Cyber workforce efforts need to address diversity ‘head on,’ ex-White House official says

SAN FRANCISCO — Camille Stewart Gloster, the cyber and technology attorney who led the White House’s cybersecurity workforce and tech strategies since August 2022, recently left her role as deputy national cyber director for technology and ecosystem in the Office of the National Cyber Director. She sat down with Nextgov/FCW last week at the RSA conference to give her perspective on the state of cyberthreats facing the U.S. and where ONCD goes from here in a presidential election year.

This interview has been edited for length and clarity.

Nextgov/FCW: Thanks for agreeing to do this. What have you learned so far this week? You’re here at the conference now in a non White House capacity for the first time in a little while. How has it been?

Camille Stewart Gloster: It’s been nice. I’m usually booked moment by moment. The opportunity to spend time with a bunch of different people in a bunch of different groups has been really nice. And I’ve actually been able to take in some of the content instead of just having to deliver remarks and move onto the next task.

I really appreciated the creativity of the sessions this year. A lot of the side stuff is particularly compelling. But even in the main sessions — like talking about the intersection of art and AI — I think people are stepping outside of the traditional security layer and having conversations that impact security, but they are not directly security focused, which has been interesting. Quite frankly, RSAC is just a really great place to network and see people and meet people. In particular, since the pandemic, you haven’t met a lot of people that you interface with daily, so many of your interactions are virtual, and the opportunity to meet in person has been great.

Nextgov/FCW: You just departed the White House cyber czar’s office handling their workforce efforts. How do you feel about where you left it, and what do you think happens next in that area?

Stewart Gloster: One of the reasons I went into that role was because it was a wide breadth of a portfolio. I led all the technology security stuff, and leaned in on AI, quantum, emerging tech, data security and supply chain security, as well as the workforce. Workforce became an area of passion because in doing the work, I recognized that if we forget the people in this dynamic, then we are missing the entire threat landscape and the entire opportunity landscape. And that led me to create a bunch of things in my personal time, but this was an opportunity to really lean on workforce issues in my day job. 

We’ve accomplished a lot. I’m very confident in [Assistant National Cyber Director for Cyber Workforce, Training and Education] Seeyew Mo’s ability to drive that vision. He has been a great deputy in that work. And I think I set a vision that he can continue to build upon and iterate on as the [National Cyber] Strategy gets implemented. 

I’m really excited about the announcement that came out from the White House about shifting the 2210 jobs area to skill-based [hiring], I think that is a leadership move that was much needed. And I think the work that will happen to transition to skill-based learning is something that'll be a model for in the industry. I’m going to be keeping my eye on how that evolves because I think it is very important.

Nextgov/FCW: What cyber workforce concerns are keeping you up at night right now?

Stewart Gloster: In general, I am concerned with the move to not address diversity head on. I think that is a loss, especially in national security spaces. For cybersecurity in particular, understanding technology and context means understanding people, and the best proxy for that is to have diverse representation in your staff. The absence of that focus — ignoring where you have gaps in terms of skill sets, backgrounds, genders and ethnicities — is really a disservice to the work. I’m encouraged by the fact that the White House has continued to make that a priority. It's part of the cyber strategy. I don't think they backed away from that in any way.

The skills-based hiring helps, but without a lens for how different communities will receive this information, or be exposed to it, it could fall short. You could transition to skills-based hiring, but if you're not going into inner city schools or rural communities … then you’ve kind of missed the mark.

Nextgov/FCW: Would you say cyber workforce risks are a national security risk?

Stewart Gloster: It is a national security risk. I think it creates gaps in our threat picture. Technology is used in context. And we’ve seen communities targeted, whether it’s by cyber-enabled misinformation or disinformation, or whether it’s how products are weaponized in different communities. All of those dynamics are a part of that diversity picture. 

It means understanding how low income communities are targeted, how human rights organizations are targeted or how misinformation is hitting communities of color. Those are things that if you don’t pay attention to — if you don’t have diverse perspectives on your cyber staff — you miss the nuance there.

Nextgov/FCW: Where do we go next on that? Does that mean a new initiative in the White House ONCD? Is it something that Capitol Hill should be thinking about? How do we capitalize on that?

Stewart Gloster: The ideal state would be that diversity would be a consideration in everything. That’s why it is a principle at the top of the Strategy, not a pillar in the strategy, right? It’s that every initiative should have that lens toward who’s in the room. Who are we getting the services to? Who has the opportunities?

Nextgov/FCW: How do we measure success there?

Stewart Gloster: It’s very tough to do. One of the initiatives that I was very passionate about while in my seat was the metrics piece. We hosted a roundtable about that. And we started to have a conversation about what metrics we should be collecting and who should own cyber workforce metrics. How do we make sure that they’re standardized across government and industry? What are the next steps on that? Because it is a really hard problem. I think there’s a really creative opportunity to figure out how to understand workforce movement and how many people are moving into the industry beyond just broad metrics. I think we could get more nuanced than that.

Nextgov/FCW: Last question — We’re in an election year with about six months to go now. There is obviously a chance that the administration flips and that the groundwork that started with you and your colleagues in ONCD is going to be handled by another administration. What does the preparation look like there? How has ONCD positioned itself to tackle cyber threats once possibly handed off to a Republican White House?

Stewart Gloster: From an organizational standpoint, there are a bunch of career staff within ONCD that can carry on. There will be intellectual continuity and resource continuity from that perspective. That said, if there’s a change in administration, the priorities could shift, whether those are priorities as articulated under the National Cybersecurity Strategy, or if there’s a completely new strategy. Folks would have to realign on a new set of priorities and principles and then advocate for them to get resourced. I think the office is well positioned to do that. But the career staff is very smart, very talented and leaning in on a lot of this work now. 

The federal government is made to pivot under new leadership. That said, what I hope doesn't happen in a transition is ONCD being underinvested in and seeing its work undermined. I do want to see it continue to be that convener and orchestrator for cyber priorities and be able to set that affirmative vision and move us towards our ideal state of a digital ecosystem that can be responsive and resilient and equitable. That is my hope for any kind of a transition, whether it's hopefully another term of Biden or a transition to another administration. I hope that there’s continuity and continued investment in the office, as well as continued prioritization of cyber risks and cyber risk mitigation.