Commentary
Some people, Diverse Cybersecurity Workforce Act With a primary focus on improving diversity in a predominantly white, male workforce, that stance ignores the real security risks that exist due to the lack of different perspectives that women and minority communities bring. Lack of diversity creates a groupthink mentality, causing people to put aside personal beliefs or simply accept the opinion of the group, creating the illusion of invincibility. We need to solve challenges that have never existed before. To do so, we need not only all genders, but also all identities, ethnicities, races, cultures, ages, backgrounds and experiences. There is certainly diversity in our adversaries, and we need that in our cybersecurity teams, too.
Building a diverse skills pipeline
To ensure diversity in the cybersecurity workforce, Building a talent pipeline that mirrors the world around usThat pipeline must be created by leveraging underrepresented communities. Cybersecurity Workforce Diversity Act: Cybersecurity and Infrastructure Security Agency (CISA) How to create structures that support these efforts through intentional resources and programs designed to help individuals:
Explore Cybersecurity Careers
Elevate people with aptitude, grit and determination
Kickstart your career with real-world cyber skills
The next step is to create an inclusive space for cybersecurity training and provide services to advocate and advance impactful programming initiatives, including incentives, mentorship, and career placements for students and career changers. This legislation provides an opportunity to launch underrepresented individuals into lucrative, life-changing careers. It is also a tremendous opportunity to reduce current and future security risks and ensure the cyber workforce is more diverse across sectors.
Timeline and Funding
Last year, Gartner predicted: Nearly half of cybersecurity leaders want to change jobs By 2025, 25% of people will look for alternative jobs due to the stress of working in cyberspace. Meanwhile, ISC2 2023 Cybersecurity Talent Survey With the industry already suffering a record 4 million workforce shortage, adding new talent to the cybersecurity workforce has never been more urgent. CISA must create highly intentional programs that provide accessibility programs and opportunities to underserved communities. Incorporating mentorship, peer support, community engagement, check-in calls, career services, and “ask me anything” sessions, along with high-quality skills training, can elevate someone from zero cybersecurity skills to a career in less than a year and a half.
These efforts need to begin immediately, leveraging turnkey programming initiatives that have already proven to have a significant employment impact for employers and job seekers. A $20 million annual budget is enough to make an impact. Women in Cybersecurity (WiCyS) It has invested $1.8 million to enable 2,900 women to explore cybersecurity careers, with 181 women achieving multiple advanced SANS GIAC certifications. Its career placement services have positioned them to succeed in the workplace from day one of their new cyber-related jobs. WiCyS has supported women transitioning into a variety of roles, from teaching to pen testing, from physical therapists to cloud security, and more. WiCyS is focused on recruiting, retaining, and promoting women, and our experience shows that these efforts effectively increase diversity, equity, and inclusion in the workplace.
Retention Barriers
The legislation focuses on bringing diverse talent into cybersecurity, but what about retention? Any efforts by government agencies and organizations to hire diverse talent must address and overcome retention barriers.2023 Cybersecurity Inclusion Benchmark“Women experience significantly worse outcomes in the workplace than men,” found the report, conducted by WiCyS in collaboration with DEI firm Aleria.
Across all experience categories, women are excluded at twice the rate of men, citing their direct managers and coworkers as the causes of experiences that impede their job satisfaction and ability to do their best work. The second cause of exclusion for women is a lack of career growth and advancement, leading to them experiencing a glass ceiling just six to 10 years into their careers. 46% of women in the field have advanced degrees.Given these challenges, Accenture Report It showed that Half of young women in tech leave the field by age 35.
Retention is driven by inclusion
As diverse talent joins the cyber workforce, programs must be in place to create a more inclusive community, which means considering common ways underrepresented individuals are excluded and openly addressing issues such as:
The skills and experience of underrepresented groups are undervalued
Not properly recognizing individual contributions
Asking or expecting less fortunate people to do menial tasks that are not related to their role
Assume that minorities were hired, promoted, and included in projects solely to create a pretense of equality.
Generally rude and sexually inappropriate behavior
Social Exclusion
Lack of opportunities for career growth and advancement
To create an inclusive culture, organizations must ensure that diverse talent has communities and support structures within the organization designed to foster learning and career growth. Without a plan to create this inclusion and growth, organizations will lose out on diverse talent, leading to increased recruiting costs and a continued cyber talent gap. Simply put, inclusion is essential to building and maintaining a diverse workforce and addressing evolving cybersecurity risks.