Cybersecurity and Diversity
This is a writing sample from Scripted writer Curtis Fease
Current Cybersecurity Landscape and How It Can Benefit From Diversity
In 2016, the headline “America Is Losing the Cyber War” hit hard when it landed front and center on our newsfeeds and social profiles. Rather than serving as an alarmist piece of clickbait, the U.S. News article explained how our nation was falling behind our major global adversaries in cyber capability investment. The article came out months before the full scale of Russia’s involvement in the 2016 election became apparent, and America’s cybersecurity outlook has only become more bleak since that point.
The reality is that the United States is no longer superior on every battlefield. While we’ve long held supremacy on land, in the air, and at sea, our adversaries have learned to exploit the failures in our cybersecurity infrastructure. Public and private partnerships have certainly set us in the right direction in combating this issue, but there’s still a systemic problem that no amount of funding is going to fix overnight. That problem is a lack of diversity, equity, and inclusion (DEI).
The cybersecurity industry in America has long had serious trouble with diversity. Professionals and students in the industry are mostly white and male. And while people from all backgrounds tend to succeed in the field, statistics show that individuals from certain backgrounds simply don’t get that opportunity. Fortunately, the social justice movement that picked up steam in 2020 has opened many eyes to the injustice of such a discrepancy. And while a lack of inclusion is a problem within itself, but it also creates much more serious issues.
The simple fact is that a lack of DEI in the cybersecurity field puts Americans at risk. It hinders our ability to effectively prepare for and respond to the increasing digital threats we currently face. Fortunately, this isn’t a reality that must persist. By increasing gender, racial, ethnic, and cultural diversity in the field, America will be better capable of responding to the hazards of a global landscape where wars are waged via innovation rather than invasion.
A Changed Cybersecurity Landscape
The development of the internet began in the late 1960s in California. This would eventually change the world as we knew it, and in doing so, it created a new front in global affairs. Unfortunately, our nation’s status as the frontrunner in the digital world was not a permanent position. In 2016, the head of both the U.S. Cyber Command and the National Security Agency stated that America was on a level playing field with other countries in cyber warfare. This was a troubling revelation.
The unfortunate truth is that Russia, China, North Korea, and Iran have all heavily invested in offensive cyber capabilities that could offer a strategic advantage over America. During a Senate Intelligence Committee meeting, Director of National Intelligence Dan Coats said the cyberattack capabilities of these nations were "growing in potency and severity." He also explained how foreign adversaries will probably use cyber capabilities to gain military, economic, and political advantages over America.
Unfortunately, current trends seem to show that this problem will only continue to grow. One of the biggest issues contributing to this reality is America’s failure in STEM education — the academic background that produces our cybersecurity experts. For instance, China produces eight times the number of STEM students as America, even though its population is just four times higher. And since the U.S. has only the third-highest number of STEM graduates worldwide, it's not just China that's outpacing us.
Improving these numbers is just one aspect of overcoming our cybersecurity deficit on the global stage. It’s also imperative that we undertake concurrent measures to improve both our offensive and defensive capabilities. One of these measures should be an increased focus on diversity, equity, and inclusion. The need for this goes far beyond simply creating a more diverse field where everyone has a chance to succeed. America’s success in the cyber landscape could very well depend on this issue.
The Lack of Diversity in Cybersecurity
Before understanding the obstacles created by a lack of diversity in cybersecurity, it’s first important to recognize the magnitude of the issue. This problem is not related to limited interest in the field from specific subgroups. Rather, it’s a systemic problem that keeps individuals from underrepresented backgrounds from breaking into the field. For instance, research from the Aspen Institute found that women make up less than one-quarter of the cybersecurity workforce. This is surprising since they're also 51% of the American population.
The lack of diversity also doesn’t stop at gender. While African Americans make up 13% of the U.S. population, they only account for 9% of professionals in the cybersecurity workforce. The discrepancy is even worse for Hispanics, who make up 19% of the population but only hold 4% of cybersecurity jobs. When looking at American Indians, Alaska Natives, and Native Hawaiians, there are about 50% fewer professionals in the field than we’d expect based on population alone.
