What will it take to diversify the cyber workforce?
In its first national conference, the International Consortium of Minority Cybersecurity Professionals sought to lay the groundwork for getting more women and minorities into the cyber ranks.
The cybersecurity field is dominated by white men, but the International Consortium of Minority Cybersecurity Professionals aims to help ensure that U.S. companies and government agencies have access to a full spectrum of talent -- and that all Americans have a shot at jobs in the increasingly critical cybersecurity arena.
"The problem that we're experiencing in cybersecurity as a profession with underrepresentation of minorities, it's a subset of a larger problem we have as a country, [which is] getting more of our students interested in the sciences," said Devon Bryan, ICMCP's co-founder and president. He is also the Federal Reserve System's chief information security officer and a 2016 Federal 100 award winner for his work with ICMCP.
Speaking to FCW at the group's first national conference on March 24, Bryan noted that big private-sector names such as ADP, Cisco and Facebook were helping to fund the organization's scholarship program.
The government is playing a crucial role as well. He hailed the Department of Homeland Security's CyberCorps scholarship program and the establishment of the CyberCorps Reserve program, which is part of the Cybersecurity National Action Plan.
Suzanne Spaulding, undersecretary of DHS' National Protection and Programs Directorate (soon to become Cyber Infrastructure Protection), told conference attendees that she is deeply committed to inclusion and diversity. She added that 26 percent of NPPD's workforce is African-American, as is 15 percent of her Senior Executive Service leadership team.
"Not high enough, but higher than the overall average," she said, presumably referring to the U.S. workforce nationally. She was not available for comment after her remarks, and a DHS spokesman did not return a request for comment.
NPPD is an outlier, however, because the broader cybersecurity field is overwhelmingly white and male.
According to Labor Department statistics, women made a slight gain in cybersecurity jobs from 2014 to 2015, going from 18.1 percent to 19.7 percent of the information security analyst workforce.
But racial groups saw a decline, with African-Americans plummeting from 9.7 percent to 3 percent of information security analysts, and Latinos dropping from 6.1 percent to 5.2 percent. African-Americans and Latinos make up 11.4 percent and 16.1 percent, respectively, of the total U.S. workforce.
Even Asian-Americans, who are overrepresented in many computer-related professions, made up only 3.4 percent of information security analysts, below their 5.8 percent share of the total workforce.
But changing the numbers in and of themselves is not necessarily the goal.
Debora Plunkett, the first African-American woman to serve as information assurance director at the National Security Agency, said cultural change at government agencies is important to move managers away from the impulse to hire people who look like them.
She advocated blind reviews of job candidates, which eliminate sex and race labels as well as names, as a path toward a more equitable future.
Bryan steered clear of citing target numbers and instead stressed the importance of expanding opportunities for the sake of minorities and the country as a whole.
"We will never address diversity in cybersecurity if we don't address more American students going into [science, technology, engineering and math], choosing a STEM career field as their path," Bryan said.
He cited studies showing that only 16 percent of U.S. high-school students are interested in STEM fields.
"That does not bode for well us when we look at what the future holds...in terms of the number of STEM-related jobs," he said. "Getting a big pool of students interested in the sciences is where we have to start."