The cyber intelligence and security sector faces a growing number of threats and attacks that are increasing in complexity, but reports indicate that the current workforce lacks the qualified professionals needed to combat them. The U.S. Government and the educational community have been increasing efforts to help grow and diversify a workforce that continues to be primarily white male dominated. However, there are organization-level tactics that can be leveraged to increase and enhance the talent pool. Diversity, equity, and inclusion (DEI) initiates should be viewed not only as opportunities to engender equality but also as an opportunity to help recruit and develop the talent pool necessary to strategically heighten cyber intelligence and security capabilities. Consequently, the author reviews the benefits that DEI can bring to cybersecurity and discuss practical recommendations for moving forward with DEI initiative that can help support the industry's growing challenges.
TopIntroduction
The cyber intelligence and security sector, which I will refer to in this paper as simply cybersecurity, faces an alarming workforce shortage. The Homeland Security Subcommittee of Cybersecurity and Infrastructure Protection (2023), Director of National Intelligence (2023), and the White House National Cyber Director (2023) along with private sector cybersecurity organizations all point to a severe lack of qualified talent needed to fill vacancies in the industry. The Office of the National Cyber Director (2023) estimated the difference between global demand and qualified cyber security professionals at approximately 3.4 million.
The lack of qualified professionals in this sector has some negative implications for industry and the nation’s overall security. Cybercrime and criminals are more diverse than ever and so are their opportunities to breach the security of individuals, organizations, and national governments. The Office of the Director of National Intelligence (2023) Annual Threat Assessment of the U.S. Intelligence Community indicates “Globally, foreign states’ malicious use of digital information and communication technologies will become more pervasive, automated, targeted, and complex in the future, further threatening to distort publicly available information and probably will outpace efforts to protect digital freedoms” (p. 27). Security leaders are reporting an increase in novel attack strategies such as data poisoning and the use of generative artificial intelligence (AI) to develop malware and create more sophisticated phishing messages (Pratt, 2023).
While Artificial intelligence (AI) systems can be trained to detect some cybersecurity threats to help alleviate the workforce shortage, there are some limitations. Because threats, such as viruses and malware are constantly being changed by cyber criminals, AI systems require human experts who are creative in their approach to programming to combat them (Ansari et al., 2022). In addition, as cyber criminals become more advanced, existing AI data encryption protocols become easier for them to reverse-engineer, posing additional threats to data security (Ansari et al., 2022). To combat these threats, we will need to use all available resources and augment current AI initiatives with a focus on increasing the available human talent in this sector.
An issue with the current pool of qualified cybersecurity professionals is that it has remained consistently homogenous since its beginnings, comprised primarily of white males. The World Economic Forum (2021) reported that the cybersecurity workforce is comprised of an estimated 9% Black, 4% Hispanic 8% Asian and about 24% female professionals. Zippia (2023) reported that as of 2021, 78.5% of cyber analysts were male, 60% are over 40 years of age with only 11% between 20-30 years of age, and approximately 8.59% are members of the LGBT community. These statistics have changed very little over the past 13 years. Government and industry officials point to education and DEI initiatives as critical components of a solution to the talent shortage in the cybersecurity sector, but improve their capabilities to defend us against increasing cyber threats. A sustainable solution can only come from a multi-pronged approach that includes a deliberate attempt to increase the diversity of the cybersecurity workforce by implementing or re-tooling diversity, equity, and inclusion (DEI) efforts, which can expand the numbers of qualified professionals in the talent pool, but also offers some additional benefits to this sector.