Some of this discrepancy is certainly due to general recruitment failures. Among STEM careers, cybersecurity outreach may be the most difficult. It's hard to promote a career to underrepresented groups when it has a reputation of dimly lit cubicles, password-reset emails, and training employees to keep their laptops secure. Fortunately, an increase in diversity in the field shows that people are looking past this outdated representation. Folks have increasingly realized that cybersecurity is the new front of American defense.
Unfortunately, the small steps that have been made are not enough. Individuals entering the cybersecurity world are still overwhelmingly white and male, so even as people from more diverse backgrounds enter the sector, disparities are likely to continue for some time. Of course, the bigger issues are still systemic in nature. Complex jargon in job postings, employment experience requirements, inequitable criminal background checks, and a variety of other problems we may not even consider contribute to this continuing problem.
The current lack of diversity in cybersecurity — and tech in general — is most concerning because we’ve seen what inclusiveness can accomplish. For instance, the work of Katherine Johnson at NASA got us to the moon much quicker than we otherwise would have. This was a paramount moment in the space race and the Cold War. Decades before then, during World War II, women and minorities played a disproportionate role in the manufacturing boom that helped America win the war.
Even though neither of these examples solved the systemic issues of the day, they show what diversity in the workforce can accomplish. Unfortunately, fixing the modern lack of diversity in cybersecurity isn’t just about innovation. There are genuine threats created by the homogeneity that exists within the field. If you’re part of an underrepresented group in the cybersecurity industry, you can do more good for our country than you might realize. The first step in this process, however, is to recognize the dangers inherent in this lack of representation.
The Threats Posed by a Lack of Diversity
When U.S. Congresswoman Lauren Underwood said it was "mission critical" to close the racial and gender cybersecurity employment gaps, she wasn’t being alarmist. By hindering entire subsets of the population from entering these positions, America is leaving itself at risk for potential threats. The biggest problem is that the field is losing out on top-tier talent. By failing in outreach and allowing systemic hurdles to persist, the government and cybersecurity firms have pushed promising professionals into alternative careers.
Unfortunately, this isn’t the only outcome of such a failure. Even if the brightest minds among the homogenous cybersecurity workforce are working to improve America’s digital defenses, there’s still a massive blind spot left by the exclusion of underrepresented groups. That’s because people from different backgrounds bring unique perspectives to the table. This is important in every industry’s workforce, but in the cybersecurity world, it can mean the difference between safeguarding our nation and exposing it to foreign and domestic threats.
By bringing in a more diverse subset of the population — and thus more diverse experiences and perspectives — it’s possible to prepare ourselves against more threat models. To quantify this reality, one needs only look toward organizations that have made a commitment to diversity, equity, and inclusion. The Diversity and Inclusion (D&I) Report from McKinsey and Company found that organizational performance improved when there was a focus on diversity and inclusion.
How significant was this effect? When comparing the top companies for gender diversity to those at the bottom, the top organizations were 25% more likely to experience above-average profitability. When looking at cultural and ethnic diversity, the results were even more pronounced. The organizations that focused most on diversity in these areas were 36% more likely to experience above-average profitability. With cultural, ethnic, and gender diversity, the increased likelihood of success has even grown in recent years.
While the McKinsey Report used data from over 1,000 companies around the globe, another study delved into 1.2 million doctoral recipients spanning three decades. This research found that "demographically underrepresented students innovate at higher rates than majority students." Some may point to this and say it’s evidence that underrepresented groups are smarter than others. In reality, it demonstrates the fact that homogeneity often breeds groupthink and similar approaches to diverse issues.
Imagine taking 100 people with nearly identical backgrounds and putting them to work on a problem. There will certainly be some great ideas coming out of the group. Unfortunately, many of these individuals are approaching problems with the same mindsets based on similar experiences. This reduces the amount of innovation that’s possible in this specific population. When you bring in people with varying experiences based on their unique backgrounds, they bring with them novel approaches to complex problems. Even if we stop short of saying any group is more innovative than another, there’s no denying that nurturing diversity increases innovation.
When you consider the current cyber landscape America faces, it becomes apparent just how important such innovation can be.
