Every year, industry reports tell the same story: women make up only a quarter of the global cybersecurity workforce, and that figure is likely far lower in South Africa.
By Julie Noizeux Inder, cybersecurity specialist at Fortinet
The costs of this under-representation, whether by gender or ethnicity, are well-documented, but there is a less obvious penalty for the lack of diverse talent: a shortage of different ways of thinking.
The skills gap in cybersecurity is widely discussed, but the perspective gap is just as critical. Cybercriminals operate across time zones, borders, and cultures with unnerving success. Professional diversity is a powerful counter to this, as it, in turn, introduces cognitive diversity – the intellectual and strategic edge that modern security teams desperately need. Different professional experiences, thinking styles, and problem-solving methods add up to better threat detection, stronger responses, and fewer security blind spots.
These cognitive blind spots – the gaps, biases, and assumptions we are all prone to – are hotbeds for vulnerability. A homogeneous team is far more likely to reach the same conclusion about a network anomaly, overlook how a security policy might be abused, or fail to model less obvious but highly damaging threats. A diverse team, however, is better equipped to challenge conventional wisdom and approach problems with greater nuance.
In my personal experience, diversity brings powerful energy into organisations. I’ve had the privilege of working with teams that span gender, age, culture, ethnicity, and sexual orientation, and it’s within these vibrant mixes that the most thought-provoking discussions and constructive disruptions materialise. Nothing excites me more than when a team member introduces a fresh perspective or an innovative idea that elevates our strategies and drives the business forward.
Security resilience depends on the ability to outthink adversaries. When a team better reflects society, it has a greater chance of bringing the fresh thinking needed for a stronger security posture.
Blind spots can manifest as breaches anywhere. Security tools designed by a narrow demographic may not account for the different ways people interact with systems, leading to overlooked risks. Threat modelling conducted by teams with limited perspectives might fail to anticipate attacks that exploit social context, such as deepfake scams or culturally targeted social engineering. During incident response, diverse teams can brainstorm a wider range of possible actions – a critical capability when time is short and the stakes are high.
Improving diversity within security teams is not just a matter of principle; the business case for action is even clearer. Research consistently proves that organisations with greater diversity outperform their peers in innovation and decision-making and even report better financial returns, placing them in a stronger position to face cyber threats.
From intent to impact
However, a simple mandate for more diversity is not a strategy. Real change comes from practical steps in hiring and retention. Job descriptions can be made more inclusive by focusing on core skills instead of a rigid number of years of experience. Blind CV reviews and representative interview panels using standardised questions can also help create a more level playing field for all candidates.
Of course, lasting change requires long-term investment. This diversity challenge in cybersecurity is tied directly to the broader skills gap. We will only be able to address the skills shortage in our workforce, if we first create the right conditions to tap into a broader, more diverse talent pool. It’s not just a moral obligation, it’s a necessity to close the gap.
As Fortinet’s recently published 2025 Cybersecurity Skills Gap Report shows, 67% of organisations agree that the shortage of skilled professionals poses a serious risk. The report also found that the biggest challenge to retention is a failure to offer enough training and upskilling opportunities.
Even with advances in AI, skilled people are the bedrock of cybersecurity. Supporting career development through structured certifications and accessible training is essential for building a more capable and diverse workforce. When people can grow their skills and see a future in the industry, they are far more likely to stay, thrive, and inspire others to do the same.
Better teams, better protection
Cybercriminals are not a monolith. They collaborate widely and constantly evolve their tactics, and our defence strategies must match that agility. By actively building teams that reflect a wider range of experiences, we are not only addressing a talent shortage but hardening our defences against an unpredictable threat landscape through heightened and improved collaboration.