A group of experts across multiple fields on Thursday recommended a sweeping set of actions to diversify the U.S. cybersecurity workforce, saying the field was “overwhelmingly” white and male.
The Aspen Institute’s Tech Policy Hub and Aspen Digital detailed the recommendations in a report following two meetings over the past year with dozens of individuals across cybersecurity, government, academia, nonprofits and other industries.
“The field remains remarkably homogeneous, both among technical practitioners and policy thinkers, and there are few model programs or initiatives that have demonstrated real progress in building diverse and inclusive teams,” the report noted. “It is estimated that only 4% of cybersecurity workers self-identify as Hispanic, 9% as Black, and 24% as women.”
In order to increase diversity in the cybersecurity sector, the report’s authors focused on strengthening cybersecurity education initiatives, shifting the hiring process, focusing on retaining diverse talent, establishing mentorship programs and shifting the narrative around working in cybersecurity.
“As many of the most visible faces in cybersecurity are White and male, diverse candidates and students may not see themselves as future cybersecurity experts and leaders,” the report notes.
Specific recommendations included reevaluating whether current background check processes for cyber positions are equitable and fair, developing mentorship models to help organizations diversify their workforce and establishing a task force to track the commitment of company leaders to diversity.
Rep. Lauren UnderwoodLauren UnderwoodKatie Hill launches effort to protect Democratic majority in House Overnight Hillicon Valley — Hacking goes global Report pushes for changes to diversify 'homogeneous' US cybersecurity workforce MORE (D-Ill.), the former chair of the House Homeland Security Committee’s cybersecurity subcommittee, praised the report during a virtual event hosted by the Aspen Institute on Thursday.
She stressed that “a diverse security workforce makes us safer” due to the ability for more voices and viewpoints to be considered when seeking solutions to cyber challenges.
“Racism is a national security issue, sexism is a national security issue, the same goes for any other form of bias or prejudice that keeps top talent out of our workforce,” Underwood said. “These are national security issues and must be treated with the same urgency as other threats.”
The need to attract diverse cybersecurity talent to the workforce has increasingly become a concern amid increasing major cybersecurity incidents and protests around racial discrimination over the past year.
The Biden administration last month established a program to recruit and train tech professionals to work for the federal government, with a focus on prioritizing diversity of these individuals in terms of race, ethnicity and gender.
Several leading tech groups pledged last month to also focus on workforce diversity following a meeting at the White House with President Biden.
IBM promised to train 150,000 individuals in cybersecurity skills over the next three years, and diversify the process through establishing cybersecurity centers at 20 historically Black colleges and universities, while Girls Who Code promised to establish a micro-credentialing program to fund scholarships for underrepresented groups in tech.
Underwood on Thursday warned that vulnerabilities in cybersecurity solutions would continue to exist if diversity did not become a priority.
“Less diversity means more blind spots in our threat assessments, and fewer creative ideas for solutions,” Underwood said. “With cybersecurity threats increasing every single day, those are risks that we simply can’t afford to take.”