Diversity is Key to the Future of a Cyber Workforce

Multi-sector partnerships and innovative workforce programs will play a pivotal role in diversifying, hiring, training and retaining cyber talent.

“When we think about what we need to do to create the right people skills, we can’t think just about the 500,000 jobs that are empty at the moment across this country. … We have to think about every person who’s in cyberspace,” National Cyber Director Chris Inglis said on a panel at NAPA’s Forum on Expanding the Nation’s Cybersecurity Workforce. “How do we invest in the programs that create their professional dimensions, such that they then understand as much about cyberspace as they might about the environmental needs of our society?”

Diana Burley, vice provost for research at American University and a leading cyber workforce educator, argued that educational institutions should establish a “base level of competence” for cyber to promote societal awareness and understanding, especially as the cyber landscape continues to expand.

“Until we as … a society get beyond this notion that only some institutions need to have this, and that [cyber] really is a fundamental skill set that all of our students need to have in order to function as effective members of society — before we start to compartmentalize into different career fields — we’re always going to be playing catch up,” Burley said.

Tony Coulson, executive director of the Cybersecurity Center and professor at California State University at San Bernardino and lead for the National Centers of Academic Excellence Community in Cybersecurity, said his team is partnering with government to solve the challenges across the cyber workforce by focusing on alternative approaches to recruitment.

“One thing that I will say that I’ve seen in all the partnerships and all the years of working with the government agencies … is this inherent desire to duplicate or over-analyze, where somebody sees something and they go, ‘We should do that, but let’s make it in our little silo or our little kingdom,’” Coulson said.

This approach has inhibited coordination and collaboration. Coulson recommended that colleges and universities looking to coordinate with government should develop new processes and programs for preparing the future cyber workforce. This effort also spans across associations, nonprofits, the private sector, training and certification organizations and more to drive a national, unified approach to cyber training.

“What’s needed is coordination,” said Costis Toregas, director of the Cybersecurity and Privacy Research Institute at George Washington University. “Right now, we do not have a table to sit down all these people … what we need is more discussion of multiple sectors rather than taking deep dives into any one sector. That’s the key that unlocks the door to a lot of future benefits.”

As cyber educators and government leaders drive greater understanding of the cyber landscape and workforce, Burley said there needs to be a shift in how the field is marketed to attract more diverse talent and increase inclusion across minority populations.

There tends to be a lack of clarity when it comes to what it means to be a cybersecurity professional. Burley recommended that leaders across the field improve how they communicate the types of opportunities and identify role models that represent the diversity seen across the nation.

“We tend to focus very much on a narrow set of those roles that perhaps don’t, don’t attract the type of diversity that we want to see in the field,” Burley said. “I think that we as a collective, those of us who are defining the field and structuring it need to be more consistent in the way that we talk about the field and the opportunities and the breadth of those opportunities.”

Cyber educators are also beginning to create new opportunities to attract a more diverse talent pool. Coulson and his team developed a local pilot program, targeting diverse groups and rural opportunities, to meet talent where they’re at.

Organizations are also driving apprenticeship programs to normalize a “earn while you learn” model, incentivizing new talent to enter the cyber field. Apprenticeships and similar models also reduce barriers to entering the profession; in some cases, replacing the need for a college degree.

“The NAPA project team really did a deep dive into apprenticeships and other non-traditional forms because the traditional academically based programs will not suffice,” Toregas said.

The Department of Labor is one federal agency that has registered apprenticeship programs and is beginning to put more emphasis on cyber-specific programs. Toregas said senior cyber leadership, like CIOs and CISOs, are critical to drive wide-scale adoption of these offerings.

“Until we actually take action and are willing to take actions that might be a little different than what we’ve done in the past … then we’re not going to get to that better place,” Burley said. “We’ve got to get to that acceptance level, where we are willing to take that step out of the bounds of where we are and do some of these options so that we can actually build a robust and resilient cybersecurity workforce and citizen.”