House members and witnesses from academia and industry on Tuesday discussed the importance of providing academic programs, tools, and pathways to not only help address the cybersecurity workforce shortage in America, but to also diversify the cybersecurity field.
Both of those goals found vocal support from members of the House Homeland Security Committee’s Cybersecurity, Infrastructure Protection, and Innovation Subcommittee at a hearing on May 21, although no specific legislative solutions emerged from the hearing.
Wesley Simpson, chief operating officer of the International Information System Security Certification Consortium, (ISC)2, said the U.S. cyber workforce shortage stood 498,000 positions in 2018, and globally that number was more than 2.9 million.
Within the workforce equation, Simpson said research also reveals significant underrepresentation of women and racial and ethnic minorities in the cybersecurity field. In particular, he said that only 22 percent of the U.S. cybersecurity workforce were women. Subcommittee Chair Cedric Richmond, D-La., cited research showing that only nine and four percent of the workforce were African American and Hispanic, respectively.
Simpson said that gender-based pay inequity and concentrated employment of ethnic and racial minorities in non-managerial positions contribute to these groups’ underrepresentation in a majority white, male cybersecurity workforce.
“Under-participation in cybersecurity by large segments of our potential workforce, whether be it women or minorities, represents a loss of opportunities for individuals and a loss of collective creativity and solving the problems we face in the field,” Simpson said. “Not only is this an issue of inequity; it is a threat to our global economic viability as a nation.”
Simpson, and other witnesses, said that finding avenues to increase women and minority representation in the cybersecurity field would not only help fill needed positions, but would strengthen security capabilities by broadening the perspective of the workforce.
To pursue this goal, the hearing largely focused on strengthening Federal programs that support cyber talent, like the National Science Foundation’s Cyber Corps Scholarship for Service (SFS), while also bringing diversity to the forefront.
Candace Worley, Vice President and Chief Technical Strategist at McAfee, said that SFS’s funding has remained flat at about $55 million annually in recent years, allowing 2,000 students from 70 institutions to receive scholarships. She recommended that Congress increase funding to $200 million annually to enable 6,400 students to receive scholarships. She also said the number of institutions receiving grants needs to be expanded.
Excelsior College National Cybersecurity Institute (NCI) Director Dr. Amelia Estwick supported expanding existing higher education cybersecurity programs, but also K-12 education programs, and other certification and retraining pathways for individuals who don’t pursue college degrees.
“This pipeline can be sustained by recruiting, retaining, and advancing populations – such as military and veterans with transferable skills, individuals from underrepresented groups to include black, Latino, American Indian, Alaskan natives – funding initiatives to support cybersecurity programs at minority-serving institutions, and support for advocacy groups who focus on broadening participation in the cybersecurity field,” Estwick said.
Worley also said that government and industry organizations should pursue expanding high school cybersecurity internships so teenagers can have early exposure to the cybersecurity field and build greater interest in it.
The panelists also touched upon the difficulty of retaining skilled cybersecurity teachers and professors, and Estwick added that Congress should take action to promote rotational assignments – in which security professionals from industry also serve in government – into the academic segment to help address the bottleneck of cybersecurity educators.
Academia is also starting to take steps to encourage students to pursue cybersecurity fields. Rick Gallot, president of Grambling State University, a historically black university that produces 27 percent more African American computer and information science graduates than any other institution in Louisiana, said the school will offer a cybersecurity major starting this fall semester. The school will be the first to offer such a degree in the state of Louisiana.
In light of the panelists’ request for more resources and funding for cybersecurity education, Rep. Richmond and Rep. John Katko, R-N.Y., the subcommittee’s ranking member, both expressed support for increasing funding for programs like SFS.