Security Staff Acquisition & Development

Diversity is critical to closing the cybersecurity skills gap

The current cybersecurity workforce gap is estimated to be over 3.1 million globally. The workforce needs to grow 89% to effectively defend organizations’ critical assets from increasingly sophisticated cyberattacks.

While there is no silver-bullet solution to this problem, diversity, equity and inclusion (DEI) is critical to attracting more talent to the profession. Cybersecurity threats and challenges are constantly evolving, but the workforce has remained relatively unchanged from a representation standpoint.

There are numerous benefits to diversity in the cybersecurity industry. Arguably the most imperative to addressing the current threat landscape is the positive impact different backgrounds, experiences and perspectives have on the public and private sectors’ ability to fight cybercrime. Diverse team members bring fresh ideas and approaches to the table, which are needed to solve complex problems, develop new innovative technologies and processes, and anticipate cyberattacks before they happen. More diverse perspectives are essential if we are to learn, grow and thrive.

Additionally, research from McKinsey found that diversity has an increasingly positive impact on an organization’s overall financial performance. Organizations that make DEI a top business priority attract top talent, increase employee satisfaction, improve decision making, foster creativity, become more customer-oriented and inspire employees to think differently.

Organizations must expand their horizons, address their unconscious bias and break old recruitment and advancement habits to attract and retain diverse cybersecurity talent. Hiring managers should seek non-traditional qualified candidates by assessing individuals based on critical non-technical skills, such as problem-solving, analytical thinking, ability to work independently or in teams, and communication skills, instead of solely relying on technical experience or educational background. Technical skills can be taught.

Also, it’s critical to ensure hiring practices don’t introduce barriers to entry, such as overloaded job descriptions or unrealistic experience expectations for entry-level and even mid-career jobs.

The 2021 (ISC)² Cybersecurity Career Pursuers Study found that some organizations are already shifting their approach as 26% of cybersecurity professionals with less than three years of experience started in a field other than IT compared to 20% with more than eight years of experience. By removing technical barriers and being more open to candidates without a formal tech background, organizations open more career pathways for groups historically underrepresented in IT and cybersecurity.

However, increasing diversity is not enough to retain talent. The industry as a whole must make cybersecurity a rewarding and welcoming career for everyone if we want to build strong, resilient cybersecurity teams. From the bottom to the top, organizations must ensure that diverse voices are seen and heard and implement systems that uplift all talent. There are several actions organizations can take to foster, promote and nurture diversity including implementing mentorship and training programs, leadership programs to promote the advancement of the multicultural workforce, and organization-wide recognition programs and events.

DEI is a journey, not a destination. We must be committed to continually learning and improving systems, business processes and workplace cultures to ensure they foster and celebrate diversity. Only then will we make a substantial impact on the cybersecurity skills gap.

For a broad range of free downloadable content that can serve as a toolkit for auditing, building and measuring DEI initiatives within an organization, visit

By Clar Rosso, CEO, (ISC)2

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.