Why Diversity in Cybersecurity is the Key to Our Collective Success


By James Hayes, VP of Global Government Affairs, Tenable

Tenable's first-ever Diversity and Inclusion Council brings together company leaders who are committed to creating an environment of inclusiveness and empowerment.

The House Homeland Security Committee's Subcommittee on Cybersecurity, Infrastructure Protection and Innovation held a hearing on May 21 highlighting the importance of growing and diversifying the cybersecurity talent pipeline. At Tenable, we wholeheartedly agree that diversity is key to innovation and countering threats in cybersecurity.

Our increasingly diverse employee base works tirelessly each day to ensure that software vulnerabilities are identified and quickly patched to help public and private organizations of all sizes eliminate blind spots, prioritize threats and close their respective cyber exposure gaps. Such actions are essential to protecting our nation and our critical infrastructure. Success in cybersecurity demands a multipronged approach that relies upon a diverse view of the problem. Simply put, diversity of thought as well as racial and gender diversity make our industry stronger.

Why? Because diversity isn't just a nice to have, it's a must have. According to The Washington Post, women make up only 11% of the U.S. cyber workforce, and we're experiencing a national shortage of over 300,000 cybersecurity professionals in both the public and private sectors. A diverse workforce is a prerequisite to unlocking the full potential of any organization, including our own. Along with the rest of the industry and lawmakers, we've taken meaningful action to address the diversity gap.

Last year, I helped co-found Tenable's first-ever Diversity and Inclusion Council. The council brings together company leaders who believe that creating an environment that ensures all employees feel welcome and empowered improves the work we do and gives us an increased sense of satisfaction. It also focuses on uplifting the next generation of world-class cybersecurity talent.

Tech customers are increasingly challenging IT providers to diversify and provide greater opportunity to job seekers from all backgrounds. Anyone looking to make the business case for diversity need look no further than Intel's 2018 Diversity and Inclusion Report, which showcases how the company has pivoted to embrace and grow a pipeline of underrepresented minorities and women in their U.S. workforce, and is working toward global inclusion.

There is still more work to be done — for us here at Tenable and industry-wide. Congress should use its power to improve federal job preparedness programs and provide funding to bolster the application of these initiatives to help advance our competitiveness on a global scale. For example, Rep. Jim Langevin's Cybersecurity Skills Integration Act (H.R. 1592) would help prioritize the key skills needed for cybersecurity professionals to effectively protect our critical infrastructure. This bill would help retool our workforce to identify new threats posed to traditional IT environments via the new elastic attack surface in areas like internet of things (IoT), operational technology (OT), cloud and mobile.

However, Congress alone can't grow and diversify the workforce; we need private-sector and institutional partners. Individual companies and organizations like the International Consortium of Minority Cybersecurity Professionals, which have long advocated for minorities in the cybersecurity field, also make an impact.

Earlier this year, I had the opportunity to speak to undergraduate students enrolled in the University of Maryland's Advanced Cybersecurity Experience for Students (ACES) program. These students are the next generation of cybersecurity professionals, and it was great to share my experiences in the industry and the work we're doing at Tenable to help close the cybersecurity skills gap. This group of talented, aspiring cybersecurity professionals are what the cybersecurity industry needs. As I shared with the group, this important change is starting at schools like UMD.

James Hayes, Tenable's VP of global government affairs (fourth from left) with students of the University of Maryland's Advanced Cybersecurity Experience for Students (ACES) program.

As Rob Joyce, Senior Cybersecurity Advisor to the Director of NSA, recently noted, we need to make systemic changes that address the cybersecurity skills gap and encourage the next generation of diverse cybersecurity professionals. An influx of cybersecurity talent is important to tackling the ever-expanding attack surface and threat landscape. If we're going to be successful and close the cyber exposure gap, increasing diversity must be a priority. As an industry, we owe it to ourselves to help solve this talent shortage, and our collective success relies on it.

While there has been robust dialogue on the issue, and tangible work from Congress and the private sector, numbers don't lie. Our nation cannot afford a shortage of more than 300,000 cybersecurity professionals. As an industry and as a country, we have an incredible amount of work to do to if we wish to fill a pipeline of talented professionals to protect against tomorrow's cyber threats.

Improving the diversity of our industry should be top of mind for every leader in cybersecurity. At Tenable, we remain committed to increasing diversity and supporting the next generation of cyber talent.

Sustaining Partners