In order to diversify the growing field of cybersecurity, employers must do more “targeted recruiting” at colleges and universities that are diverse themselves.
That advice comes from Debora Plunkett, a retired National Security Agency executive and adjunct cybersecurity professor at the University of Maryland University College, or UMUC.
“It just defies logic that if we’re trying to increase diversity, that we would aim our recruiting efforts at a university that is not diverse,” Plunkett said.
“It doesn’t mean that you don’t go there,” Plunkett said of institutions of higher education that lack diversity. “But it means if you’re trying to get a diverse population, you make sure you go to places where there are diverse candidates.”
Plunkett made her remarks Friday at a New America forum titled “Embracing Innovation and Diversity in Cybersecurity.” The forum proved a fitting coda for what ended up being a week with a whirlwind of controversy on the issue of diversity in technology.
The controversy ignited Aug. 5 when news reports began to appear about a leaked internal memo from Google written by a since-fired scientist at the company who attributed the gender gap in the tech world to biological differences between men and women. The scientist also criticized company programs and classes reserved for specific genders and ethnic groups.
Assessments of the memo — titled “Google’s Ideological Echo Chamber” — have varied. Gizmodo referred to it as an “anti-diversity screed” while The Federalist praised it as an effort to “brainstorm ideas about how to make Google a more friendly environment for women without resorting to explicit sex-based discrimination.”
Google CEO Sundar Pichai abruptly cancelled a companywide town hall meeting on the matter just moments before it was set to begin Thursday after some employees’ questions were leaked and triggered concerns for their safety.
Friday’s forum at New America — scheduled before the Google fiasco took place — offered a fresh perspective on the issue of diversity in the tech world from an all-women panel that shared personal stories of how they made forays into cybersecurity.
Plunkett, speaking in an interview with Diverse after the forum, said the Google memo “struck a nerve” with her.
“I just think anytime you ascribe characteristics to an entire class of people, regardless of whether it’s by gender or race or ethnicity or culture, then it’s biased,” Plunkett said.
Asked if she accepted the memo author’s argument that he was actually trying to fight bias, Plunkett said: “It might have been his intent. I just had a hard time seeing that.”
At the forum, Plunkett and other panelists offered advice for groups that ranged from industry executives to recent college graduates searching for ways to make inroads into the industry.
The advice ranged from having industry executives reflect on whether the workplaces they lead reflect the kind of workplace culture they would want for their wives or daughters, to encouraging students to make sure they pursue their passion and gain practical experience, not just book knowledge.
Such advice could prove quite useful in light of the fact that jobs for information security analysts are expected to grow by 18 percent between 2014 and 2024 — “much faster than average,” according to projections from the U.S. Bureau of Labor Statistics, or BLS.
And these are high-paying jobs. BLS data show the median pay for information security analysts in 2016 was $92,600 per year, or $44.52 per hour.
Yet, women and minorities are not accessing these jobs at anywhere near a proportionate rate. For instance, a report from the Business-Higher Education Forum notes that African Americans and Hispanics represent just 6 and 7 percent of STEM employment, even though they represent more than twice that much of the U.S. population. And men outnumber women three to one as computer workers, the report states.
Friday’s forum sought to illuminate ways to turn those statistics around.
Mihoko Matsubara, chief security officer for Japan, Palo Alto Networks, recounted how as a result of a Fulbright Scholarship that led her to Washington, DC back in 2009 — back when cybersecurity was “not as sexy as today” — she got an opportunity to publish a paper on cybersecurity and also volunteered to write English summaries of cybersecurity threats in Japan for a prospective employer.
“That actually helped me a lot afterward, like, ‘Hey, I have something in English, peer-reviewed,’” Matsubara said of her paper. She said the English summaries she wrote helped her land a job in Japan.
“Try to show your value to people around you and find the champions who want to endorse you,” Matsubara said. “And be a good communicator, because cybersecurity touches on every single aspect of national security, and you never know who wants to help you or who needs your help.”
Asked if it’s better to launch a cybersecurity career in government or the private sector, Samara Moore, director of cyber strategy and engagement at Exelon Corporation, and a former White House National Security Staff leader on cybersecurity, advised against generalizing which sector is best.
“It depends. There isn’t a cookie cutter approach on where to go,” Moore said. “It’s what are you interested in, where do you shine, and how do the opportunities match up with what you are trying to do now or how does this opportunity match up with where you want to be in five years or ten years.”
Randi Kieffer, vice president of cybersecurity audit at Capital One and former deputy director of the National Cybersecurity Communications & Integration Center, advised students to have intellectual curiosity and employers to target new talent that is “up to speed on today’s skills.”
“Cybersecurity is a continually new field,” Kieffer said. “Whatever skills you had ten years ago do not apply today.”
Jamaal Abdul-Alim can be reached at [email protected] or you can follow him on Twitter @dcwriter360.