Op-Eds

Making Space for Diversity in Cybersecurity

Feb 25, 2022

issues: Cyber Workforce, Cybersecurity Policy

originally published in Ms. Magazine

As we wrap up Black History Month and head into Women’s History Month, it’s important to highlight the diversity, equity and inclusion challenges still facing the cyber workforce. As our companies, hospitals and schools continue to face the brunt of large-scale ransomware attacks, the United States still does not have the people to defend against these threats. The Making Space Initiative at the R Street Institute aims to expand the cybersecurity field by addressing the diversity problem in the workforce head-on—because for us, diversity is security.

A lack of diversity of people—women, Black cybersecurity professionals, Hispanic professionals and the neurodiverse—makes organizations weaker to vulnerabilities. This is especially dangerous as a homogenous workforce is also more susceptible to groupthink. The Massachusetts Institute of Technology (MIT) found that this environment doesn’t just increase the likelihood of more mistakes—it also means people are more likely to copy poor decisions within a team. In short, without concrete plans, incentives and programs to change who we hire and how we adapt to problems or find solutions, we are setting ourselves up to fail.

In an effort to combat this problem, we’ve partnered with dozens of organizations and individuals to begin fixing the cybersecurity workforce diversity crisis.

First, by raising awareness.
Second, by building relationships and bringing a broad range of thinkers and experts into the space, and promoting them and their work.
Third, by finding new avenues in public-private partnerships and public policy to create sustainable change.

When It Comes to Workforce Diversity, What Are the Biggest Challenges?

The main challenge to implementing true workforce diversity is that too many people continue to think this isn’t an issue. They are blind to the reality we now face.

As we were reaching out to find partners for the Making Space pledge, as an example, we encountered a number of organizations who swore that they already had diverse and inclusive panels, but signing a pledge to that effect wouldn’t make sense for their organization. We had others say that the fear of one panel for which they couldn’t find a woman or person of color meant they couldn’t pledge to the broader goal. This attitude is the epitome of letting the perfect be the enemy of the good. These organizations, and many others, find themselves unwilling to publicly project values we should strive to achieve.

Structurally, the lack of diversity starts early. Young women have minimal exposure to opportunities in the cybersecurity field and limited female mentors to learn from, which may contribute to gender imbalance in the field. Pay inequities also continue to persist in the field, and the workforce at large, according to the Bureau of Labor Statistics. The longer we ignore the problem, the longer the field remains homogenous and open to the exact issues the MIT researchers found—increasing mistakes and enabling groupthink. In cybersecurity, this means more vulnerable networks and a porous defense.

As the concept of diversity has gained more traction in the media and in discussions on corporate responsibility, we have witnessed a growth in the number of voices with opinions on the matter. Yet, as the United States has pushed for more diverse representation, we have witnessed—first-hand, across careers, spanning decades, in the public and private sectors—the amount of time it takes for diverse perspectives to not only have a seat at the table, but to also rise to the ranks of those who are given the space to speak. For example, there was a time when one of us was one of only a few women in a team of 50 in the U.S. Navy office she worked in. She felt the pressure to represent all women’s opinions in every speech, the weight of raising a hand or representing a new or unpopular opinion.

Over and over, we’ve seen leaders struggle to create opportunities for diverse candidates, even when they have a desire to do the right thing. That’s why, as the second step in the Making Space Initiative, we launched the CyberBase—a platform where Black cybersecurity professionals can network and be seen. Its purpose is to connect more diverse professionals with organizations looking for experts, to break down silos and highlight existing talent long-held in separate networks apart from the traditional halls of power. Talking about it is different than fixing it, so here we are offering some concrete solutions.

How We Begin Fixing the Lack of Diversity in Cybersecurity

We are facing a crisis, but we know how to begin fixing it. We have the tools. Our policy needs to build inclusivity from the start—and that’s why it’s incredibly important to focus our efforts on building the pipeline, expanding K-12 education, and funding recruitment and retention. We need to start early, make education on coding and technology accessible at all schools from an early age, and show through our actions, that careers in cyber are accessible to all.

Existing efforts and groups often only have scholarships or training enough for 10 to 50 people each, yet the workforce gap as of today, is about 600,000 people wide. Even the largest program, CyberCorps: Scholarship for Service, has graduated less than 4,000 cybersecurity experts in the last 22 years. We need to supercharge these programs, create more programs, and add Centers for Academic Excellence to build the pipeline and recruit more diverse candidates into cybersecurity.

The Making Space Initiative and the CyberBase are both small, tangible pieces of that effort. The more young girls—especially young girls of color—see people like them discussing cybersecurity on panels, on television and in the news, the more likely they will be to think about a cybersecurity career in the first place.

We recognize that solving the problem around the lack of diversity in cybersecurity needs to be a collective effort. That is why the Making Space initiative aims to raise awareness around the existing representation of women and people of color on panels and at events. To date, we have over 85 coalition partners, but we want to get to a world where all organizations do this routinely without having to be asked.

If you want to be part of this continued effort, this women’s history month, look around you: nominate a black expert for CyberBase. Or you can simply spread the word and tell someone about the initiative and encourage them to get involved and share it with their network. Together, we can make an impact and create a more diverse cyber ecosystem.