America Is Already Under Attack
Even when many didn't feel it was the case, diversity has always been important to the American experience. This is just as true in the cybersecurity sector as it is within the government. Of course, people have been talking about diversity for years. Significant strides have been made for inclusion, and while progress has remained slow, progress has occurred nonetheless. So, what makes the current push toward diversity in cybersecurity so much different from what society has striven to achieve for years?
It all comes down to the threats America now faces. The idea of foreign interference in our military, infrastructure, electoral systems, and other elements of our lives is no longer a feared outcome that could occur “one day.” It’s happening as you read this very sentence. Just consider the following recent events and the implications they have for the American way of life:
China Stole a Fighter Jet
The Chinese government was able to infiltrate systems that contained plans for the American F-35 Joint Strike Fighter. In 2009, reports surfaced that they used this information to create the J-31 copycat with these plans.
Iran Infiltrates Banks and Dam
Hackers linked to the Iranian government hacked dozens of American banks and a dam in New York. They caused millions of dollars in lost revenue for the banks, but their most nefarious act was attempting to shut down the dam. This took place between 2011 and 2013.
North Korea Hacks Sony
When news broke that Sony would release a movie that portrayed the North Korean leader in a negative light, the country demanded that the studio shelve the film. They hacked and released Sony's company emails in response to the comedy movie.
Russia Attacks Various Government Agencies
A group allegedly backed by the Russian government infiltrated multiple parts of the U.S. federal government in the 2020 SolarWinds attack. This attack and data breach was one of the worst cyber-espionage events to occur in the nation. Russian hackers had access to vital American systems for up to nine months. The same hackers were still trying to access government networks over a year later.
Russia Hacks America’s Power Grid
Nearly everyone heard of Russia’s efforts to affect the 2016 election, but fewer people know that the country infiltrated America’s power grid. In 2018, reports surfaced that Russia had spent years hacking into our energy infrastructure. They gained access to the control system of at least one power plant, and they put tools in place that would allow them to turn off our power. The country successfully interrupted power in Ukraine in 2015 via similar methods.
Imagine you were part of the organization that had to respond to these events. Better yet, imagine you had the opportunity to prevent one of them from taking place. Cybersecurity doesn’t sound like such a desk job anymore, does it? America faces minimal military threat from its foreign adversaries; spending $700 billion more on the military than the next 10 countries combined will lead to that. This is why so many nations have opted to invest in their cyber offensive capabilities.
The U.S. is never far from suffering a significant interruption due to foreign cyber attacks. To combat this potentiality, we must do everything in our power to bring talented individuals with new ideas into the field. This means we must make changes to academic, hiring, and retention approaches. This is only one step in the process, but it’s an important one. And if you’re ready to safeguard American interests yourself, the cybersecurity field is wide open and hiring.
Help Us Expand Diversity in the Cybersecurity Field
Experts can continue debating the underlying reasons for a lack of diversity in the cybersecurity field. The one thing there’s no question of, however, is that there is a lack of diversity in the field. As professionals ponder methods for remedying this situation, America continues to face serious risks due to a failure in recruiting the best talent from all backgrounds.
It’s time for this to change. We’ve recently experienced some of the most significant cybersecurity threats our country has ever faced. Because of the current lack of diversity in the field, our preparation and response to these hazards relied on the experience of just a few subgroups of the population. If you’re part of a historically marginalized group and interested in cybersecurity, you can help America expand its defense capabilities.
Whether you aspire to protect our national infrastructure from foreign actors or prevent domestic terrorists from accessing financial information — and everything in between — the Cambridge College Cybersecurity Program can help you prepare for your future. Regardless of an individual’s background, every single person in the field serves a vital purpose. As someone from an underrepresented group, though, you’ll play an even larger role.
Increasing diversity, equity, and inclusion in our field will provide America with new opportunities for facing evolving cybersecurity threats. Your experiences will bring exceptional value that has long gone overlooked, and they will reverse innovative decline that could make our nation more vulnerable. By earning your certificate in cybersecurity from Cambridge College, you’re doing more than just securing your own future. You’re securing the future of America.
What could be more rewarding?
Written by:
