How a Diverse Workforce Will Improve the Cyber Security Industry
The cyber security business is booming and the demand for cyber security talent is as well. According to a Stanford Review of Federal Statistics, there are currently 200,000 unfilled cyber security jobs due to a lack of qualified talent. Some projections show that number increasing to over one million by 2020. At the same time, both women and minorities are severely underrepresented in the cyber workforce. According to the 2017 Global Information Security Workforce Study, women comprise only 11 percent of the global cyber workforce and 14 percent in the U.S., and minorities even less.
This underrepresentation is a national problem for two reasons. First, it’s foolish to allow more than 50 percent of the workforce to be excluded from the pool of potential cyber workforce. The lack of qualified talent means the cost of securing cyberspace goes up as employers compete for people, and unfilled positions mean that needed cyber security programs aren’t being implemented as well, as quickly, or as widely as they should. That makes our information and our networks, whether private, commercial, or governmental, less secure and more susceptible to criminal or nation state attacks. Second, the lack of diversity makes for less informed decision making. Some may view that as political correctness, but through my experience over four decades in the intelligence community, a group of smart people with different backgrounds and experiences will always out-perform an equally smart but homogeneous group, particularly on difficult problems that require creativity and innovation. They will see different connections, apply lessons derived from different experiences, and come up with solutions that others will not see. As everyone who works in the cyber security industry knows, we definitely have difficult problems.
A European study on girls in science, technology, engineering, and math (STEM) done by Microsoft revealed that girls were highly interested in STEM from ages 11 to 15 but then their interest declined precipitously. Reasons cited included a lack of female role models, the perception that technical fields were for boys, and social pressures from peers.
What do we need to do to address the underrepresentation problem? First, girls and minorities’ interest in computer science and cyber security should be encouraged at an early age, starting in middle school. Then keep them interested. That involves things like having mentors and role models who are female and minorities, making modern computer labs and equipment accessible during and after school, and offering relevant courses and projects. In high school, it means making internships/co-op/work study options available while continuing to offer mentors, role models, and opportunities. It also means understanding what the limiting factors are, which can vary depending on area. When the NSA changed high school recruiting strategies by expanding focus to school districts with high minority populations, we discovered one of the impediments for minority students participating in our work study program was transportation, so we arranged for shuttles to and from the school.
Expanding the pool of people in the cyber security workforce is essential to ensuring our information and networks are protected from threats. Getting more women and minorities into that cyber security workforce will be key to addressing the current and expected labor shortfalls. Fixing the problem of underrepresentation is not just the right thing to do, it’s a strategic necessity.
Mr. Ledgett has four decades of intelligence, cyber security and cyber operations experience, including 29 years with the National Security Agency (NSA), the largest intelligence organization in the U.S., where he served as Deputy Director from January 2014 until his retirement in April 2017. In that capacity he led a global entity with almost 200 operating locations around the world and acted as the Agency’s chief operating officer, responsible for providing foreign intelligence and protecting the nation’s most important national security- related networks and information.