In a world plagued by ever-increasing cybersecurity threats, the federal government needs a cyber workforce that draws from a broader base of experiences.
“Diversity is essential for national security and for cybersecurity. We need to bring people to the table who have different perspectives, different experiences and different ways of looking at a problem,” said Cedric Richmond, D-La., chair of the House Committee on Homeland Security’s Subcommittee on Cybersecurity, Infrastructure Protection and Innovation.
The subcommittee heard from experts in academia and industry May 21, who together urged government to do more to grow and diversify the cyber workforce pipeline.
The United States faces a shortage of some 498,000 cyber professionals. It also struggles with a cyber workforce that is predominantly white and male, said Wesley Simpson, chief operating officer of the training and certification body (ISC)² Inc.
“It is important to recognize the clear under-representation of women in the cybersecurity workforce,” he said, noting that while women comprise 47 percent of the overall U.S. workforce, they account for just 22 percent of cybersecurity professionals.
Likewise, only 26 percent of the cyber workforce identifies as non-white. Minorities who do enter the field tend to work in non-management positions and they earn less than their white peers, Simpson said.
Some efforts are being made to diversify the workforce.
For example, Grambling State University President Richard J. Gallot told the subcommittee that his historically black school is leveraging internship opportunities and relationships with big tech companies to steer students toward cyber careers.
Still, the subcommittee heard, there is more that can be done. “Growing and diversifying the cyber talent pipeline is one of the most important workforce issues we address today,” said Amelia Estwick, director of the National Cybersecurity Institute at Excelsior College, who laid out an ambitious agenda for change.
Government leaders could, for example, look beyond traditional academic credentials to recruit cyber talent, she said. Rather than focus on the computer science bachelor’s degree, agencies could tap those who earn associate degrees. They could also encourage present employees to upskill themselves via online learning, a flexible mode of educational attainment that may suit the needs of working adults.
Government could also create new opportunities for current federal employees to earn academic credentials, perhaps by expanding on Office of Personnel Management’s existing efforts to secure lower-cost tuition rates for government workers. “Support for more educational opportunities would be beneficial to the federal workforce,” she said.
From the industry perspective, McAfee Vice President and Chief Technical Strategist Candace Worley recommended a number of steps government could take to enhance diversity in the cyber ranks.
The CyberCorps Scholarship for Service Program should be expanded from $55 million and 2,000 students a year to $200 million and 6,400 students, she said. Government should also deepen its engagements with community colleges, which tend to boast large cadres of women and minorities. Agencies should also broaden their horizons to seek cyber candidates among overlooked populations, such as gamers, veterans and retirees.
Worley also reiterated the need for public-private partnerships as a means for federal agencies to help present workers transition to cyber roles.
“We need that collaboration in order to solve serious problems,” she said. “We should design a mechanism for cyber professionals to move back and forth between the public and private sectors so that government organizations will have a continual refresh of expertise.”