Drawing Underrepresented Groups from the Shadows To Build the Cybersecurity Talent Pool

If you’ve been following this series, it should be clear by now that cybersecurity talent represents one of the biggest needs in IT but also one of the smallest talent pools. In Parts 1 and 2 I shared advice for attracting cybersecurity professionals to fill those right-now needs. Taking a longer term view, the demand will continue to grow, and it is in everyone’s interest to promote growth on the supply side as well.

Women and other underrepresented groups comprise a large, untapped talent pool. According to the National Cybersecurity institute, the U.S. Department of Labor’s 2015 population survey indicates that women hold only 19.7% of cybersecurity jobs, while African Americans, Asian Americans and Latinos combined hold only 12%. Women alone represent more than half of the U.S. population, so the potential numbers are out there.

Adjourn the Good ‘Ol Boys Clubs for Good

Discrimination is only one factor. For example, women continue to choose careers in traditional areas such as education, healthcare and social work. Just the same, lack of diversity can make cybersecurity departments look like good ol’ boys clubs, further discouraging members of underrepresented groups from pursuing careers in this space. Those who do often feel like the “odd stepchild” of a team or department. People in these situations report feeling as though their voice is not heard.

Leaders in the field need to make a point of integrating and welcoming women and other underrepresented groups, ensuring that they are engaged, contributing members of the team. One way to do this is to hire and/or develop members of underrepresented groups into your leadership ranks in IT and, ideally, cybersecurity. “Women at the senior level are beacons for other women,” says Elizabeth Ames, of the Anita Borg Institute for Women in Technology. Undoubtedly this is true for people of color as well.

Proactive Engagement

Another strategy is to implement targeted outreach programs. According to the Wall Street Journal, big banks like J.P. Morgan Chase and Citigroup are getting results by hosting events and programs targeting different groups. Some have even started “re-entry” programs to attract women who took a career break to start families.

Post openings on job boards of associations and magazines like the National Black MBA Association, Ascend Pan-Asian Leaders, National Association of Professional Women, Association of Latino Professionals for America, and others. For entry-level roles, recruit from colleges and universities that have large numbers of students from underrepresented groups.

Diversify Your Employment Brand

Members of underrepresented groups can promote their own interests by getting involved with organizations like the Women in Security special interest group within ISSA, Women in Technology (WIT), Blacks in Technology (BIT), the International Consortium of Minority Cybersecurity Professionals (ICMCP), and others. If your company is serious about attracting diverse talent, you should get involved in organizations like these — establish a reputation for supporting diversity in the cyberspace profession.

According to Sharon Florentine of CIO.com, two other big issues are access to and the cost of training. A one-week class can cost $5,000. However, organizations like Cybrary.it and SANS CyberAces are fighting this by offering free online courses. As I suggested in Part 2, companies can enhance their employment brand by providing training in general — combine that with targeted recruiting, and your company could become recognized for being a trailblazer.

Most commenters on this topic agree that women and underrepresented groups should be encouraged to explore cybersecurity careers at a young age. Melinda Gates, for example, recently launched a new initiative to attract and retain women in tech fields, citing a “leaky pipeline” in education as a key issue. Your company should attend career events at high schools and middle schools, ideally sending employees who represent the target demographics.

This post only scratches the surface of a large and challenging issue. If you have strategies that working for you, please share them, below.