TechStrong Con: Diversity Key to Solving Cybersecurity Talent Shortage
The only way to address the cybersecurity talent shortage is to further invest in diversity, equity and inclusion. DEI can provide the added benefit of bringing a wide range of perspectives to bear in solving complex cybersecurity challenges.
A “Why Diversity Matters in Cybersecurity” panel held during the virtual TechStrong Con event today acknowledged that, while cybersecurity teams are more diverse than most IT organizations, there is still a tendency to require individuals to have four-year degrees and certifications that are difficult to attain.
Instead, organizations instead would be able to expand the pool of cybersecurity talent accessible to them by investing more in mentoring, internships, self-study and microlearning initiatives, said Jennifer Minella, principal advisor for enterprise security architecture for Viszen Security.
That approach would also widen the perspectives that can be brought to bear on any given challenge, she added. “We need to invest in neurodiversity, as well,” said Minella.
Those efforts, however, should not come at the expense of excluding white, middle-aged cybersecurity professionals, she noted. “Nobody can help how they are born,” said Minella. “It’s not all unicorns and rainbows.”
In fact, white, middle-aged cybersecurity professionals play a critical role in mentoring, said Lisa Plaggemier, executive director for the National Cyber Security Alliance. “Every one of my mentors has been a white middle-aged man,” she said.
At the same time, cybersecurity teams also need to be wary of tokenization, said Caroline Wong, chief strategy officer for Cobalt Security Services.
The issue is that, in many places, the leadership of cybersecurity teams is still dominated by white, middle-aged men that tend to promote individuals that think like they do, she added. “It’s important to pay attention to how raises and promotions are given,” said Wong.
It’s not clear what percentage of cybersecurity professionals come from diverse backgrounds, but more organizations are clearly looking to recruit individuals from varying backgrounds. The issue seems to be a lack of willingness to invest in training cybersecurity professionals in general. Many human resources departments are looking for experienced professionals that have specific areas of expertise. In many cases, the number of individuals with that specific expertise as a percentage of the overall cybersecurity community is minuscule.
Even when organizations do hire entry-level cybersecurity talent, they may not have completely worked through what is required in terms of what training and coaching those individuals will need to ultimately succeed.
Of course, no amount of investment in cybersecurity diversity is going to fill all the open cybersecurity positions overnight. However, it’s also apparent that current approaches to educating cybersecurity professionals are not sufficient to resolve the issue. Some form of on-the-job training is required. The challenge is the individuals that are best qualified to provide that training and mentoring are too busy combatting real-time cybersecurity threats and breaches.
One way or another, the pool of cybersecurity talent needs to increase—but how long that will take is still, unfortunately, anybody’s guess.
