Skip to main content
close search
site logo
Dive Brief

'It's too late' to diversify cybersecurity workforce

Published Sept. 27, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Adobe Stock

Dive Brief:

  • Though diversifying the cybersecurity workforce is an issue the industry is trying to address, "it's too late," said Dr. Alissa Johnson, VP and CISO of Xerox, while speaking at a Forrester event in Washington Wednesday. Johnson came to this conclusion because the industry is looking to solve a problem for the immediate future when there hasn't been effective focus on where to find diverse candidates.

  • By the time young students who are encouraged to pursue a career in security are old enough to enter the workforce, cybersecurity will be "passé," ​Johnson said.

  • By 2020 there will be about 1.2 million open cybersecurity jobs, said Stephanie Balaouras, VP and research director at Forrester, speaking at the same event. CISOs complain there is a staffing problem, but Forrester doesn't see the same issue when half the population is excluded from recruitment, according to Balaouras.

Dive Insight:

A lack of diversity in the workplace can be attributed to many factors, including the inability to find candidates with the desired skill set. Johnson and other security experts agreed that hiring in security goes beyond a formal education.

Because there is "artistry" and critical thinking involved in security, employers want someone who can demonstrate skills that may not be evident on a college degree, said Johnson. Creativity and curiosity are foundational skills employers want in security and those are not things "that can be taught."

Nearly 90% of CISOs in Fortune 500 companies are men, according to Forrester. "I am the representative of diversity in a lot of meetings," said Johnson.

But Johnson said that diversifying the cybersecurity workforce is too late because it goes beyond recruitment. Training should be put in place. While training cannot completely close the gap, it can be used to offset it.

As for school children, the industry needs "to make cybersecurity cool" because the current approach is proving ineffective, according to Johnson. Young students now are consumed by information and data, primarily accessed through smartphones. Learning that someone could breach their phones in a matter of seconds could get them "salivating" to learn more.

Filed Under: Security, Leadership

Editors' picks

Company Announcements

View all | Post a press release
Cloudbeds unveils industry’s first ‘smart hospitality engine’, powered by causal and multimoda…
From Cloudbeds
October 23, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
DigiCert Welcomes Lakshmi Hanspal as New Chief Trust Officer
From DigiCert
October 24, 2024
truCX Launches Groundbreaking Partner Portal, Empowering CX Consultants and Trusted Advisors w…
From truCX
October 30, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell