With an increase in evolving cyberattacks during the COVID-19 pandemic and an overall shortage of cybersecurity workers worldwide, federal cyber leaders are calling for people with diverse skillsets, experiences, and talent to fill the gap — especially women and minorities.
Acknowledging that women and minorities are underrepresented in cyber and leadership positions, women CISOs in government and the private sector talked about addressing these immediate challenges during GovernmentCIO Media & Research’s virtual event Sept. 2.
“All of a sudden, cyber took on a whole new range. Now it’s how you educate your children. It’s how you ensure that you have proper health care," said the Defense Department's Undersecretary of Defense for Acquisition CISO Katie Arrington. "We’re working from home on computers, and we need that capability to think in the holistic picture of what cyber means."
The mass migration to telework and expanded reliance on technology for work has also shed light on the value of soft skills necessary for a successful career in the field, particularly in cyber leadership roles. These include problem-solving, critical thinking and negotiation skills, as well as the ability to build and maintain relationships.
Jothi Dugar, CISO for the National Institutes of Health’s Center for Information Technology, noted that these skills may often be overlooked by potential employees seeking cybersecurity careers over technical skills, but are critical when working with others.
“If you go the cyber leadership route, there is no program or certification or anyone telling you that you need to be more than just technical skills, but you need the communication [and] relationship-building skills,” Dugar said.
“At the NIH, we’re having to speak with doctors, nurses, clinicians, scientists, researchers on cybersecurity on a daily basis," she explained. "You really have to paint the picture for a variety of different stakeholders."
In terms of entering into the field, Department of Agriculture CISO Venice Goodwine said that once individuals identify these soft skills, they can then easily both navigate different cybersecurity career options available in the federal government and identify which technical skills to develop further using the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework.
“[The NICE Framework] tells you the skills, the knowledge, the abilities required and even the tasks that you can expect to do in that role. When you do that individual analysis and assessment of yourself, your interests and the skills that you have, you can then mirror that up to the NICE Framework and say, ‘That’s what I want to do,’” Goodwine explained.
Goodwine also noted that utilizing the Office of Personnel Management hiring authorities, such as Schedule A and the Pathways Program, as well as nontraditional paths of recruitment were important tools to close the IT workforce gap.
Private sector companies are also aiming to cultivate cybersecurity interest and employment opportunities among the younger generations.
Leslie Harlien, VP of public sector strategy and business development for Dell Technologies, said the company is investing in outreach efforts specifically targeted toward underrepresented and underserved groups at various education levels.
“We put a big focus on looking at minority institutions, [historically black colleges and universities], community colleges, and ensuring that we’re partnering with them and helping provide some of the curriculum, the tools, the certifications and even the soft skills to be successful,” Harlien said.
Noting that research suggests girls often lose interest in STEM by high school if they aren’t involved in it from a young age, Harlien said the company has also partnered with Microsoft on Girls Who Game, an after-school pilot program that encourages young girls in fourth through eighth grades to pursue STEM using Minecraft: Education Edition, she said. The program also gives girls mentorship opportunities with other women working in different areas of the company.
Similarly, DOD's Cyber Information Technology Exchange Program, in partnership with industry organizations, supports the exchange of IT workforce experiences, skills and best practices that can inform and encourage underrepresented groups to join the agency.
However, more investment and innovative workforce ideas are needed to ensure women and minorities in cyber and leadership positions are adequately represented.
“To get good women leadership in cyber [and] to get minority leadership in cyber, it’s going to take extra hard work. [COVID-19] made it a thing that’s now,” said Arrington. “We need the aperture to look outside and think outside the box and not be so lock-in-step with the way we’ve done things in the past.”