Trellix Chief HR Officer: ‘There’s No Magic Bullet’ for DE&I

The Trellix team. Source: Michael Alicea, Trellix. The Trellix team. Source: Michael Alicea, Trellix. There is no shortage of discussion around the lack of diversity in the cybersecurity sector. One of the more vocal companies, Trellix, put a stake in the ground at RSA Conference 2022 when their CEO Bryan Palma said cybersecurity has too many “straight white men.” Now, Trellix is looking to get on the forefront of mending the diversity, equity, and inclusion (DE&I) problem. But in order for that to happen, businesses need buy-in from across the organization all the way up to the C-suite, according to the company’s Chief Human Resources Officer Michael Alicea. “The thing about DE&I is that there’s no magic bullet. There’s no one way to do it,” Alicea told SDxCentral. “[I]t starts with a whole bunch of steps, and the first thing is that the CEO’s got to buy into it.”  At RSA, Palma explained educational points-of-access were essential to develop a more diverse talent pool, capable of solving cybersecurity’s greatest threats. Alicea echoed those points. “I see the same freakin’ people getting promoted from one job to another job in the same set of companies – Zscaler takes from us, CrowdStrike takes from us, we take from CrowdStrike, we take from Cisco – and it’s just the same people. We’re actually not delivering new ideas,” he said. “That’s the other thing we’re missing,” he continued. “You need fresh ideas. These things are not going to come from the same people who have been doing the same thing for 20 years.” This is where intersectionality presents a possible solution. “A lot of people don’t understand what [intersectionality] means… I identify as Puerto Rican; I also identify as a father with a daughter in the STEM field,” Alicea said. “You can be multiple things.” These multifaceted perspectives are what the industry needs and currently lacks.   Trellix plans to monitor the increase of diversity from interns to executives. All executive leadership teams report diversity stats to Palma, which are measured for continuous growth with direct bearing to their compensation, according to Alicea. “We’re not mandating that you have to have X amount or number. Fifty percent — that’s what we’re shooting for,” Alicea said. “But in certain areas, you’re starting with a population that maybe only is 20% diverse. I don’t expect them to get that 50% over one year, but what I want to see is that they have growth.” The center of the issue is underrepresented minorities having the space and advocacy to communicate, according to Alicea. “How do you have a conversation when everyone else is a male and they’re all engineers? How do you speak up in a way that allows you to be heard in a constructive, positive way?” “I’m Puerto Rican. And so you know… just because you’re a person of color doesn’t mean that you are instantly a DE&I expert,” Alicea said, “but it allows me some insight into what it’s like to be in corporate America being the only one in a room.” At RSA Conference, Microsoft Security Corporate VP Vasu Jakkal cited that just 24% of the global cybersecurity workforce are women, and only 20% of that workforce are people of color. “One of the biggest skills that people are looking for or… want to get trained on is communication,” Alicea explained. “It’s tough, you know, how do you bring your authentic self to the table?” Part of Trellix’s response to diverse candidate career-development came through their partnership with Gotara in March, a career-growth platform for women in STEM.  While the partnership is in its infancy and hasn’t produced any major statistics yet, the initial data suggests “they’re accelerating and it’s stickier… organizational retention is better,” according to Alicea.  “We’ve hired over 100 interns so far this year. We’ll probably hire another 50 to 100 by the end of the year,” Alicea added, “I’m happy to say that over 40% of those are diverse.” Alicea shared insight into an additional upcoming apprenticeship program partnering with Northeast schools that will soon be announced. The three-month program is a rotation through the business with a guaranteed hire at the end. Alicea expects the new hires to be between 35% and 70% diverse.  Trellix also announced its partnership with the Hispanic Alliance for Career Enhancement (HACE), where Alicea explained their curriculum develops necessary hard and soft career skills and an ending certificate. “[W]e’re gonna hire all those candidates in,” he said. He is looking at the larger scope of cybersecurity with their educational involvement. “There’s an opportunity here for us to create and establish a curriculum that’s broader than just our company,” he said. While he hopes candidates want to work at Trellix, he acknowledged, “now they’ve got a certificate in cybersecurity that allows them to go really anywhere.”