A recent report by the Aspen Institute found that despite existing efforts to improve diversity, equity, and inclusion (DEI), the cybersecurity field remains mostly homogenous among technical practitioners and policy thinkers.
According to the report, only an estimated four percent of cybersecurity workers self-identify as Hispanic, nine percent as Black, and 24 percent as women.
“The national reckoning on racial justice that began in mid-2020, prompted by the murders of George Floyd, Breonna Taylor, and other Black Americans at the hands of police, has further clarified that current DEI efforts, however well-meaning, have not addressed the overwhelming white-ness and male-ness of the cybersecurity field,” the report says.
To diversify the cybersecurity industry, Aspen Digital and the Aspen Tech Policy Hub have made recommendations across two categories: immediate actions and actions requiring further investment.
“One key gap in the ecosystem was that no organization had convened an intergenerational and cross-disciplinary group of cybersecurity professionals to develop a concrete, impact-oriented set of commitments focused on improving DEI in cybersecurity,” the report says.
Aspen Institute’s recommendations include:
- A coalition of cybersecurity managers and human resource professionals should assess the value of certifications in developing quality cybersecurity candidates;
- A task force should survey participants in cybersecurity apprenticeship programs to better support diverse candidates;
- Cyber organizations that succeed at hiring diverse talent should collect and share anonymous data about which characteristics prove useful for successful hiring;
- Pro bono experts should help cybersecurity employers rewrite job descriptions without jargon and focus on the skills required;
- A task force should consider whether the current criminal background check process is “appropriate, fair, and equitable”;
- A task force should track C-suite executives’ commitment to DEI initiatives within their companies;
- Cybersecurity experts should “identify best practices for mentoring diverse cybersecurity practitioners and create a repository of shared resources”; and
- Brands, advertisers, and media influencers should cultivate partnerships to reimagine narratives around the cybersecurity field.