We are at a critical inflection point in technology and business today. On one hand, we are on the cusp of realizing the transformative impact of innovations like IoT and Artificial Intelligence. And yet we continue to see crippling cybersecurity breaches within organizations of all kinds. Large, small, retail, finance, government, healthcare—no organization or industry is immune from the threat of cyber attack.
Stemming the growing tide of cyber threats does not come down to a single company, or a single platform. It will require a sea change in the way that we think about and approach security. First, from a technology standpoint, we need to shift our thinking on cybersecurity from protecting against the “threat of the week” to a comprehensive approach that considers all aspects of an organization’s cyber exposure in real time. Even more fundamental, however, is the need for a new cyber workforce strategy that develops and advances the ranks of people from all walks of life.
This week, the fourth of National Cyber Security Awareness Month, the conversation is rightly focused on careers, and with good reason: according to the Center for Cyber Safety and Education, there will be a shortage of 1.8 million information security workers by 2022. In our industry, diversity is not a nice-to-have. It is a necessity. We will not be able to adequately address growing cyber threats until we find a way to build a larger, more diverse and inclusive workforce.
Women constitute only 14 percent of the cybersecurity workforce in North America and just 11 percent of the cyber workforce globally. African-Americans make up only three percent of the information security analysts in the United States. This can and must change. The lack of women and minorities in cybersecurity careers is the Achilles heel of our industry.
At Tenable, we believe that change can begin within our walls. I’m proud to work for a company and a CEO, Amit Yoran, that is committed to diversity and is willing to back up the rhetoric with policies that help move the needle. For example, our company employs the “Rooney Rule” for hiring job candidates. The Rooney Rule is a National Football League (NFL) policy that requires teams to interview minority candidates for head coaching and senior football operations jobs. While there’s no preference given to minority candidates per se, the rule ensures that minority candidates are considered. It’s been highly effective in its goal to increase the number of minority coaches—roughly 25 percent of NFL head coaches are now black or another minority, up from two percent prior to the implementation of the rule. It’s also a winning strategy: since 2007, 10 Super Bowl finalists have had a minority head coach or general manager. It’s clear that the NFL’s efforts to build a more diverse workforce have resulted in a stronger, more competitive league overall. Like football, cybersecurity is a team sport. And we have a similar opportunity to build a stronger, more responsive cybersecurity workforce. We’d love to see other companies join us in implementing these types of strategies.
However, the Rooney Rule is not a silver bullet to diversity. There are many factors that will ultimately contribute to a more diverse workforce, including early education and learning opportunities at the high school and college level. While the private sector can lead the way, we also need buy-in and partnership from the government. We applaud recent efforts by policymakers to address diversity, and also support initiatives including those from the National Initiative for Cybersecurity Education (NICE) designed to help address the cybersecurity workforce shortage within the federal government, where a diverse and skilled workforce will be critical to enable the savings and efficiencies stakeholders are targeting from growing investments in cloud computing and security-as-as-service solutions.
If we are to meet the security demands of the next era, we must begin taking concrete steps now to increase the number of minorities and women in the cybersecurity workforce. Only through increased inclusion and diversity in perspective and thought can our industry achieve greater creativity, innovation, and develop new solutions to our most vexing challenges.