COMMENTARY. While some may consider the Diverse Cybersecurity Workforce Act as intended primarily to improve diversity in a workforce dominated by white men, that attitude ignores the real security risk that exists due to the lack of different perspectives brought by women and underrepresented communities.
The lack of diversity creates a groupthink mindset, causing people to set aside personal beliefs and/or simply adopt the opinion of the group, which creates the illusion of invulnerability.
The adversaries certainly have diversity - and cybersecurity teams need it, too.
Building a Pipeline of Diverse Skills Ensuring the cybersecurity workforce becomes more diverse isn't possible without building a talent pipeline that looks like the world around us.
The next step is to create inclusive spaces for cybersecurity training and offer services that champion and drive impactful programming efforts, including incentives for students/career changers, mentorship, and career placement.
This act presents an opportunity to bring underrepresented individuals into lucrative, life-changing careers, and it's our best chance at mitigating current and future security risks, as well as ensuring the cyber workforce achieves greater diversity across sectors.
Timeline and Funding Last year, Gartner predicted that nearly half of cybersecurity leaders would change jobs by 2025, and 25% of those leaving would find different roles due to the stress of working in cyber.
ISC2's 2023 Cybersecurity Workforce Study showed the industry was already struggling with a record workforce gap of 4 million.
Adding new talent to the cybersecurity workforce has never been more urgent.
These efforts must be started immediately, ideally by using a turn-key programming effort that has already been shown to make a strong jobs impact on employers and career changers.
The $20 million per year budget is enough to make an impact; Women in Cybersecurity invested $1.8 million to allow 2,900 women to explore cybersecurity careers and enabled 181 to achieve multiple advanced SANS GIAC certifications with career placement services that positioned them for success in the workforce on day one at their new cyber job.
WiCyS has supported career changers in pivoting from teaching to pen testing, physical therapy to cloud security, and so much more.
While WiCyS focuses on the recruitment, retention, and advancement of women, our experience shows these efforts successfully increase diversity, equity, and inclusion in the workforce.
Across all experience categories, women were excluded at a rate two times higher than men, citing their direct managers and peers as sources of experiences that interfered with their job satisfaction and ability to perform their best work.
Women's second source of exclusion was the lack of career growth and advancement, contributing to them experiencing a glass ceiling just six to 10 years into their career, despite 46% of women in the field holding advanced degrees.
Retention Is Driven by Inclusion When diverse talent joins the cyber workforce, there must be programs in place that create more inclusive communities.
Lack of career growth and advancement opportunities.
To create an inclusive culture, organizations must ensure that diverse talent has a community and support structures within the organization designed to promote learning and career growth.
Without a plan to create this inclusion and growth, organizations lose their diversity hires, leading to higher recruitment expenses and ongoing cyber-workforce gaps.
Inclusion, quite simply, is vital for building and retaining a diverse workforce and addressing evolving cybersecurity risks.
This Cyber News was published on www.darkreading.com. Publication date: Wed, 26 Jun 2024 19:10:09 +0000