Doing Diversity Right: Turning Employment Obstacles into Opportunities

Blind assumptions about online security are not the only assumptions that demand attention in the cybersecurity industry today.

An article NopSec published late last year (“Your Money or Your File(s)!“) opens with a familiar image of the popular face of “ransom” in western society’s 80s culture: “A bad person with a foreign accent would kidnap the loved one(s) of a square-jawed, wealthy protagonist and demand a large sum of money for their safe return.”

The party with the accent was not likely to be on the right side of the ransom note, and—let’s face it—the “square-jawed” hero was not usually scraping together funds for her kidnapped love interest.

While facile media portrayals of good vs. evil are hardly surprising, the extent to which these representations still influence reality—specifically in their application to equal opportunity in the workforce—isn’t as easily brushed aside.

As a global and digital economy helps evolve our childhood illusions, we’re asked to look at the new threats presented by malware, ransomware, phishing, hacking, and other cyber crime—and the real defenders that stand ready to address the modern-day, digital ransom note with vulnerability risk management.

Diversity in cybersecurity … or the lack thereof?

According to recent research published by Women’s Society of Cyberjutsu, a nonprofit devoted to helping women succeed in cybersecurity by providing hands-on training and other resources, only 11% of the information security workforce are women, a figure that stands in stark contrast to the 50% of professional occupations—and even the 25% of computing positions—held by U.S. women.

Meanwhile, the Bureau of Labor Statistics (BLS) reports that African Americans, Asian, and Hispanics comprise only 12% of U.S. information security jobs.

If the employment rates themselves don’t speak loudly enough, well, money talks. An article published by National Cybersecurity Institute states that minorities who work in IT-related roles face the biggest wage gaps out there. Women in computer programming, for example, are making over 28% less than their male counterparts, according to studies by Glassdoor.

Does massive industry growth add up to equal opportunity?

This fragile imbalance finds itself teetering on the edge of a tipping point in industry growth.

A severe labor shortage ironically stands on the other side of this vast underrepresentation of women and minorities in cybersecurity: a chasm of unclaimed jobs facing an obvious workforce of people who could be filling them. Unemployment in the industry was at 0 percent in 2016, reported Cybersecurity Ventures, a cyber economy research firm that also predicts that annual cybercrime costs will reach $6 trillion in 2021.

As Michael Brown, CEO at Symantec, is quoted in Forbes, “Demand for cybersecurity talent is expected to rise to 6 million globally by 2019, with a projected shortfall of 1.5 million.” At those numbers, says Amje Saffarini, CEO of CyberVista, in an article published by Society for Human Resource Management (SHRM Online), “the industry simply can’t afford to ignore such a large pool of potential talent.”

“Having a more diverse workforce creates a more diverse culture within the company,” says CompTIA’s Steven Ostrowski, citing the positive effects of company investment, training, and support for employees, as well as the need for corporations to “examine and question their own assumptions and unintentional biases in their hiring process.”

Many companies like NopSec are facing the situation head-on, believing that constructively addressing diversity in cybersecurity helps not only internal operations and innovation, but also growth and advancement in the field.

With female leadership, an engineering team of 50% women, the sponsorship of H1-B Visas for qualified international employees, and annual participation in the International Consortium of Minority Cybersecurity Professionals (ICMCP) Conference, we stand by our promise to push the innovation envelope and uphold intellectual curiosity among a diverse team.

Education to the rescue

It’s not just corporations and industry cybersecurity professionals who are getting with the program. Education institutions and nonprofits are starting to drive at the problem earlier, before women might encounter what Deborah Hurley, associate faculty director for data privacy in Brown University’s cybersecurity program, calls a “cliff of discrimination,” as quoted in SHRM Online.

WSC recently partnered with Carnegie Mellon University to secure scholarships for their members, and education organizations like NYU Tandon School of Engineering, SANS CyberTalent Immersion Academy for Women, the Women in Cyber Security Initiative (WiCyS), and more, are launching programs to help women and minorities combat the attrition and self-selecting-out that has become such an unfortunate expectation in STEM professions.

High-school level education is also taking on the charge with organizations like the Institute for Cybersecurity Education and Hacker Highschool to nurture young talent and help them evolve into a professionally diverse cybersecurity workforce.

What’s next?

Debora Plunkett, the first African American woman to work for the National Security Agency (NSA), where she served for over 35 years until her retirement in 2016, told the Washington Post, “If I’m outside looking in, I want to see someone who looks like me because that gives me some hope that I can reach certain levels in the agency.”

We may be way beyond the simplistic stereotypes that infused our cartoon-addled youths, but we still have the responsibility as professionals in cybersecurity to not only make the digital world safe for our customers, but the industry open to peers who are crucial players in innovation and growth—whether they have square jaws or not.