Over the last decade, experts have been trying to tackle a cybersecurity labor shortage. According to a 2020 survey by the International Information System Security Certification Consortium, Inc., the United States has around 879,000 cybersecurity professionals in the workforce and an unfilled need for another 359,000 workers.
To overcome the shortage, more than education, training and upskilling programs will be needed. Experts say there's an opportunity to bring new talent into the industry by focusing on diversity. Just 25% of cybersecurity professionals are women. It's not just cybersecurity positions that are dominated by men. Even after decades of equal gender rights measures, most STEM professions still have a shortage of women in their ranks.
The divide has become somewhat self-perpetuating. Young women see just a small number of women entering these STEM professions; therefore, they have fewer role models and examples to look up to. Mentorship and role models are critical for anyone seeking a degree, gaining skills, or obtaining a job.
Rachel Harpley, the Founder of Recruit Bit Security has been working hard to close not only the gender gap but also to fill the cybersecurity labor shortage. She volunteers her time to the Arizona community by providing a career path and advice on the skills needed to pursue careers in the IT Security, Information Security, and Cybersecurity industries.
She also was the chair for the Arizona Statewide Cyber Workforce Consortium, where she gave her time to advancing apprenticeships and on-the-job training programs. She also used this platform to advance diversity and gender balance in security fields. Part of the work she did on this program helped drive the formation of the Cybersecurity Council of Arizona.
Through the Cybersecurity Council of Arizona, Rachel has helped organize many career conversation events for people interested in security roles. These events connect interested groups with mentors that help educate the next generation of cybersecurity professionals.
Rachel has also been outspoken about the importance of including neurodiverse people in the push to fill the gaps in our technical workforce. Neurodiversity, in its most basic form, is the idea that no two people are the same when it comes to their brain and neurological systems. In other words, it's a term that describes someone whose brain processes, learns, and behaves differently from what is considered “typical”.
The odds are your company already has Neurodiverse people there, right? So how can you create a space for them to speak up and to share? You know, share their experiences, share what their needs are? And if you start with that, then you can build from there.
Rachel has observed how the change to work-from-home professions has benefited neurodiverse people significantly. They are better able to control and improve their surroundings in ways that are tailored to their requirements. When we think of diversity, she argues, we must remember that it encompasses a wide range of factors, not only those that we can see with our eyes. She sees organizations recognizing the need, and it's becoming evident that instead of battling over the small pool of existing security professionals, they should use this understanding to grow more security talent in the area.
Rachel says that a lot of workforce development programs focus primarily on college graduates and create a pipeline from graduate-level people. However, that requires a four-year plan, and many companies need talent today. That is why she spends a lot of time focused on those people who have chosen to pivot in their careers and people that are coming from other IT backgrounds. Even insurance, auditing, or other fields where they have transferable skills because security professionals need to understand how businesses operate to be effective at their role.
She thinks that in order to promote change, people need to see mentors modeling that experience. She tries to be an advocate for those seeking a career change. This will not only help fill the labor gap but help businesses see what they can achieve by selecting someone with a broader range of experience.
Changes are happening in the security recruitment process that is helping businesses adapt and keep technology professionals engaged.
Industry professionals that have reached the pinnacle of their current area are another resource that can be used to address the security gap. Rachel believes that ageism in the technological area should not be a barrier to advancement. She sees an opportunity for them to retrain and reskill in security while building on their existing infrastructure knowledge. Focusing on security may be a good approach to get started on a new professional path.
“The challenge with diversity is, there isn't just one right way. But I think that the biggest thing to do is start with listening.”
Rachel started a program with Recruit Bit Security called Hacking Hired, that helps bring some transparency to the recruiting process in hopes that she can help increase diversity and inclusion in a field that desperately needs it. She says going directly to the communities that need advocacy and asking questions will help companies integrate those thoughts into their recruiting process and build diversity. We need to understand if biases are impacting the recruiting process, push those aside and ask if the candidate can do the job. Doing that requires spending time with our thoughts and investing time to understand each perspective. That then needs to be followed by asking your workforce what they need to thrive at work.
Since Cybersecurity has been recognized by Arizona state and local governments as an important cornerstone for the Arizona economy, it’s become the sixth C, beyond copper, cattle, cotton, citrus, and climate. Arizona is naturally a great choice as a hub for data centers and technology innovation with nearly no natural disasters. Rachel said in an article for AZBusiness, “We have in place the community infrastructure, both public and private industry combined with educational resources to serve our growing business community. The cybersecurity ecosystem in Arizona is an advantage to any business regardless of industry, doing business in Arizona”.
Thank you, Rachel, for challenging the Arizona community to broaden the vision of their workforce and pushing us towards a stronger, more diverse, and cyber-secure community.
