The United States faces threats not only from cybercriminals and nation-state actors but also from a severe shortage of cybersecurity professionals within its borders. The cyber-workforce shortage is exacerbated by the lack of diversity in the field — an issue that many in the industry know needs to be prioritized.
Women constitute only 14% of the cybersecurity workforce, while African American and Hispanic employees make up only 6% and 7%, respectively, of the STEM workforce, according to the International Consortium of Minority Cybersecurity Professionals (ICMCP). Meanwhile, there are currently over 464,000 open cybersecurity positions nationwide, according to CyberSeek.
Cultivating a diverse cybersecurity workforce requires a multipronged approach and increased commitment by industry. Here are four key steps organizations can take to increase diversity within the field and grow the cybersecurity talent pipeline.
Invest in Education
The first step to fill open roles while increasing diversity is making sure candidates in emerging fields have access to education pathways. There must be an investment from the industry to educate the next generation of cybersecurity professions from underrepresented communities, ensuring they are equipped with the knowledge and expertise to hit the ground running in their cyber careers. Solving the complex cybersecurity challenges of today and preparing for those of tomorrow requires different perspectives to generate new approaches and creative solutions — something the industry today unfortunately lacks. Investment to create diverse companies also means these same companies are more likely to outperform less-diverse peers on profitability, according to a McKinsey & Company report, making increased diversity not only the right move but a smart business decision.
The C-suite must hold itself accountable to driving equity within the organization by making a public commitment to act on diversity. Developing a well-resourced and funded diversity and inclusion (D&I) task force and making D&I work a central part of an organization's mission, rather than an extracurricular job, is a great first step.
Organizations should also strive to create internal and external goals to increase representation of individuals from underrepresented communities. Taking this step and publicizing the pledge can empower other organizations to do the same. Intel is an example of a company that has made a public commitment to advancing diversity and inclusion through a yearly D&I report. This provides a benchmark from which the company can celebrate progress, confront setbacks, and come up with solutions to include employees with different backgrounds. More companies could follow this example.
Address the Leaky Talent Pipeline through Partnerships
Companies across industries can address diversity and inclusion by partnering with nonprofits that help educate the next generation of cybersecurity professionals in underrepresented communities, including young women, veterans, and minorities. Doing so will help grow the cybersecurity talent pipeline. Programs like Women in Cybersecurity (WiCyS) and Cyberstart America (CSA) have been incredibly successful at helping introduce individuals from different backgrounds to the potential of cybersecurity careers and coaching them through each stage of their career development. These groups have the influence and the resources to properly equip the cybersecurity professionals of tomorrow. If cybersecurity companies are too stretched to address D&I and training issues in-house, funding a nonprofit with common goals can be a good way to both help with a national problem and build its own pipeline.
Build a Culture of Mentorship
Companies can also encourage cybersecurity professionals to seek out mentorship opportunities to help grow the next generation of cyber talent. Having diverse, positive role models in the field is critical to bringing in those from underrepresented backgrounds, as mentors offer invaluable aid to overcoming barriers, finding entry-level roles, and pursuing educational opportunities. Mentorships can be structured or unstructured, and they should exist at all levels of an organization. According to McCarthy Mentoring, 89% of those who have been mentored will also go on to mentor others. When mentees grow beyond their mentorships, they should be encouraged to give back and become mentors themselves. Working with a mentor also helps shape conversations around what new and emerging fields "look" like and help redefine what it means to be cybersecurity professional — for both the mentee and the mentor.
Increasing diversity to grow the cybersecurity talent pipeline will not happen overnight, but it must happen soon. Addressing the talent shortage requires outreach to underrepresented communities to introduce them to the many aspects of and roles in cybersecurity. Every organization can do its part by prioritizing education, creating C-suite directives to measure and promote diversity, partnering with nonprofits, and advancing a culture of mentorship. Having full representation in the cybersecurity field is fundamental to fostering the creative and collaborative environment needed to solve the challenges of tomorrow. Together, we can make the industry more diverse and close the workforce gap, but we must act now.