[TheRecord] Diversity in cybersecurity is a ‘national security’ issue, congresswoman says

Closing the gender and racial employment gaps in the cybersecurity workforce is a “mission critical” issue for the U.S., Congresswoman Lauren Underwood (D-IL) said at an online event hosted by the Aspen Institute Thursday. 

Racism and sexism in the sector are both “national security” issues because they prevent the government and private companies from recruiting from the best and widest possible pool of talent, she said. 

Recruiting a diverse workforce with a variety of backgrounds can also help security programs prepare against different threat models, Underwood argued—comparing the situation to how her background as a nurse and in healthcare policy brings a unique perspective to her work as the Vice Chair of the House Committee on Homeland Security as the country is facing a public health emergency. 

“Less diversity means more blindspots in our threat assessments,” Underwood said.

A report released by Aspen Digital and the Aspen Tech Policy Hub in conjunction with the event argues that current diversity, equity, and inclusion efforts have largely failed and suggests aimed at correcting racial and gender employment gaps in the sector. 

Less than a quarter of the cybersecurity workforce self-identifies as female, less than 10% as Black, and only 4% as hispanic, according to research from infosec membership organization (ISC)²—figures far below those groups’ share of the general population. 

Source: Aspen Institute

Changes to education, hiring, and retention processes could help close those gaps, according to the report and event panelists. For example, the report recommends reviewing the role of some (often costly) professional certifications and current criminal background check processes during hiring, as well as exploring more on-the-job training and apprenticeship opportunities for junior roles. 

Despite the crunch for technical talent, some job listings in the industry ask for three to five years experience for entry-level positions, noted Ron Ford, a Cybersecurity Advisor at the Cybersecurity Infrastructure Security Agency. 

“It’s not realistic,” he added. 

Instead, Ford said, cybersecurity employers need to start meeting people where they are—both technically and physically. The latter should include more direct outreach to Historically Black Colleges and Universities that produce top-tier tech talent, but are all too often overlooked in recruiting, he added. 

But that and many other recommendations outlined in the report will require substantial, sustained commitments from employers. Panelist and #ShareTheMicInCyber movement co-founder Camille Stewart warned there is no quick fix for these sort of systematic problems. 

“Don’t let short-term wins cause you to negate the long-term investment that is also important,” she said. 

(Disclosure: The author of this post was an Aspen Institute Cyberjournalism fellow in 2019.)

The post Diversity in cybersecurity is a ‘national security’ issue, congresswoman says appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

Daily NCSC-FI news followup 2020-09-22

How to fight delayed phishing www.kaspersky.com/blog/delayed-phishing-countermeasures/37153/ Phishing links in e-mails to company employees often become active after initial scanning. But they still can and must be caught. Phishing has long been a major attack vector on corporate networks. Its no surprise, then, that everyone and everything, from e-mail providers to mail gateways and even browsers, […]

Read More

[ZDNet] Google claims no instances of foreign interference campaigns targeting Australia

All posts, ZDNet

While conceding that foreign interference campaigns on its platforms targeting other jurisdictions have made their way to Australia, Google said none pursued the country specifically. Source: Read More (Latest topics for ZDNet in Security)

Read More

Daily NCSC-FI news followup 2021-02-14

Egregor ransomware operators arrested in Ukraine www.zdnet.com/article/egregor-ransomware-operators-arrested-in-ukraine/ Arrested suspects are believed to be clients of the Egregor RaaS, not the Egregor gang itself.. Members of the Egregor ransomware cartel have been arrested this week in Ukraine, French radio station France Inter reported on Friday, citing law enforcement sources. Pro-India hackers use Android spyware to spy […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.