The benefits of having a diverse cyber workforce were pounded home on October 4 by CISOs, government officials and academics during the IBM/International Consortium of Minority Cybersecurity Professionals (ICMCP) Town Hall.
The event, held at IBM's Manhattan, N.Y. office, saw cybersecurity execs not only speak highly of the need to have a diverse staff, but they also went against conventional wisdom in many areas when it came to the hiring process. The day-long conference featured a series of expert panel and audience-driven discussions that examined ways to further the inclusion of underrepresented minorities in cybersecurity.
The participants dismissed some long-standing beliefs, such as a person needing a college degree or specific IT training to pursue a career in cybersecurity, as speaker after speaker stood up and said training in the field is less important than having a candidate with curiosity, being a self-starter, humble and simply having the intellectual capacity to absorb new knowledge.
From Left - John Masserini, CSO MIAX;Taiye Lambo, founder CloudeAssurance; Laura Deaner CISO S&P; Shamia Naidoo, CISO IBM and moderator Deidre Diamond, CEO CyberSN.
“I will hire attitude over experience,” said Shamia Naidoo, IBM's CISO, adding that she would accept a person with a degree in English and then teach them what they need to know. Naidoo is the fourth female CISO at IBM.
Being willing to take on newcomers as well as open to having a more diverse workforce is not only important from a moral standpoint, but it is needed to help fill the yawning gap between number cybersecurity job openings, around 200,000 year in the United States, and the large number of people looking for a job with a future.
Sandy Stanar-Johnson, director of equal employment and opportunity for the National Security Agency (NSA), while praising the effort the NSA has put forth so far in diversifying its staff said work still needs to be done both at her agency and in cybersecurity in general.
While pointing out that in the NSA 24 percent of its cyber staffers are women and 24 percent minorities and that helps make the United States strong.
“I am still not happy with that as that is not representative of America,” she said. “The cybethreat is real and growing and more complex and our response must also be more complex and diverse.”
| From left - Moderator Aric Permnter, founder Lynx Technology; Nasir Memon, chair NYU computer science and engineering department; Sarah Isaacs, CEO Conventus; Kristin Lovejoy, CEO Acuity Solutions; Sandy Stanar Johnson, NSA's director of equal employment and opportunity. |
Shelly Westman, vice president of operations and strategic initiatives, IBM Security, said “The number of women is so startling bad in cybersecurity,” she said.
The generally accepted figure is about 10 percent of the cybersecurity workforce is comprised of women and minorities.
Even with some employers willing to take a chance on people with little experience, additional steps have to be taken by these job seekers and those hiring so their skills and abilities can be put on display.
“It is not such a risk to take a person without a four year degree,” said Bertina Ceccarelli, CEO of NPower, “but to prove their ability we have our students do an internship. Here is where the skills that don't appear during the interview process appear.”
NPower is a non-profit that offers free training to underserved adults and veterans.
All of the panelists appearing praised internship programs, but noted that just getting into a program will not lead to a job. Once inside an organization and working they must prove themselves.
“I want to see if interns are teachable and like to solve problems,” said Taiye Lambo, founder & CTO of CloudeAssurance, a cloud security firm.
While pulling in as many adult people as possible from all walks of life is the immediate goal, Nasir Memon, chair of the computer science and engineering department at New York University said the real failure is taking place in the public school system. Particularly when it comes to attracting women to the profession.
“We are losing the battle in the middle and high schools. We have to engage her [female students]. However, there are a lack of role models and stereotyping at this level is a problem. Cybersecurity is not about hacking and attacking, but defending and doing good and that resonates well with women,” he said.