You’ve read about it, know it well, and can probably instantaneously identify one of today’s top cyber crises: the cybersecurity skills gap. It’s putting enterprises, governments and academic institutions at greater risk than ever because we don’t have enough professionals to mitigate, defend, and analyze incoming attacks and vulnerabilities. According to recent estimates, we are looking at the possibility of having as many as 3.5 million unfilled cybersecurity positions by 2021. The widening career gap is due in part to the lack of diversity in the industry.
- Women only make up 14% of the U.S. cybersecurity workforce.
- A Frost & Sullivan report found that 26% of the cybersecurity workforce are minorities.
- According to Data USA, almost three-fourths of information security analysts are white.
And we’re not just talking about racial and ethnic diversity, we’re also talking about diversity of perspective, experience and skill sets. A recent CSIS survey of IT decisionmakers across eight countries found that 82% of employees reported a shortage of cybersecurity skills and 71% of IT decisionmakers believe this talent gap causes direct damage to their organizations. It’s not just the technical skills like computer coding and threat detection that are needed, employers often find today’s cyber graduates are lacking essential soft skills too, like communication, problem-solving, and teamwork capabilities.
An ISC2 study notes, organizations are unable to equip their existing cyber staff with the education and authority needed to develop and enhance their skill sets—leaving us even more deprived of the diversity we desperately need in the cybersecurity sector. The more unique thinking, problem-solving and community representation we have in the cybersecurity space, the better we can tackle the malicious hacker mindset from multiple angles in efforts to get ahead of threats. Forbes assents, “Combining diverse skills, perspectives and situations is necessary to meet effectively the multi-faceted, dynamic challenges of security.”
In an interview with Security Boulevard, Circadence’s Vice President of Global Partnerships Keenan Skelly notes that as cybersecurity tools and technology evolve, specifically AI and machine learning, a problem begins to reveal itself as it relates to lack of diversity:
“The problem is that if you don’t have a diverse group of people training the Artificial Intelligence, then you’re transferring unconscious biases into the AI,” Keenan said. “What we really have to do…is make sure the group of people you have building your AI is diverse enough to be able to recognize these biases and get them out of the AI engineering process,” she added.
The good news is that is it never too late to build a more diverse workforce. Even if your organization cannot hire more people from different career backgrounds or varying skill sets, existing cyber teams can be further developed as professionals too. With the right learning environments that are both relevant and challenging to their thinking, tactics and techniques, current employees can develop a more diverse set of cyber competencies; all while co-learning with diverse teams around the world.
Companies can also build relationships with local educational institutions to communicate critical workforce needs to better align talent pipeline with industry needs, recommends a new study from the Center for Strategic and International Studies. Likewise, cyber professionals can be guest speakers or lecturers in local cyber courses and classrooms to communicate the same diversification needs in the industry.
While some experts say it’s too late to try and diversify the workforce in thinking, skill, and background, we beg to differ. If we give up now in diversifying our workforce, our technology and tools will outpace our ability to use it effectively, efficiently, and innovatively. It’s not too late. It starts with an open mind and “take action” sense of conviction.
 CSIS, Hacking the Skills Shortage (Santa Clara, CA: McAfee, July 2016), https://www.mcafee.com/enterprise/en-us/assets/reports/rp-hacking-skills-shortage.pdf.
 Crumpler and Lewis, The Cybersecurity Workforce Gap, Center for Strategic and International Studies, January 2019.
Photo Credit: https://unsplash.com/@rawpixel