It is hardly news that the cybersecurity community is facing a labor market problem. The industry is short by almost 200,000 workers currently, a shortfall that is expected to get much worse given the growth rate of the market. Experts estimate 1.5 million unfilled cybersecurity jobs by 2019. But the problem isn’t simply a function of a quickly growing field; underlying problems in the labor market run deep. Addressing those issues will require not just shifting our educational approach, but changing the system right down to how we think of the ‘typical’ cybersecurity worker.
Currently, the industry is missing entire demographics in the workforce. Women make up between eleven to nineteen percent—depending on how you count—of the U.S. cybersecurity workforce, and less than ten percent (combined) is Black or Latino. Aside from the very obvious missed opportunity to fill out the ranks of the workforce, this diversity gap is deeply worrisome from a social justice standpoint; women and people of color are missing out on cybersecurity’s relatively well-paid jobs. But on top of that, it’s very clear both statistically and anecdotally that diverse teams make better products. When your product is security, then having strong, innovative teams that can produce the best product possible becomes a critical national security challenge as well.
It is pretty clear that popular perceptions of an industry’s workforce can drastically affect the types of people that choose careers there, and the image of the archetypical cybersecurity worker as a hoodied white male does a great deal to inhibit other demographics from gaining a foothold in the field. In fact, as we found when we spoke with women who work in cybersecurity, misconceptions about who can work in the industry create ‘leaks’ throughout the workforce pipeline from classrooms through to board rooms. These leaks the industry not just potential new hires, but also a much-needed additional perspective.
We believe that the composition of the cybersecurity workforce should reflect that of the population it serves. That is why we created #HumansofCybersecurity, a section of Medium dedicated to sharing the personal stories of the folks who work in this industry, in all their rich diversity and multitude of roles. By demonstrating that cybersecurity experts can be lawyers, policy makers, and educators in addition to being technologists, and that the cybersecurity community is truly made up of individuals that represent diversity in all its guises, we hope to reshape the image of the cybersecurity workforce.