I Do Soulful Work

By Bryan Palma · June 30, 2022

Earlier this month, I had a chance to speak at the RSA Conference. It was a rare opportunity to talk to many of the most forward-thinking people in our industry about a topic important to me: cybersecurity’s critical and accelerating importance as honorable and soulful work.

I want to share some of my key points here to encourage positive new discussions across our industry on three topics. First, what will it take to attract a new generation of diverse talent to our ranks? Second, how can we bridge the enormous gap between the demand and supply for cybersecurity experts? And third, what can those of us in the majority do as allies and champions to foster a more inclusive, fulfilling and productive future?

Our most technical generation is unfulfilled

They are in search of more soulful work. Work that offers them a higher purpose. Work providing a chance to change the world. Work like cybersecurity. This generation’s search for work with meaning is a huge opportunity for our industry. What if we could inspire 10,000? Or 100,000? Maybe even a million people to find their true calling in cybersecurity? For 20 years now, we have dealt with the same problem. Our demand for security professionals far exceeds our supply. A Cybersecurity Workforce Study calculated the global talent gap to be 2.7M people. The study also suggested the global cybersecurity workforce needs to grow 65% to effectively defend organizations’ critical assets.

What 1,000 cybersecurity professionals told us

Our industry struggles to find and retain qualified professionals, particularly women, people of color, and members of the LGBTQ+ community. In 2022, Trellix commissioned a survey to of cybersecurity professionals. Across the 1,000 respondents, 78% identified as male, 64% identified as white, and 89% identified as straight.

Other highlights drawn from this study:

• Despite almost all professionals holding a college degree, over half reported a university degree is not necessary to succeed in the field.
• Most respondents (92%) agreed cybersecurity is purposeful work that motivates them internally.
• Frustrations expressed included pay gaps between demographics, lack of diversity, and less-than-friendly work environments for women and non-white groups.
• Most (92%) asserted more could be done to encourage hiring from a range of demographic backgrounds.

In short, our lack of diversity is holding us back. We are turning great people away and doing our industry a significant disservice. As I learned decades ago from Indra Nooyi, the former PepsiCo CEO, we do not look like our customers and our lack of diversity restricts our ingenuity, innovation and ability to recruit the next generation of talent.

Bridging this gap: A strategic three-point plan

What can we do about this? At RSA-C, I outlined a high-level plan to change the shape, face and appeal of our industry to millions of new faces and backgrounds.

1. Transform the current K-12 educational system. We need to do this at home and abroad. As more of our world is digitized, security should be taught early in education. Teaching kids how to secure their Chromebooks and avoid getting phished should be happening alongside curriculum to get them interested in cybersecurity as a career path. The educational system should make space for standalone courses, clubs, and hackathons to develop kids’ skills and hold their interest.
2. Improve guidance and training for college students and early-career professionals. The skills development should increase as students go on to higher education and become early-career professionals. We need to see increases in tech scholarship funding and paid internships to enable more people to earn degrees in cybersecurity. We should emphasize this at historically Black colleges and universities (HBCUs), Hispanic-serving institutions (HSI) and community colleges.
3. Create avenues for mid-career professionals seeking to make the move into cybersecurity. Our industry and educational system must provide better access to coursework for re-training. We must promote useful certification programs to enhance knowledge and hireability. We also need to increase apprenticeships so mid-career movers can feasibly acquire real, tangible skills

Allies and champions

We all need to look within ourselves and do the internal work necessary to make our industry a welcoming place for everyone. The groups with the greatest opportunity to stand up as allies and champions of greater diversity in cybersecurity is everyone from the majority. I’ll add one more characteristic there: professionally credentialed. To elevate voices we might not otherwise have been able to hear. To merge our initiatives to improve diversity with a new acknowledgement that our work is soulful – and a noble and honourable career for many who don’t necessarily look, sound, think or innovate exactly like we do.

Why? First of all, ethically, it’s the right thing to do. Second, pragmatically, it’s good for business. Third, opportunistically, it strengthens and expands our ranks of experts to meet the exploding demands for our expertise. And finally, for anyone who mistakenly believes I’m asking you to stand down so some one else can take your spot, this is about building a bigger, better tent – one with room for everyone.

According to the survey, only half of us (52%) believe our industry is progressive and evolving.

What’s stopping us from making it 100%?