Opinion: Cybersecurity Needs More Diversity

Opinion: Cybersecurity Needs More Diversity

Cybersecurity experts are needed at every level of an organization. The problem is that the supply of well-trained professionals cannot meet the demand. According to TechCrunch, cybersecurity nonprofit (ISC)2 has estimated that across the globe, approximately 3 million cybersecurity jobs are currently unoccupied. America’s educational institutes have responded by offering several new courses of study in fields related to cybersecurity, an option that did not exist a decade ago.

But the talent shortage is not just a simple matter of supply and demand. Even if the candidate pool grew at the same rate as the number of unoccupied jobs, there are other factors at play – one of which is the mandate to create a more diverse workforce. As in other fields, like medicine, energy production, and politics, the cybersecurity talent pipeline is not very diverse. And in cybersecurity, a field that touches nearly every aspect of our modern lives, diversity does more than just tick a box on an HR department’s checklist.

Companies need to work on the problem in a meaningful way that extends beyond using words like “diversity” as marketing jargon. Many companies extoll their dedication to diversity in branding materials, on their websites, and in job postings. But the reality is that the numbers show that we aren’t where we should be, which is a shame because a diverse workforce is not only the right thing to do, it’s also good for business.

“Understanding and managing human and social behavior among employees, customers, clients and with the public at large is critical,” says Forbes contributor Deborah Hurley of the need to diversify cybersecurity. “The ability to get along with, bring together, supervise and get results from a broad range of people is an absolutely vital skill.”

Cybersecurity can affect everything from elections and health insurance to the integrity of our infrastructure. As the internet expands into every part of our lives, the threat posed by hackers and bad actors grows. The Internet of Things (IoT) promises billions more connected devices coming in 2020. What this means in cybersecurity terms is that the collective attack surface – the sum of all the attackable areas in an IT system – keeps expanding, creating more opportunities (and motives) for malicious actors. Such a multifaceted problem needs a multifaceted solution. Cybersecurity professionals need to have a sense of the life experience of threat perpetrators in order to counteract their schemes. And because bad actors come from diverse backgrounds, so must cybersecurity professionals. 

I have experienced both sides of the diversity issue in my own career. I’ve been afforded many great opportunities, and, as a manager, given many great opportunities.

My story started like that of so many others who have arrived from a distant shore seeking a better life for themselves and their children. I came to the US with my parents at the age of six. We worked hard to earn our place. I earned an undergraduate degree in biology, a graduate degree in systems technologies, served for thirteen years in the military and went on to enjoy a long and successful career in IT and cybersecurity.

My experiences have shaped how I approach my work. Biology helps me to understand complex systems of defense, as does my military background. My cultural and linguistic backgrounds help me to recognize technology’s capacity for good, and for tyranny. This is not something that can be learned in the classroom; neither can the experience of poverty and warfare. My experiences shape my understanding of cybersecurity and help me approach it within the context of reality, not as an abstract concept that exists in a vacuum. But these aren’t the only things that have helped me find success as a cybersecurity professional.

The role of ambition – of a desire rise beyond one’s circumstances – is a major contributing factor to success. I call it drive. 

Personally, I believe that drive exists in a great majority of immigrants. We came here for a reason: to succeed, and to have opportunities we would not have had in other lands. Immigrants do not forget where we come from. We take nothing for granted, and we constantly remind our children to do the same. We remind them that there are places with no clean water, no safety, no educational opportunities, no freedom of religion, no way to pursue career ambitions, to grow as a person and to raise a family with the ones that we love. No guarantee that we can be safe and enjoy that football game on Thanksgiving Day.

But the drive must come from somewhere. Sometimes it is instilled in us by family, and sometimes we must create it for ourselves. Sometimes it simply comes from knowing that an opportunity is an open door, and not a guarantee. There is no policy or mission statement that can create drive. That brings me to a final story from my days as the Unit Chief for the IT Unit that supported the Criminal Investigative Division at FBI headquarters.

I was hiring four IT specialists. The year was 1993. When HR completed its round of reviews from its internal posting, they let me know that there was good news and bad news. They had received over 40 applications. That was the good news. The bad news: not one of them was qualified.

I really needed to fill those four positions. I asked for the applications, looked through all of them and pulled the only four that shared the one detail that I was looking for. Those four applications were from candidates who had taken night school classes in IT, a pretty good indicator of self-motivation. Not surprisingly, these candidates were a rather diverse group: two were black men, one was a black woman, and the fourth man had an Italian last name.

I was looking for a drive. Diversity was not on my list of criteria. But there it was. Maybe it was only a coincidence that such a diverse group had applications which reflected the inner drive that I was looking for, and that the other 36 candidates’ applications did not. Maybe. 

I made a deal with each of those four: stay in school, and I’d figure out a way to get the FBI to pay their tuitions. This would help offset the fact that I could not, according to HR’s rules, offer them such a high-level position without the proper education. They would have to graduate to take advantage of that opportunity. In the meantime, I sent them to training.

In the next three years, those four came to be among the best IT techs in the FBI. Each of them was recruited by other departments and offered higher-grade positions, which I encouraged them to take. They learned at school and on the job, working on projects like implementing online, on-demand training in 1995 – common now but not in 1995. They created the first FBI Intranet which automated internal data and processes. They worked on security and networks and were at the forefront of developing applications as we understand them today. They succeeded. They were diverse, and I gave each of them an opportunity. But they brought the drive.

When they took those higher-grade positions, I was proud as a peacock and happy as could be for them. We stayed friends. One of them went on to be one of the FBI’s foremost experts in cyber forensics when it was still a brand-new field in its earliest stages.

Did their varied ethnic, gender, racial backgrounds bring any tangible value to the job of being an IT specialist? That I cannot say, but I do believe there is a connection. What I can say is that I believe my own diverse background has served me in my roles and contributed to the success I have had in my career. Still, it’s an influence that is hard to quantify.

Drive does not belong to any gender, ethnic, or racial origin. It’s there for those who find it and feed it. It is those with drive that we must find and educate. They come from all backgrounds, all genders, all ethnic and racial make-ups. What people with drive need is an opportunity, to be fostered and mentored so that they can each apply their unique perspectives and life experiences to solve our many and mounting cybersecurity threats. Only a diverse group of people can solve such a diverse problem.

Carlos Solari

Carlos C Solari was born in Colombia, South America and grew up in Huntington, NY. His career started in government service: U.S. Army for 13+ years, FBI senior executive in the 1990's and Chief Information Officer for the White House (2002 - 2005).

In the private sector, Carlos was VP of Cybersecurity at Bell Labs, VP / GM of Global Security Solutions at CSC, SR VP at Mission Secure Inc and VP of Cybersecurity Services at Comodo Group. He is currently in several roles including Advisory Board Chair for CyberFortis focused on cybersecurity education / training for the corporate leadership including the Board of Directors, the C-Suite and Compliance Officers. He is the author of several books including Security in a Web 2.0+ World published by Wiley in 2009. He has taught cybersecurity in various settings and is an international speaker on this topic.

He is a graduate of Washington and Lee University with a BS in Biology and the Naval Postgraduate School with a MS in Systems Technologies.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top