Women — and all of us — want opportunities to grow our skills and careers, and do work that matters, while making a living wage. Cybersecurity offers that, and more.
So how does the recently released 60-page document by the Biden administration help create the workforce we need, and does it do enough to bring women into the cyber workforce and address the gaps?
The new White House National Cyber Workforce and Education Strategy presents a good plan for long term success. Short-term, it also suggests more emphasis on skills building and community colleges.
Other gaps exist that we can fill, and are not addressed. Also, educating the general public as well as teachers, administrators, and counselors within our K-12 schools are lofty goals without a clear plan. This includes educating and hiring teachers to support the program, where shortages already run rampant.
In women’s groups, including the Information Systems Security Association (ISSA), both women and men seek guidance to enter the field. These individuals have little idea of how to gain access, including security and technology degree holders, or those with multiple certifications. Some lack knowledge of the field or job demand, and many are not engaged in the field at all.
These individuals get to the point of a job search, without having any cybersecurity experience, and without mapping skills and expertise to in-demand job openings. Certifications are perpetuated as a magic entry pass. While it's also mentioned in the plan, colleges tend to emphasize certs, over experience and skills.
Moving forward, we have to acknowledge that the STEM professions have long been dominated by men and/or those who hold degrees. Traditionally, the cybersecurity profession has not recognized individuals with natural-inherent talents or recognized that good teams are a collection of those with a diversity of talents. ISSA, throughout its history, has always included men and women in its leadership capacity.
Barriers for women
Today, the online job application systems also present entry barriers for women. Unrealistic job descriptions in terms of the experience employers are looking for and the general long length of the hiring process are major challenges. Here are some questions we need to ask as an industry:
- How hard does a company make it to apply for its job openings?
- How has the company set up the interview process for a candidate?
- How are newcomers and non-traditional employees onboarded?
- How is the job and the organization sold?
- In hiring, how long are managers keeping positions open?
- Does the organization have flexibility or creativity built into its hiring for meeting demand and bringing in women and minorities?
Within colleges, we must do more to ensure that students gain live experiences, and create a graduate requirement to complete one or two semesters for work credit hours. Yes, community colleges can support security experience, but only with a skills focus beyond the existing certification programs.
Many managers still require degrees, and the White House program does address this. A degree opens doors, but it’s not required to hire in our field. Candidates should work on getting hired, building experience and furthering their education through an employer’s programs including tuition reimbursement. It grows the student while they earn, and avoids debt, while building and growing our workforce.
Companies can partner to bring in the U.S. Department of Labor’s Cybersecurity Apprenticeship Program. Engaging with the job seeker has been a gap for helping match them to programs like these and other academic and business partnerships across the country. ISSA has been working to add these partners as resources on their web site.
Security has opportunities beyond cybersecurity groups, including software and product development, sales and marketing, legal, privacy, and publishing. In my Women in Security book, we profile several women and their roles, and share experience on entering the field. We can publish a plethora of job types and opportunities, to highlight real possibilities.
Women should write more and speak more in our industry. Opportunities abound, to showcase skills and knowledge and create a platform.
I don’t personally see diversity, equity and inclusion (DEI) or male ally gaps, although DEI gets mentioned in the White House paper, and both are touted in our field. It’s a mindset and culture, attached to awareness and action. ISSA has always elected at least half the board as women.
Focus on the job and opt out of any negativity. If anti-women sentiment becomes prevalent among an organization’s senior leaders, it won’t change, and despite company policies, the organization will lose women and other employees. To create change, people have to BE the change, tops down. If it’s a toxic organization, move on.
About being a woman, I’ve been asked how many jobs I got as a consultant as a result. Exactly zero, is my answer. Package and showcase to exhibit skills and knowledge, not being a woman, or any other characteristic.
Women often seek mentoring without knowing exactly what they want. I find it better to take mentoring in tiny bites and collect expertise to gain or give mentoring tidbits across different people. We can all help, it takes a village. We can guide, but each person has to do their own legwork.
The Biden administration paper presents a good overall plan. It has gaps that many of us can help fill starting today. Each of us can play a role.
