Here’s the deal with the information security industry in the United States: our country doesn’t have nearly the number of information security professionals that it needs. According to an estimate from Cybersecurity Ventures, the shortage of US cyber security workers could reach 500,000 people in 2021. The other point worth noting is that the information security professionals we do have are overwhelmingly white and male. ISC2 data show that just 24% of cybersecurity workers are women. Just 9% of workers self-identified as African American or Black, compared with 13%of the population at large. Just 4% identified as Hispanic, compared with 18% of the overall population.
We know that the shortage of infosec pros poses a cybersecurity risk. Companies across industries struggle to find and then retain information security professionals to staff security operations centers (SOCs) and manage the security of networks in sectors like government, healthcare and retail.
But what about the lack of diversity? Do infosec’s racial and gender imbalances create their own kind of security risks? Does a homogenous population of security pros potentially blind the organizations they work for – and our society – to cyber risks? Does it shut off exploration of potentially beneficial programs, solutions or avenues of inquiry that might help solve the epidemic of cyber security threats and attacks plaguing our society?
You and your teams are not as effective and as able to address the threat without a diverse lens.
Camille Stewart, Google
According to our guest this week: it just might. Camille Stewart is the Head of Security Policy for Google Play and Android at Google. She is also a Cyber Fellow at Harvard University’s Belfer Center for Science and International Affairs. Camille is the author of the essay “Systemic Racism is a Cybersecurity Threat” which ran on the Council of Foreign Relations website back in June of 2020.
In it, Camille argues that understanding how systemic racism influences cyber security is integral to protecting the American people and defending the country from cyber adversaries.
In this conversation, Camille and I talk about her own journey to information security as a black woman and about the barriers that men and women of color face as they seek to enter information security.
We also discuss her theory on how the information security industry’s struggles to diversify might increase cyber security risks. Camille notes that the country’s history of systemic racism and the different lived experiences of black and white Americans bears on everything from the effectiveness of public information campaigns to hiring and recruiting within the field, to the U.S.’s efforts to foster international agreement on cybersecurity norms.
“We do a disservice to ourselves as practitioners to ignore race and gender,” Camille told me. “They are a direct impediment to the work we’re doing.”