The White House now has a point person to carry out its pledge to expand diversity in the cyber workforce.
Camille Stewart Gloster, a Google executive, was hired to head up Biden administration efforts to develop the nation’s ecosystem for tech talent, including building a more diverse cyber workforce and strengthening cyber education.
It’s a tough task but a pressing one, with the cyber sector facing widespread workforce shortages.
Suzanne Spaulding, a senior adviser for homeland security and director of the Defending Democratic Institutions project at the Center for Strategic and International Studies, said Stewart Gloster’s hire was significant.
“It’s not just the visibility of a woman of color taking a senior position on cyber in the government but one that has a high profile in the very communities we’re trying to reach,” she said.
Stewart Gloster is also the co-founder of #ShareTheMicInCyber, an online movement aimed to address diversity issues in the cyber field.
Her hiring came days after the White House hosted a cyber workforce and education summit during which participants, including National Cyber Director Chris Inglis, pledged to improve diversity, equity, inclusion and accessibility in the cyber field.
According to a report published last year by the Aspen Tech Policy Hub, only 4 percent of cybersecurity workers self-identified as Hispanic, while 9 percent self-identified as Black.
Spaulding said the lack of diversity in cybersecurity has been a long-running issue, and also extended to gender. Women make up just 24 percent of the cybersecurity workforce.
“We’ve got so many vacancies and we cannot afford to leave half of the population behind when it comes to women,” Spaulding said.
One of the main challenges stifling cyber diversity is the lack of women and minorities graduating with related degrees or certifications.
Spaulding said the industry has improved over the years thanks to nonprofit organizations like “Girl Security,” which encourages girls, women and minorities to take interest in security-related fields, and provides mentoring, workforce training and professional development.
Safa Shahwan Edwards, deputy director of the Atlantic Council’s Cyber Statecraft Initiative, said the White House can play a key role in shaping initiatives aimed at increasing diversity in the cyber workforce and in academia.
For starters, she said the administration should take an inventory of cyber workforce needs and figure out strategies to best meet those demands.
“These [initiatives] can be achieved by engaging both educators and employers as both government and industry reflect on how we’ve handled the development of the cyber workforce, but also how we may want to adjust and improve going forward,” she said.
Shahwan Edwards said one way to increase the number of women and minorities graduating with cyber-related degrees is to push universities to better market those academic concentrations, and connect historically underrepresented students with professional opportunities.
She added that it’s also crucial for minority-serving institutions, like historically black colleges and universities, to encourage their students to enroll in cyber-related programs, explore careers in cybersecurity and network with recruiters in the field.
“I think organizations need to try to develop and deepen the relationships needed to try to get a stronger talent pipeline coming out of those academic institutions,” Shahwan Edwards said.
Spaulding and Shahwan Edwards both agreed that recruiters also need to be more intentional in who they’re targeting and how they are reaching out to candidates, broadening their talent pool in general but especially with historically underrepresented communities.
The Aspen report also found that “cybersecurity organizations will continue to have difficulty attracting diverse talent if their hiring practices are biased toward candidates with elite educations and social capital.”
The report provided several steps organizations can take to hire a diverse pool of candidates. The recommendations include consulting with diversity, equity and inclusion training experts to review and support recruitment efforts, as well as encouraging conversations about race and diversity in the workplace.
Shahwan Edwards also raised the issue of over-emphasizing certain credentials and degrees in job postings over other skills that a candidate has. She added that sometimes recruiters, especially in the tech and cyber field, tend to use highly technical language in the job description.
“As a result, you get a lot of candidates self-selecting out of that process despite having a real interest in cybersecurity … which is obviously not good,” Shahwan Edwards said.
She also took issue with requiring high-level certifications that may not be needed for entry level positions, noting a frequent disconnect within organizations between what their teams need and what human resources may think is required of a candidate.
The Aspen report recommended that companies consider subsidizing certification costs for diverse candidates to level the playing field.
“To get a job in the cybersecurity field, candidates are typically expected to have a roster of technical certifications,” the report said. “However, these credentials are expensive to attain and renew, which can present a barrier for diverse candidates.”
The report also suggested that organizations assess whether certifications should be a prerequisite to certain cybersecurity jobs over alternatives like apprenticeship programs.
“All those little things can really help make it easier for folks to get the experience and skills they need to be successful in those roles without only [requiring] a post-secondary education,” Shahwan Edwards said.
Source: The Hill