Headline
Closing the Cybersecurity Career Diversity Gap
Diversity isn’t just an issue of fairness — it’s about operational excellence and ensuring we have the best possible teams defending our national security.
Theresa Payton, Former White House CIO, and CEO, Fortalice Solutions, LLC
November 25, 2024
6 Min Read
Source: designer491 via Alamy Stock Photo
COMMENTARY
The US government often operates with a natural inclination toward risk aversion and a slower pace of change compared with the private sector. While this cautious approach is understandable, given the high stakes of national security, it can inadvertently hinder efforts to close the diversity gap in cybersecurity and STEM fields (that is, science, technology, engineering, and mathematics). By sharing best practices across the public and private sectors, the US government and the private sector can build a more diverse and resilient cybersecurity workforce, capable of addressing today’s complex threats.
Here are seven strategies that every enterprise, whether in the public or the private sector, can implement to close the diversity gap in cybersecurity, drawing from successful approaches:
**Proactive Recruitment **
In the private sector, actively seeking diverse talent rather than waiting for applicants has yielded substantial results. We’ve broadened our talent pool by partnering with organizations dedicated to underrepresented groups in tech and attending diversity-focused events. Similarly, the US government can implement a proactive approach, targeting communities that historically have been underrepresented in STEM and cybersecurity.
Stat: Partnering with organizations like Women in Cybersecurity (WiCyS) or the National Society of Black Engineers (NSBE) can help increase diversity. According to the “ISC2 Cybersecurity Workforce Study,” only 24% of cybersecurity professionals are women, and the numbers are even lower for Black and Hispanic professionals. Proactive partnerships and outreach are crucial to closing this gap.
Flexible Career Pathways
Offering flexible career pathways has proven to be a powerful recruitment and retention tool in the private sector. Rather than adhering to rigid, predefined positions, designing roles around an individual’s strengths, skills, and interests attracts a more diverse workforce. Nontraditional candidates bring fresh perspectives, which are invaluable in the evolving cybersecurity landscape.
The US government has leveraged the NICE framework, which is a good foundation. All enterprises can implement dynamic roles and career pathways tailored to diverse skill sets and backgrounds. This flexibility would make government careers more appealing to underrepresented talent.
Stat: According to the “ISC2 Cybersecurity Workforce Study,” expanding career pathways can help close the global cybersecurity workforce gap, which is estimated to be more than 3.4 million professionals.
Building an Inclusive Culture
Culture is critical to retaining diverse talent. It’s not enough to hire diverse candidates — organizations must also create environments where everyone feels valued. In our experience, building an inclusive culture has strengthened our team’s ability to tackle complex challenges.
Fostering an inclusive culture would help enterprises recruit and retain diverse talent. A diverse team brings new ideas and varied perspectives, which is crucial when defending against rapidly evolving cyber threats.
Leveraging Midcareer Switchers
Midcareer professionals from diverse fields like project management, communications, music, and arts can bring valuable transferable skills to cybersecurity roles. Some of our most effective cybersecurity professionals come from non-technical backgrounds, where problem-solving, creativity, and leadership were honed.
The US government and private sector could benefit from targeting mid-career switchers and offering retraining and upskilling programs to support their transition. This approach would diversify the talent pool and inject fresh perspectives into government cybersecurity teams.
Stat: According to the World Economic Forum, 50% of all employees will need reskilling by 2025. Leveraging the transferable skills of midcareer professionals can be a strategic solution for addressing talent shortages.
Targeted Outreach for BIPOC Talent
To close the diversity gap, targeted outreach to Black, indigenous, and people of color (BIPOC) communities is essential. This can be achieved through partnerships with minority-serving institutions and organizations focused on increasing representation in tech. Scholarships, mentorship, and internship programs specifically designed for BIPOC students and professionals can help build a pipeline of diverse talent into government roles.
Stat: Currently, only 9% of cybersecurity professionals are Black, and just 4% are Hispanic, according to ISC2’s “Cybersecurity Workforce Study.” Targeted initiatives can help bridge these gaps and attract underrepresented talent to cybersecurity roles.
Early Engagement With Younger Talent
The private sector has seen remarkable success by engaging younger talent early in their education and careers. Hackathons, internships, and partnerships with gaming communities have effectively identified and nurtured young cybersecurity talent. This generation is motivated by mission-driven work and seeks roles where they can make a tangible impact.
The US government can adopt similar strategies by creating internships, challenges, and self-paced learning opportunities. By emphasizing the critical role of cybersecurity in national security, the government can make these positions more appealing to younger talent who seek purpose in their careers.
Stat: A Deloitte survey revealed that 87% of millennials value professional development and learning opportunities in their jobs, which aligns with the desire for continuous growth and impact-driven careers.
Retention Through Flexibility and Support
Retention is as important as recruitment when building a diverse workforce. Offering flexible work arrangements, professional development opportunities, and support during life transitions — such as raising children or caring for aging parents — can significantly improve retention rates. In the private sector, these initiatives have allowed us to keep diverse talent engaged and thriving.
The US government can adopt similar strategies by implementing flexible work policies and providing robust professional development programs. When employees feel supported in balancing work and personal responsibilities, they are likely to stay and grow within the organization.
Stat: Research shows that organizations with inclusive and flexible cultures have 1.7 times greater innovation and 2.3 times higher cash flow per employee than those without.
Conclusion
Closing the career diversity gap in STEM and cybersecurity fields is critical to our nation’s cybersecurity future. By sharing best practices and lessons between the public and private sectors, the United States can lead by example, closing the career diversity gap and building a more resilient cybersecurity workforce. Diversity isn’t just an issue of fairness — it’s about operational excellence and ensuring we have the best possible teams defending our national security.
About the Author
Former White House CIO, and CEO, Fortalice Solutions, LLC
Theresa Payton made history as the first female to serve as White House Chief Information Officer and currently helps organizations in both the public and private sectors protect their most valuable resources. As one of the nation’s most respected authorities on secured digital transformation, Theresa Payton is frequently requested to advise boards of the Fortune 500, CEOs, and technology executives. Theresa is a visionary in the digital world leading the way as an inventor of new security designs and has an approved US patent in security. She provides advice drawing from her experience as a technologist first and now veteran cybercrime fighter and entrepreneur, masterfully blending memorable anecdotes with cutting-edge insights.