In last week’s Cybersecurity Brief, we covered some of the latest stories and studies surrounding the talent shortage that continues to plague the cybersecurity industry. As we mentioned at the end of that post, we would be amiss if we did not also mention the need for greater diversity and equity within the field. So, in part two of this examination, we focus on how expanding representation in cybersecurity is one of the key answers to solving this problem.
We know that cybersecurity threats are not going away. In fact, in many ways they are intensifying across sectors. But as these risks diversify, cybersecurity teams are not always able to keep up. While there are other reasons contributing to this, a major factor is that the teams are not diversifying with the threat landscape. We face significant stagnation in who is included in cybersecurity efforts and who is too often left out because of lack of opportunity. In a recent blog post, Microsoft noted that “By 2025, there will be 3.5 million cybersecurity jobs open globally.” Therefore, the initiatives necessary to fulfill this demand need to be expanded. That is why, in the same post, Microsoft announced that it was adding twenty-three more countries to its cybersecurity skills campaign. But the campaign is not just focused on location. It also aims to reach communities that have been historically excluded from the field. Among the countries now involved in the campaign, including Australia, Belgium, Brazil, Canada, Colombia, Denmark, France, Germany, India, Ireland, Israel, Italy, Japan, Korea, Mexico, New Zealand, Norway, Poland, Romania, South Africa, Sweden, Switzerland, and the United Kingdom, only about 17% of the cybersecurity workforce are women. To help correct this gap, Microsoft shared that it was partnering with organizations like Women in Cybersecurity to grow their student chapters in these countries to offer more girls and women throughout the world the chance to learn more about a career in cybersecurity.
The underrepresentation is obviously a challenge that we face in the United States as well. At an event in March, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, addressed this. Concerned by the statistic that women currently make up under one quarter of those working in cybersecurity, she stated that “We need to get to 50% of cybersecurity by the year 2030,” according to a previous report from CBS News and shared by WTOP. There is clearly work to do, even within the CISA. As of this point, Easterly said that the CISA is at 36.4% women. She also shared that she hopes other agencies will join in working toward the goal that she set, including organizations like the FBI, NSA, and U.S. Secret Service.
In the drive to fix the gender inequality that exists in cybersecurity, we also must concentrate on uplifting other demographics that are sorely missing from the industry’s workforce. As reported by CBS News and WTOP, the Aspen Institute has summarized that “Hispanic, African American, Asian, and American Indian/Native Alaskan workers made up just 4%, 9%, 8% and 1% respectively of the cyber security workforce.” This is an issue that impacts not just cybersecurity, but the tech field at large. A Forbes article pointed out that the U.S. Bureau of Labor Statistics estimates that there will be 667,000 more tech jobs to fill by 2030. To meet that demand, it will be essential to tap into the talent that has been overlooked before. A large group that the author of the Forbes piece suggests turning to is the 250,000 women of color across the U.S. with transferrable skills to the tech industry. While not all have experience directly tied to cybersecurity and tech, they have the foundational abilities from positions like customer service representatives and record specialists that can cross into what is expected in tech and cybersecurity roles. It just takes some opening around the recruitment possibilities and requirements to enter these fields and a willingness to invest in training and employee development.
“Closing the cybersecurity skills gap – Microsoft expands efforts to 23 countries” – Kate Behncken, Microsoft Blog
- In a recent blog post, Microsoft noted that “By 2025, there will be 3.5 million cybersecurity jobs open globally.”
- Therefore, Microsoft announced that it was adding twenty-three more countries to its cybersecurity skills campaign, with an emphasis on creating more diversity within the field.
- Only about 17% of the cybersecurity workforce within the countries that the campaign expanded to are women.
“Women make up just 24% of the cyber workforce: CISA wants to fix that” – CBS News, WTOP
- While addressing the lack of women in the cybersecurity workforce at an event in March, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, stated that “We need to get to 50% of cybersecurity by the year 2030.”
- This extends to organizations like the CISA. Easterly shared that the agency is currently only at 36.4% women.
- Along with fixing gender inequality, the cybersecurity industry also needs to focus on lack of representation in other areas. The Aspen Institute has summarized that “Hispanic, African American, Asian, and American Indian/Native Alaskan workers made up just 4%, 9%, 8% and 1% respectively of the cyber security workforce.”
“Prioritize Skilled Women of Color to Win the Competition for Tech Talent” – Bertina Ceccarelli, Forbes
- The U.S. Bureau of Labor Statistics estimates that there will be 667,000 more tech jobs to fill by 2030.
- To meet that demand, it will be essential to tap into the talent that has been overlooked before.
- A large group that recruiters can turn to is the 250,000 women of color across the U.S. with transferrable skills to the tech industry.