Bringing diversity to the cybersecurity workforce

It’s no secret that the field of IT lacks diversity. In TechTarget’s article, McAfee CISO explains why diversity in cybersecurity matters, editor Peter Loshin notes that, “Improving the state of diversity in cybersecurity shouldn’t be seen as a burden, but rather embraced as an opportunity to improve the state of the industry by expanding the experiences and points of view of the people doing the work.”

At the recent RSA Conference 2018, McAfee CISO Grant Bourzikas spoke about why it is important to build diversity among cybersecurity teams as well as into the recruitment process. Rather than focus on simply adding women and people of color to the IT employment pool, it’s about bringing diverse opinions and perspectives into the discussion. According to Bourzikas, there are many advantages of having more diversity in cybersecurity.

“Having a diverse team ends up in a better collaborative, working together, challenging kind of current state. One of the things I’ve seen in my background, whether it’s critical infrastructure, banking or gaming, is sometimes culture can be a problem, so diversity can challenge this by challenging the culture on the way we’ve done things and doing them differently.”

Bourzikas also explains the difficultly involved in creating a diverse workforce of senior leaders when most management positions require at least 10 years of experience. Since it’s often hard for women and people of color to break into these fields, finding someone with more than 10 years of experience is challenging. He also discusses the importance of hiring interns with diverse backgrounds as well as developing programs that reach young adults as a way to show them a career path in cybersecurity.

For example, in Oregon, NW Cyber Camp, is a week-long camp for high school students to learn how to defend computers against cyberattacks, breaches, and malware. Programs such as this are helping to motivate and encourage youth to pursue cybersecurity fields and are helping with the pipeline problem to increase the field’s diversity. One of the NW Cyber Camps, held July 16-20, 2018, featured an all-girls camp that was taught by women.

Creating a diverse cybersecurity workforce 2.0
The key to changing and improving the IT workforce is fostering talent to create a more diverse IT workforce. But this goes beyond simply changing the demographics about personnel. It’s about bringing a variety of opinions and perspectives to the IT world. Fortunately, some governments and companies are taking steps to change the dynamics of the IT community.

According to Computer Business Review’s Diversity in Security: A Collaborative Effort, the British government has taken active measures to identify teens who might have an aptitude for careers in cybersecurity. “For example, last year the government announced that schoolchildren in the UK will be offered lessons in cybersecurity in a bid to find the future leaders that will overcome the skills shortage currently undermining our confidence in the UK’s cyber defenses.”

Similarly, in U.S. News & World Report’s Female Network Will Deter Cybersecurity Threats, discussion focuses on how to improve the low numbers when it comes to IT training. “Globally, only 26 percent of women have met or known someone studying cybersecurity at the high school, university or even graduate level, according to a Raytheon study. By comparison, 46 percent of men surveyed have known someone studying in that field.”

Other issues that contribute to the lack of women in IT include few senior level female mentors, as well as the fact that women have traditionally followed other career paths. In addition, the image of cybersecurity, IT, and hacking has usually been viewed as male dominated. As noted in the U.S. News article, “As an example, cybersecurity is associated with images of an isolated male hacker wearing a hoodie. In reality, it’s an industry that requires ongoing communication and team-based problem-solving, which I discovered in practice.”