Jul 21, 2023 - Technology

The cyber workforce is slowly but surely diversifying

Illustration of five hand cursors, four are white, one is black.

Illustration: Eniola Odetunde/Axios

The cybersecurity workforce is becoming less white, but there's still a ways to go to attract minority workers to the field and keep them there.

Why it matters: White men have historically dominated the cybersecurity industry, and the U.S. has enough cybersecurity workers to fill only 69% of available jobs, according to government data.

  • Attracting more women and people of color has become a top priority as employers struggle to find candidates who can help keep their networks safe from cyberattacks.

By the numbers: 66% of cyber professionals who joined the field in the last 12 months across Canada, the U.K., the U.S. and Ireland aren't white, Clar Rosso, chief executive officer of cyber certification and training company (ISC)², told Axios.

  • The cybersecurity workforce also grew by roughly 10% in the last year — but that growth still wasn't enough to keep pace with the rapid demand for cybersecurity workers, Rosso said.
  • Rosso shared these statistics with Axios during a recent interview teeing up (ISC)²'s 2023 cyber workforce survey coming this fall.

What they're saying: "There is absolutely a demand for bodies, but the other thing that we're starting to find is that there's a skills gap," Rosso told Axios on the sidelines of the (ISC)² Global DEI Summit in Arlington, Virginia, last week.

  • "Even if we have the bodies, we may not have the specific skills we need to do the work that we need to do," she added.

Zoom out: Demand has been growing for cybersecurity workers in recent years as more companies start to face a deluge of ransomware and other cyberattacks.

  • This growing demand has left recruiters and new entrants to the workforce moving at breakneck speed to either fill positions or get the training they need to enter the field.
  • And that fast-paced energy has come with some pitfalls: It's pretty common for recruiters to require unnecessary, high-level cybersecurity certifications for entry-level jobs — and for job candidates to spend money and time on unnecessary degree programs because they're misinformed about the education needed.

Between the lines: Many companies are now finding success attracting diverse candidates through simple tactics, Rosso said.

  • (ISC)²'s data now reflects that companies that mention internal diversity, equity and inclusion programs in job descriptions are having an easier time hiring, she said.
  • And companies that take the time to tailor their job listings to include only the trainings and skills needed for the role have an easier time attracting workers too, Rosso added.

The intrigue: Not all new entrants to the cybersecurity workforce are young, according to (ISC)²'s data.

  • "We are seeing the career change, so that reinforces that point that if you have the right nontechnical and mindset skills, then you can be trained on the technical," Rosso said.
  • (ISC)² is also starting to see an uptick in people from tech backgrounds coming into cybersecurity, suggesting some of those new entrants are trading in their IT know-how for security.

Yes, but: Cybersecurity workers are facing massive burnout right now, which could make it difficult to keep new entrants in the field.

  • 61% of cybersecurity workers say they're burned out, according to a survey released earlier this year by Cobalt.

What's next: All eyes are on the White House's forthcoming cybersecurity workforce strategy, which could help signal to the private sector how best to attract and retain talent.

Sign up for Axios’ cybersecurity newsletter Codebook here

Go deeper