Why DEI is key for a cyber safe future

Posted on by

We have seen up close the threats to our public health and safety, economy, and critical infrastructure that underpins our daily lives by malicious cyber actors. These threats aren’t going away, in fact, they’ll only increase as more insecure devices and critical functions connect to the internet and AI reduces barriers to entry for malicious actors. We need actionable and practical solutions focused on combating risks as they materialize and evolve, along the entire spectrum of security and resilience, and we will continue to work to develop them through our community.

Amid rising cybersecurity threats to the United States and a chorus of voices calling for more cybersecurity talent to fill hundreds of thousands of roles, we recognized that DEIB efforts were crucial to meeting those challenges. We believe, as we did back when #STMIC began, that diversity is vital to cybersecurity and therefore, our national security. Many decry DEIB efforts as a means to replace individuals currently working or operating in a space, but this stems from a pervasive scarcity mindset. Today, there are around 450,000 cybersecurity job openings in the US — this staffing shortage does not begin to approach the true need for experienced workers, which is only increasing. The goal in cybersecurity and privacy is to grow a workforce and body of expertise, not shrink it.

By illuminating career pathways or creating opportunities for those who have been historically overlooked, DEIB programs welcome people that may not have been exposed or traditionally have lacked access to the space. Across the US, Black practitioners make up only 8% of the total tech workforce. In a 2024 ISC2 report, an annual survey that looks at the gender, age, and skills of the cyber workforce, less than 15% of cybersecurity practitioners identify as female. Earlier studies have consistently shown that women have been systematically excluded from career growth, recognition, and access to opportunity. Removing DEIB-focused staff and curtailing DEIB focused initiatives is harmful to our cyber and national security because it limits our ability to understand the threat landscape, recruit and maintain personnel, and innovate on new ways to mitigate risk, ultimately capping US capabilities to innovate and defend.