Diversity in Cybersecurity for Superior Outcomes

The following guest post was given at the White House Office of Science and Technology for the Cybersecurity event on December 3, 2015 by the Honorable Paula Stern, Chairwoman of The Stern Group, Inc. and an NCWIT Policy and Media Consultant.

The National Center for Women & Information Technology is a non-profit community of over 650 organizations working to increase girl’s and women’s participation in computing and technology.  NCWIT fundamentally believes emphasis should be on fixing the culture, not fixing the woman.  For the purpose of today’s emphasis on cybersecurity, NCWIT seeks 1) to offer opportunities for enhancing and expanding the talent pipeline; 2) to provide tools for making organizational and educational cultures more inclusive; and 3) to suggest tools to track progress and identify areas for continued improvement.

  1. We begin with the strong evidence based view in the value of gender diversity in IT & Computing both quantitatively and qualitatively.  Tapping into America’s full potential requires us individually and collectively to overcome conscious and unconscious bias.
  2. How do we track whether we are seizing this opportunity?  We must collect and breakout data by gender and by computing occupations from federal agencies, federal contractors, and the private sector.  In many workplaces where security clearances are required, workers on H1B visas are not even a stop gap option.  We need to double down on bringing and keeping girls and women into the cybersecurity job pipeline by applying best practices for teaching, recruiting, and retaining talent regardless of gender.  We could start by piloting data collection and breakout at our national labs.
  3. NCWIT is already piloting solutions to expand the size and diversity of the cybersecurity computing pipeline by focusing on providing military-to-civilian job pathways for veterans and their spouses.  The SANS CyberTalent Women’s Immersion Academy will provide special intensive training for girls whom NCWIT has selected and tracked from the thousands of girls in its Aspirations and Computing recognition program.

The Problem

America must address the cultural problem of gender bias in IT and computing occupational settings.  Research shows that IT and computing are male-dominant cultures where women feel unwelcome.  Almost half of women in the technology world report that gender biases influence performance evaluations at work, and twenty-five percent believe that they are seen as intrinsically less capable than the men in their companies.  It’s these unconscious and conscious biases that ultimately stand in the way of advancing women’s retention, leadership, and creativity particularly in IT and computing companies.  Anecdotally, I have learned of top intelligence agency officials pursuing short-term, stop gap policies that will exacerbate this problem. I refer to stop gap attempts to fill cybersecurity jobs at intelligence agencies by recruiting students who are proficient in IT and hacking, but focusing mostly on recent high school boy graduates.  The boys are encouraged to skip college and go straight into the workforce.  This so-called “solution” is rooted in unconscious biases about who is “right” for these jobs and related assumptions that boys have “innate” talent, even when sociologists find no scientific basis for that prejudice.  That is a problem.

Data to solve the problem and measure what works to bring about change

NCWIT believes to solve a problem and change behavior, you need metrics to measure behavior.  Without data, there is no way to track what practices work.  How can policy makers measure progress in filling the cyberspace job pipeline absent data?  We must collect and breakout data by gender and occupational categories in all the relevant tech employing sectors including cybersecurity fields.

Filling cybersecurity positions is difficult because foreign nationals cannot obtain security clearances.  So, why not hire at home? Only twenty-six percent of tech women hold IT and computing jobs, but they are an especially valuable pool from which to draw talent.  Increasing women’s overall participation in cybersecurity agencies and federal contractors, which seeks to fill jobs requiring a security clearance, is an efficient first step because it would focus on a critical field with both a greater need and a thinner existing talent pool.  Such an effort offers the dual benefit of increasing national security and improving gender diversity within this sector.

A pilot to accelerate a response to the problem

One opportunity to expand the size and the diversity of the IT and computing pipeline is to supply a military-to-civilian pathway for veterans and their spouses.  Statistically speaking, from ages 25 to 64, women veterans are more likely to be employed than non-veteran women, but less likely not to be in the IT and computing labor force.  This means that female veterans are more employable than non-veteran women, and the information technology field is not taking full advantage of the talent pool.  NCWIT is working with The SANS CyberTalent Women’s Immersion Academy to help qualified women receive training and certifications quickly to help launch their careers in cybersecurity.  It is an accelerated program that can be completed within a couple of months.  The women (juniors and seniors in college, and women who are 5 years or less out of college) take a qualifying exam.  The women with the highest scores are then asked to submit their resumes and be interviewed.  SANS will select around 10 women to attend an in-person, week long class, which will connect them to mentors and allow them to network and support each other.  Then the candidates will take online classes for their next course.  There will be a few options for the online course, depending on the candidate's’ interests.  This is a pilot that was designed on SANS training for select members of the Air Force returning to civilian life.

Summary and Next Action Steps

NCWIT urges this group to launch a pilot program at its national laboratories to collect and breakout data by gender and computing occupations.  This would provide a baseline and serve as a model for other federal agencies, federal contractors, and the technology employing sector to compile their own metrics.  Then by applying best practices to address toxic gender bias and create a more inclusive workplace, the tech world can measure progress in expanding the size and diversity of the computing pipeline particularly where security clearances are required.  Encouraging expansion of best practices to provide military-to-civilian job pathways for veterans and their spouses is yet another action item.