of cybersecurity incidents result from human error, which in some cases includes malicious intent. It seems reasonable that employees who are less satisfied are more likely to make mistakes — or to act out against their employers.”
Gaudiano says the research shows a lower level of inclusion increases phishing attacks, internal security lapses, and even malicious insider threats.
Shifting sands: the political climate and federal support
Despite these advantages, the broader political landscape has grown more complicated. Under the Trump administration, discussions around DEI have become more intense and divided.
Some people and groups are pushing harder for DEI efforts, believing they’re important for making workplaces and institutions fairer. Others, however, are pushing back against DEI efforts, calling them too “politically correct” or saying they forced certain viewpoints on society.
As a result, the conversation around DEI has become more polarized, making it harder for policymakers, businesses, and institutions to work together on ways to improve inclusion.
“Political climates may shift, but our approach to assembling world-class cybersecurity talent remains steady,” Sharp says. “We’ll continue to focus on hiring the best talent and creating an environment where every team member can excel. Our philosophy is simple: diverse teams build better defenses, and our cybersecurity mission depends on a wide range of perspectives to anticipate, identify, and mitigate evolving threats.”
Attracting and retaining diverse cybersecurity talent in today’s polarized climate requires a commitment to DEI principles and his company’s business objectives, Sharp says.
“We emphasize that diversity isn’t just a value statement — it’s a strategic advantage in combating dynamic cyber threats,” he says. “A range of perspectives helps us anticipate attacker tactics, design resilient systems, and respond effectively when incidents occur.”
A diverse team provides a competitive advantage by offering a broader range of perspectives, which is critical in the ever-evolving cybersecurity landscape, according to Sharp.
Diversity can be an asset in keeping on top of the threat landscape
“In the end, a diverse, engaged cybersecurity team isn’t just the right thing to build — it’s critical to staying ahead in a rapidly evolving threat landscape,” he says. “To fellow CISOs, I’d say: Stay the course. The adversary landscape is global, and so our perspective should be as well. A commitment to DEI enhances resilience, fosters innovation, and ultimately strengthens our defenses against threats that know no boundaries.”
Nate Lee, founder and CISO at Cloudsec.ai, says that even if DEI isn’t a specific competitive advantage — although he thinks diversity in many shapes is — it’s the right thing to do, and “weaponizing it the way the administration has is shameful.”
“People want to work where they’re valued as individuals, not where diversity is reduced to checking boxes, but where leadership genuinely cares about fostering an inclusive environment,” he says. “The current narrative tries to paint efforts to boost people up as misguided and harmful, which to me is a very disingenuous argument.”
Navigating policy shifts and industry response
McMahon acknowledges the potential impact on federal customers who may align with new policies but insists that his company’s internal approach at Valimail remains unchanged.
“While Valimail doesn’t rely directly on federal funding, we do have a FedRAMP-authorized product, Valigov, and are seeing the impact on our federal customers,” he says. “That won’t change Valimail’s people and security strategy. Maintaining an equitable, inclusive, and people-first approach is a powerful tool in building a resilient culture.”
Security is a team sport in any organization, and it’s also a global effort — breaches at one company ripple across the world and have impacts on millions of people’s personal data, McMahon says.
“Federal pressure to change tactics and not build a security workforce with a diversity of experiences changes the trust model in a connected world,” he says. “We rely on vendors to have similar security postures to our own to effectively partner and securely deliver products to our customers. A large part of that chain of trust is the human factor, so if some organizations choose to reverse direction, they are limiting their compatibility with the global market and weakening their security postures in the process.”
Matthew Rosenquist, virtual CISO at Mercury Risk, is similarly not discouraged by changes in government support, saying his message about the importance of DEI in cybersecurity hasn’t changed.
Even without official mandates, Rosenquist maintains that building a more diverse workforce is a clear strategy. “If you lack any degree of creativity on your own side, you will not be very effective in understanding your adversary,” he says.
Cyber’s adversaries benefit from diverse thinking
Rosenquist points out that women in cybersecurity have risen from a meager representation (around 11%) a decade ago to a healthier — though still limited — 20% or so today.
“Am I an advocate for diversity and inclusion? Heck, yes. have been for close to 30 years,” he says. “You will not find a stronger advocate. But I’m also a realist as well. And I’m not going to fan fears until we actually have evidence to support that. So, I think there will be some negative impacts. There may be some positive impacts. I’m not smart enough to know, to look in the crystal ball. And I would hate to fan fears if it’s not realistic.”
His message to other CISOs: “Diverse workforces make you stronger and you are a fool if you [don’t] establish a diverse workforce in cybersecurity. You are at a distinct disadvantage to your adversaries who do benefit from diverse thinking, creativity, and motivations.”
Monica Landen, CISO at Diligent, says she has never relied on external influences or federal support to prioritize DEI with her cybersecurity teams.
“I have always believed having diverse perspectives is critical to avoiding groupthink,” she says. “In cybersecurity, it’s crucial for people from a wide variety of backgrounds (careers, gender, underrepresented groups, education, etc.) to be represented as their unique perspectives bring fresh ideas, challenge assumptions, and help solve hard problems. Establishing a diverse team has always been an important commitment and will continue to be regardless of shifts in federal support.”