• Cybersecurity is quickly becoming one of the most important industries to safeguard our democratic values.
  • The demand for cybersecurity professionals is rising globally, as cyberattacks are increasing in scale and severity.
  • Here are multiple reasons why diversity and inclusion can solve the acute talent shortage in the industry.

As cyberattacks increase in scale and severity, so too does the global demand for cybersecurity professionals – in all aspects of the field and across all sectors. The supply seemingly cannot keep up, resulting in an acute talent shortage.

But in this talent shortage, there is an even bigger and more troubling gap: the lack of diversity in cybersecurity.

Improving the work environment for underrepresented groups

The latest statistics on demographics in cybersecurity are troubling: according to the Aspen Digital Tech Policy hub’s latest report, underrepresented groups such as Black (9%), Hispanic (4%) and Asian (8%) professionals make up an increasingly low percentage of the industry. For example, women make up 51% of the population, but only comprise only 24% of the cybersecurity workforce.

On the flip side, there are almost 500,000 open jobs in cybersecurity in the United States alone, signaling a systemic, yet not-insurmountable divide. If we work together through individual and collective action to improve the current environment for underrepresented groups, there could be lasting positive impacts across the field of cybersecurity.

Cybersecurity professionals work long hours. In many circumstances, they exhaust themselves to safeguard infrastructure, IT systems and institutions. Almost everyone in cybersecurity is stretched thin. Organizations and nations alike need more qualified people to work in cybersecurity.

Professionals must truly understand the threats while coming up with more robust solutions. To do so, the industry must fix parts of recruitment, retention and leadership development.

Choosing candidates with the right core traits

Focusing on the barriers to inclusion and success in the industry, instead of just overt discrimination, can help reduce the talent shortage. Cybersecurity leaders play an important role in this. They should focus on diversity and inclusion when selecting candidates.

Instead of merely recruiting new diverse candidates into the workforce, they must also provide those professionals already in it with opportunities, and tools to succeed and grow. Finally, managers have to allow diverse candidates to obtain a skillset to succeed as future leaders in the field.

Curiosity, problem-solving ability and critical thinking should be taken into consideration when recruiting experienced talents. Cybersecurity is a vibrant field that is constantly changing, especially when it comes to threats or potential attacks. Professionals cannot be static in their knowledge to succeed in this field.

This is why a curious mind and problem-solving abilities are crucial for the next generation of cyber professionals.

People who are looking to break into cybersecurity believe that it is too challenging to even land their first job. The entry level jobs they’re applying for require a number of qualifications.

What if instead recruiters looked at core traits and then trained and invested in people? This is the practice that many militaries around the globe use, including the Israeli and the US armies.

Prioritizing diversity, equity and inclusion

On top of this, leaders need to ensure they are taking care of people already in the industry, especially when it comes to future leadership positions. This includes everything from professional development over allyship to childcare and paid family leave.

This is where efforts like #ShareTheMicInCyber come in. The project highlights expertise of professionals already in the industry. Initiatives like CyberBase and #MakingSpace from the R Street Institute, which aim to boost diversity at cybersecurity events, as well as the Women in Security and Privacy scholarship fund, eliminating financial barriers to cybersecurity trainings, grew out of #ShareTheMicInCyber. These are actionable and powerful ways where allies have made a huge difference in this space.

Organizations prioritizing diversity, equity and inclusion have found these four concrete steps to be useful:

  • Prioritize retention and development opportunities of diverse staff members. Employee retention is essential if you want to build up diversity at higher organizational levels.
  • Treat all employees as individuals, provide opportunities for them to express themselves, create a safe space and acknowledge their contributions.
  • Ensure that your leader actively supports diversity, equity and inclusion across the organization.
  • Create opportunities for everyone to publish, write, and engage in public speaking.

Preparing for future challenges

Illuminating more pathways to leadership for a bigger pool of employees is vital for the retention of talent. But diversity needs to be represented at all levels of the organization. These issues are all interlinked and they are connected to national and international security.

The next generation of leaders in cybersecurity needs to come prepared. Present leaders should focus on creating opportunities for a diverse group of staff for professional development, mentorship and networking.

The lack of diversity blinds us to the myriad ways that actors can attack us, and robs us of the talent and engagement of important parts of the global population. A lack of different perspectives and diverse representation mires us in the issues of today. It saps our energy and ability to look ahead to future threats.

As we have adapted digitalization in every sphere of our lives, threats to our safety and health have grown in scale and complexity. These threats need to be addressed on a global scale – through creative ways.

Diversity is a vital part in our collective toolkit to guarantee more robust, more innovative and more agile ideas.

It’s hard to know where to start. It’s hard to admit your own privilege and know that you can do better... It requires some serious introspection. But from a security, a business, and moral perspective, it is worth it.

Break down the problem, identify your platform, leverage and act.