How to Bust Through Barriers for a More Diverse Cybersecurity Workforce

As cyberattacks increase in number and severity, organizations are eager to hire talented security professionals. However, a disconnect between hiring companies and talented individuals are leaving many of those job openings unfilled.

"We need more people in the fight," says Julian Waits, general manager of the cyber business unit and public sector at security software company Devo. COVID-19 has made the situation "exponentially worse," adds Waits, who is also board chair of the International Consortium of Minority Cybersecurity Professionals (ICMCP), whose mission is to increase the number of people of color and women in the information security industry.

The cybersecurity industry remains overwhelmingly white and male — and structural barriers still exist for black professionals interested in the field, Waits says. Some of those barriers include requiring a specific type of educational background, such as certain types of college degrees or professional certifications, and all of which require money. Black professionals may feel less comfortable entering an industry that's portrayed by the media and pop culture as an environment hostile to people of color, he says.

Cybersecurity can seem unattainable for Black professionals, Waits says. The industry can seem "almost mythical, magical," he says.

Creating a Home
This is where community organizations like Blacks in Cybersecurity (BIC) come in. These groups provide a home for Black cybersecurity professionals through training programs and conference events, offer scholarships for trainings, and connect individuals to virtual learning opportunities to develop their skills.

Once you look at the C-suite level of the industry, the numbers of Black cybersecurity professionals in leadership roles thin out, says Nico Smith, BIC red team operations director. Yet there are criticisms over BIC's "exclusivity," says BIC communications director Garrison Best.

BIC exists not to be a separate part of the cybersecurity community, but to highlight the talented people who want opportunity, he explains. It's also a safe space, a "big family" of encouragers in the Black community to gain the skills and confidence needed to navigate the industry.  BIC offers an opportunity to meet, mingle, and chat with Black cyber professionals and provides a platform to showcase their work, Best says.

"[These niche groups] aren’t necessarily exclusive, but they’re actually really inclusive in building the pathway to get us to the point where it’s no longer necessary," Smith adds.

There have been significant positive changes in the industry in recent months, especially when it comes to giving Black industry professionals a voice. In fact, this year BIC's Village received the highest award at this year's DEF CON, a Black Badge, for its Capture the Flag (CTF) competition. BIC was awarded for its CTF honoring 250 victims of police violence and social injustice in 2020, which was shown to everyone participating in the village.

BIC’s Smith said a Black DEF CON attendee approached him and said, "I was so proud because I hadn’t seen us shown in such a positive light at such a niche event."

Smith says BIC will keep pushing for visibility until he can see a lot more reflections of himself in the industry.

Creating Opportunities and Access
Despite the existing biases and barriers, true allyship is possible. People need to recognize that access to resources is not equitable and need to commit to changing those inequities. If they are willing to examine their own biases, that can go a long way toward drawing Black people into the cybersecurity industry.

Waits says white industry professionals need to enter spaces as mentors and spread awareness about ways the lack of diversity hurts the industry. Expanding the pool of people to hire from means finding more talented individuals. Hiring individuals with different backgrounds results in teams with different ideas and complementary skills, which makes for stronger and better teams.

"I think that right now everyone is primed for togetherness and for identifying talent no matter where you are," Smith says. "If we don’t have the talent that’s necessary to defend our borders, then we’re in for a world of hurt."

Following Different Paths 
From the individual's perspective, the key to being successful is focusing on education and training in an area you're most passionate about, according to Best. More importantly, remember that there's no template for success and there are different pathways to becoming a cybersecurity professional.

Waits says computer programming isn't a prerequisite to become a cybersecurity professional. Both Best and BIC founder Michaela Barnett say certifications can be useful. Barnett also notes a full degree isn't necessary to enter cybersecurity and qualify for an entry-level job.

"That translates to having that knowledge, solving that kind of disparity as far as job parity, which is definitely quite helpful and unique to us as a community," she said.

Best said organizations like BIC are helping the community grow and the environment change. Access to scholarships and virtual training is creating more opportunities for Black professionals to establish those credentials and have a voice in the industry. Smith notes a plethora of information and resources from legitimate sources exists.

The racial protests in 2020 emphasized that Black people are hurting and revealed disparity. 

"The hacker community has always been a group of people who have been innovators, people who seek to make changes, or who just are overall intelligent," Barnett says. "So of course we want to reach out and process that loss by saying we didn’t know we had this disparity before, so let’s work together to make something so that we can make your community better."