Diversity efforts will drive business value around the Beltway, and the nation

Washington, D.C., is the heart of the United States. Leaders in every technology and critical infrastructure sector look to D.C. for examples, guidance, and permission.

As the nation’s capital, technology innovation and investment are driven in large part by the parameters set by Congress, the executive branch and federal agencies. Due to the federal government’s supply chain and its influence on virtually all private sectors, cybersecurity requirements, regulatory frameworks, best practices, and information sharing initiatives begin in Washington, D.C., and impact the entire nation. As a consequence of their influence, the D.C. technology, legislative, and agency communities can play a major role in how the American public and private sectors perceive, develop and implement cybersecurity and cyber-hygiene. In short, to systemically improve the security of the public and private sector any meaningful revolution of cybersecurity culture must begin in the capital.

The most significant obstacle inhibiting the success of cybersecurity efforts in D.C. and throughout the nation is the growing cyber talent shortage – expected to exceed 1.8 million by 2022. Cybersecurity breaches are widely acknowledged by our defense and intelligence agencies as a top national security concern, with the cost of a public sector or commercial sector breach averaging $2.3 million or $3.92 million, respectively. The dearth of cybersecurity professionals is especially challenging for the public sector, which is already struggling to attract new graduates and retain existing talent away from the private sector. This is ironic because, in many ways, the security of the private sector depends on public sector initiatives that are starved for cybersecurity talent.

One of the solutions to introduce more talent into the public and private sector cybersecurity workforce is to increase diversity efforts. In addition to staffing critical positions, diversity of personnel and thought can incite the innovation, competitive advantages and cultural shifts necessary to shepherd a long-overdue cybersecurity renaissance in the United States. In its research publication The Business Value of a Diverse InfoSec Team: A Discussion on How Gender, Racial, Cognitive, and LGBTQ Diversity Improves Cybersecurity Outcomes, the Institute for Critical Infrastructure Technology (ICIT) found that a diverse cybersecurity team maximizes an organization’s ability to bring innovation into its efforts and acts as a force multiplier for an organization’s capability to combat digital threats. Cyber threats ranging from script kiddies to nation-state sponsored advanced persistent threats (APTs) incessantly innovate and evolve the tools, tactics, and procedures that they leverage in campaigns against American critical infrastructure.

Every day, across the United States’ 16 critical infrastructure sectors, public and private sector organizations are falling victim to malicious campaigns designed to exfiltrate sensitive data, disrupt critical operations and destroy vital systems. Focusing on diversity is not merely about creating opportunities for marginalized groups; it is about proactively leveraging human variations to ensure that teams are more productive, innovative, and efficient than the homogeneous teams of the past. By increasing diversity within organizations, we can improve cybersecurity outcomes and defend critical U.S. networks, systems and assets. Though efforts to increase inclusive diversity efforts have improved over the past decade, significantly more needs to be done to draw and welcome more minorities, women, neuro-atypical, and LGBTQ+ personnel into the cybersecurity workforce.

Diverse cybersecurity teams should be the norm, not the exception. The U.S. cybersecurity workforce desperately needs more talented technical staff to fill a surfeit of open positions. For the sake of our nation, we must adapt our recruitment efforts and draw from every available resource pool to make cybersecurity professions attractive and equitable for the diverse workforce of the future. National security, the stability of the U.S. economy and the safety of the American public depend on the acceleration of initiatives to improve the diversity of the U.S. cybersecurity workforce. If they act now to implement systemic changes and increase the diversity of the workforce, leaders in Washington D.C. can catalyze a paradigm shift in U.S. cybersecurity and bring about a renaissance in the public and private sectors that will fundamentally improve the cyber posture of the United States.