Two Considerations for Building a Security Program Grounded in Diversity and Inclusion

by | Jul 6, 2020 | Blog, Trust and Safety

Corporate security programs for major organizations deal with a variety of threats at a staggering global scale and there are playbooks to deal with many of these issues. Above all else, though, the most important task is building trust with the workforce according to recent remarks made by Uber’s Global Head of Security, Resilience and Partnerships Dan Williams.

Build a Culture of Diversity and Inclusion

With many threats originating online and on platforms the employer doesn’t control, it’s critical to develop a company culture that does not tolerate making threats in the first place. Ensuring this can ultimately dissuade an employee from making online or physical threats and make employees feel comfortable reporting incidents to security so they can be dealt with in a transparent and effective manner.

Building a culture of diversity and inclusion is a powerful tool for security because it allows a broader employee base to work with security to build that culture of intolerance of threats and thus make everyone comfortable with reporting incidents to security.

Working with employee resource groups to include a diverse population’s feelings on security issues holistically is oftentimes a best practice that should be rolled out to the entire organization.

Re-think Metrics

Security programs use many quantitative metrics centered around security events being actioned, whether it be determining a threat isn’t credible, referral to law enforcement, or administrative action such as termination. These metrics can often be nebulous due to lack of information and credibility of the threat.

A better approach may focus on actions a company has taken to progress the safety and security of everyone by helping to create a culture of intolerance of bullying, aggressive, or fear-inducing behavior.

As Williams indicated, “the art of threat management is not about metrics and data but about security improving the human experience by creating solutions that reduce a threat actor’s willingness to threaten someone or think to escalate to physical violence. If the employee has the trust of the security team, they can get back to their jobs faster; A security team that provides closure and gets an employee back is saving the company money.

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights℠ Retainer
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks