Cybersecurity pro Michaela Barnett didn’t see people like her at DEF CON and the other security industry events she attended. Neither did her sister, Alexandria Barnett.
“We found that so many people had that experience of not seeing ourselves represented,” Alexandria says.
The twins set out to change that. Michaela founded Blacks In Cybersecurity (BIC) in January 2019 with the goal of highlighting and elevating the Black community in the security profession by offering a range of activities, from online forums and to conferences, meet-ups, seminars and group outings.
“We really strive to be that family of resources to advance people in the field, to create a network and to affect culture, because when you think of cyber, you’re thinking of a white man in a hoodie, you think of DEF CON, where you don’t see many people of color who are too often on the outside of that culture. We’re hoping not to have that schism anymore,” Alexandria says.
The Barnetts’ experience speaks to the statistical reality of a profession.
According to the (ISC)2 Global Information Security Workforce Study Innovation Through Inclusion: The Multicultural Cybersecurity Workforce, only 9% of workers self-identified as African-American or Black, 8% as Asian, 4% as Hispanic, and 1% as American Indian or Alaskan Native and Native Hawaiian/Pacific Islander. Those figures only tell part of the story, however. The report’s authors also point out that racial and ethnic minorities tend to hold non-managerial positions and face pay discrepancies. And they note that minority women report the highest numbers of discrimination.
Meanwhile, research has found only 20% of the cybersecurity workforce is female.
Such findings aren’t new, as cybersecurity leaders for many years have acknowledged the underrepresentation of minority groups and women and have worked with varying degrees of success to improve diversity across the industry.
But the issue has become more urgent, and more broadly addressed, as society grapples with longstanding racial inequities. Now employers of all sorts, from federal agencies to tech giants, have established initiatives to create a more diverse workforce as well as increase the number and diversity of people entering the field. Executives say their efforts are critical, as diversity of workers engenders diversity of thought that in turn fuels the innovation needed to better secure their enterprises. They also stress that working to increase diversity is simply the right thing to do.
“Diversity is purposeful. It’s not something you can just announce and do. It’s something you have to commit to and keep track of it like a business goal,” says Mary N. Chaney, chairman, CEO and president of Minorities in Cybersecurity.
Dismantling the roadblocks
Many of the initiatives are being led by professionals like the Barnetts—people who have an insider’s view of diversity issues in the profession. They’re creating programs that take multipronged approaches to the roadblocks that can keep people of color out of security or from advancing up the ranks.
The nonprofit BIC, for example, has an international reach with its networking and development groups, conferences, and local ambassadors. The group works with schools, providing information and programming to elementary, middle, and high schoolers about the cybersecurity profession to educate more young people about the work opportunities it offers. It has training for existing workers. And it partners with Black Girls Hack, hoping their combined efforts will be even more impactful.
“We’re working to get anyone and everyone into cyber,” says Alexandria Barnett, who works full time in tech in addition to working at BIC as its public relations director.
Although it has a broad agenda, Barnett says the group’s core is focused on community, with patches and merchandise and a host of events to create professional networks and personal connections.
Others have similarly drawn on their experiences to address the hurdles to increasing diversity within the field.
Take, for example, the work being done by Chaney, with Minorities in Cybersecurity. Chaney is a lawyer, veteran corporate security executive, and former Special Agent with the Federal Bureau of Investigation experienced in investigating cybercrime; in recent years she has mentored dozens of women of color.
Now with the 2-year-old MiC, she’s also focusing on leadership and career development for minorities and women. She works with other mentors and corporate partners to help minorities and women navigate the challenges of advancing in the profession; create networks and opportunities; and develop the skills they need to advance—whether they’re just starting in cybersecurity, moving into their first management positions, or seeking to succeed as directors.
Getting to the root issues
Chaney knows how to help because she guides from experience. “When I was working in corporate America and in government, I saw a culture issue. I’m an African American woman and I had leaders who had never managed an African American woman before, and that created different challenges for them. So, as an employee, how do you deal with the fact that your boss isn’t preparing you [to advance]?”
She adds: “It’s one thing to say, ‘I want to hire a bunch of people who look different,’ but it’s a different thing to say you have equity in representation across the board. It’s really about fair and equitable representation throughout the entire organization, not just getting a bunch of [diverse] bodies into the organization.”
That’s why in addition to the specific initiatives to increase diversity in the security field, the complex societal factors that have created and continue to contribute to the situation must be addressed as well.
For example, many in minority communities face challenges in financing higher education, says Larry Whiteside Jr., co-founder and president of the International Consortium of Minority Cybersecurity Professionals (ICMCP). He also points to the lower access to technology that many schools in minority communities have, which in turn lessens the likelihood that young people will become inspired to enter the IT profession. And because there’s already an underrepresentation of Blacks and other minorities in IT and security, those communities have a smaller network of family and friends to advise them on the training programs, college majors, internships, and job openings to pursue. As a result, there are also fewer mentors who have had shared experiences and can offer their counsel to the next generation of aspiring tech workers.
Whiteside, who is also CTO and CSO of CyberClan, knows firsthand how important mentors are for success. He said mentors once coached him through a particularly difficult situation when his advice as a CISO was being discounted and he was being asked to step aside; Whiteside credited his mentors with helping him chart his moves out of that company and into a better position, noting that without them he might have decided to quit the profession.
Corporations take action
Now, Whiteside and his ICMCP are working to support others.
ICMCP and Women in CyberSecurity (WiCyS) announced that they will work with Target this spring to expand access to the National Cyber League (NCL) virtual competition and training program for 500 women and BIPOC individuals as a way to introduce cybersecurity and technology careers to more underrepresented students. The competition gives participants a chance to tackle simulated real-world scenarios as a way to sharpen their cybersecurity skills, explore areas of career specialization, and boost their resume.
Target CISO Rich Agostino said the opportunity for his company to participate fit with its long-standing efforts to increase the diversity of its workforce and the technical professions, too. For example, Agostino has a formal mentoring program, pairing women on his team with outside executives. “I’m a huge believer that if you want to make a difference in someone’s career, you get them connected with the right people to build their network,” he says. Target, which is headquartered in Minneapolis, also works with the University of Minnesota through various programs, such as scholarships and networking opportunities, to help increase diversity among the students and, thus, the future workforce.
“It creates a community and a team beyond on our own Target team,” Agostino says, adding that Target is also working to start a Twin Cities ICMCP chapter.
Change is happening, but is it enough?
Security leaders say such steps are encouraging, and they’re optimistic about the potential for such initiatives and other current events to increase diversity.
For example, some point to Anne Neuberger, President Biden’s appointment to a newly created cybersecurity role on the National Security Council, and other high-profile women in security, saying they’ll likely inspire more women to follow in their footsteps.
However, Kelvin Coleman, executive director of the nonprofit National Cyber Security Alliance, says he is concerned that cybersecurity still isn’t attracting more African Americans to the profession. “And I don’t see that number going up until we see someone at a very high level, someone with lots of visibility,” he adds.
Others agree, saying “It’s harder to be it, if you don’t see it.” They also say it’s more challenging for professionals to advance without having mentors who have had similar experiences who can offer guidance. As Coleman says: “That really does matter in terms of envisioning yourself in a role.”
Despite such concerns, Coleman says his organization, like others, is moving ahead. The NCSA is partnering with others, such as historically black colleges and universities (HBCU), fraternities, sororities, and other youth organizations to increase interest and enthusiasm for the security field.
And Coleman, who acknowledges how much mentors helped him move up in his career, says he seeks to do his part by being a visible and enthusiastic ambassador for the profession.
“I was blessed to have mentors,” he says, “and now I feel an obligation to help the people who come behind me.”
Copyright © 2021 IDG Communications, Inc.