By Jeané Blunt. Camille Crittenden was the keynote speaker at the biannual UC Cyber Security Summit, held at UC Riverside, October 24, and hosted by the UC Cyber-Risk Coordination Center. She spoke compellingly about the lack of diversity in the tech sector, how it’s being addressed, and what our community can do to improve the situation.
Why is diversity a strategic imperative? And why is it so hard to fix?
The need for IT workers is strong and it’s predicted to get more urgent over the next decade. The need for IT security workers specifically is even greater, with a shortage of 1.8 million anticipated by 2022. Why? Cybersecurity threats are on the rise and companies are worried about the financial, operational and reputational costs of these threats. Many companies are building their cybersecurity workforce by looking for candidates internally. Fewer are taking a strategy of targeting women and people of color to fill these roles .
Crittenden believes that is a mistake. “In the business context, the economic benefit (diversity) can bring to companies has been well documented,” Crittenden said. “In the educational context, it clearly brings benefits to students and faculties across a variety of disciplines. Considering cybersecurity, we also need a variety of perspectives to assess risks and mitigate them.”
In the last decade there has been plenty of interest in bringing more women into the cybersecurity profession, but still the ratio of women to men has barely changed. Women account for 50% of the US workforce, but only 25% of computing occupations are held by women – and only 11% of IT security positions are held by women. A McKinsey & Company study found that full gender equality would add $28 trillion (or 26%) to global gross domestic product by 2025.
What can the IT field do?
Crittenden believes employers should adopt a standard of metrics for hiring, retention and promotion. She said, “The IT field is in a perfect position to bring its expertise in data collection and analysis to bear on this persistent problem, then work with specialists from other disciplines in psychology and business to find solutions.”
Another important step is to change the popular image of the lone hacker or CS “rock star,” which deters women from entering the field. Crittenden said employers should support workplace initiatives that promote diversity. They can start recruiting early in the pipeline with programs like Girls Who Code and IBM Cyber Day for Girls/Collegiate Women and also create better on-ramps for recruiting women who are returning to the workforce. She also suggested that employers should use screening tools that mitigate against biases, and avoid lengthy, overly detailed job descriptions that may make women feel they are not qualified to apply.
When it comes to retaining and promoting employees, she said, it’s important to remember transparency, inclusion, and trust. Employees want transparency in regards to equitable pay, opportunities for advancement, company policies (regarding anti-harassment, anti-discrimination, and family leave) and avenues for reporting recourse. Creating a culture of inclusion is important, not only among team members, but also in the physical environment. When a person feels included, they are more likely to engage and contribute. One way to do this, for example, is to include a diverse slate of speakers when hosting an event.
What is the key take away?
Crittenden said it’s best to start a focus on diversity by examining metrics around hiring, retention, and promotion to see what needs improvement. She then recommended setting targets for leaders and managers, documenting results of diverse teams, celebrating success, and troubleshooting challenges.
Most of all, she said, “Take advantage of this incredibly diverse state that we live in and draw on the resources of the people who live and work and are educated here.”
Jeané Blunt is IT communications and UC FCC licensing coordinator at UC Office of the President.