Anyone in the cybersecurity profession understands that organizations are facing a severe shortage of skills in virtually every aspect of information security.
In October, (ISC)², an international nonprofit association of cybersecurity professionals, released its latest Cybersecurity Workforce Study, which found that the cybersecurity workforce gap has increased to more than 2.9 million globally. About two-thirds of those surveyed (63 percent) report that their organizations have a shortage of IT staff dedicated to cybersecurity, and 48 percent said their organizations plan to increase cybersecurity staffing over the next 12 months.
For anyone looking to fill open positions in security programs, those are discouraging numbers. And there are no clear signs that the situation will get better any time soon.
“ Those who embrace diversity now will have a distinct advantage over those who are slower to realize its benefits. ”
Greater diversity can help
The good news is there are things we can do to ease the talent shortage, including bringing more women into the cybersecurity field.
Perhaps one of the more positive findings in the (ISC)² report was that there is a younger workforce and greater representation of women in the study. Women now represent 24 percent of the cybersecurity workforce surveyed, compared with 11 percent from previous studies.
In the cybersecurity world today, we are facing some of the same threats that we faced a decade ago, albeit with new packaging. A variety of viewpoints informed by different backgrounds and experiences will allow the security industry to take new approaches to identify and solve today’s most challenging and persistent threats. These need to include not only more women, but also people of varying ethnicities, countries of origin, ages and other factors.
How to implement diversity
There are steps we can take to increase workforce diversity, and they start before an employee is even hired.
One peer I recently spoke with shared that her organization reviews all job postings for gender-biased language. For example, security practitioners love to use the word “ninja,” as it speaks to precision and accuracy. However, it’s also a word that conjures up images of conflict and danger that may be less appealing to female candidates. Reviewing your job posting for language that may unconsciously favor one gender in the first step to attracting diverse candidates.
Another key is to create programs within your organization that promote diversity and inclusion. This isn’t a particularly progressive stance to take today — it’s simply table stakes. People in the workforce today want to be able to bring their authentic selves to their jobs. If job seekers and employees of all backgrounds believe they won’t be welcome in your organization, they’ll look for work elsewhere.
Mentorship programs within companies are also powerful tools. Through these programs, women working in security professions can provide guidance and encouragement to others in the company or those in the community showing an interest in cybersecurity.
Another initiative is to work with youth organizations to create more awareness about opportunities for women in technology fields in general and in cybersecurity specifically.
For example, Code42 has been partnering with the Girl Scouts for two years on events focused on fostering an interest in technology.
Last year, we hosted “Think Like a Programmer,” an event at which girls worked to earn badges related to Science, Technology, Engineering and Math (STEM). This year, they had an opportunity to work on a new Cybersecurity badge. The purpose of the program is to help girls understand not only the basics of programming, but also that there is a spot for them in cybersecurity.
Events such as these offer an opportunity for girls to meet, talk with and learn from women in the field of technology at Code42; create forums for dialogue about the advantages of STEM; encourage women to pursue careers in high technology by celebrating accomplished female leaders and role models; and bring more awareness to women in technology.
Organizations can also look to recruit diverse candidates who are working in completely different areas to join security teams, if they have skills that apply. For example, someone with a strong background in technology or analytics might have the ability to learn about large, complex systems, and could understand the logic behind how those systems work and their vulnerabilities.
Security executives such as CISOs need to work closely with human resources to recruit a broad array of talent that could make the security team stronger. It’s only a matter of time before this field will be truly diverse, but those who embrace diversity now will have a distinct advantage over those who are slower to realize its benefits.