Diversity and the cyber workforce

Getty Images

Data shows that the federal cybersecurity workforce is less diverse than the government overall, but addressing the disparity will take more than hiring more diverse employees, say DEIA experts and federal tech executives.

The federal government's cybersecurity workers is less diverse than the overall pool of government employees. 

The Biden administration has identified diversity and inclusion in the government workforce as an administration priority. But recruiting and retaining a diverse set of employees in the cyber arena will require changes to workplace cultures, experts say.

Data shows that the cybersecurity workforce in government isn't as diverse as the rest of government, said Dexter Brooks, associate director of the Office of Federal Operations in the Equal Employment Opportunity Commission, during a Jan. 25 panel on cybersecurity and diversity held by the National Initiative for Cybersecurity Education (NICE).

In terms of gender, women make up a smaller proportion of federal IT jobs than they do in the overall federal workforce. About 45% of the federal workforce is women, but women make up less than 30% of federal IT employees, said Brooks.

And both women and people of color hold leadership positions at a lower rate in the IT space than the government writ large, Brooks said. 

These issues aren't necessarily new for agencies, said Simon Szykman, senior vice president at Maximus, during a press call with reporters centered on the release of the Professional Services Council's 2021 CIO report. That report also flagged workforce issues in agencies, which often struggle to compete for competitive IT talent.

But DEIA is getting more attention. The White House released a sweeping executive order in 2021 on DEIA in the government workforce. 

"I think that many of those challenges have been there all along. They're just being surfaced more readily and getting more attention right now, mainly because of the priority that the current administration has put on diversity, equity and inclusion as a priority for the government workforce," Szykman said.

Increasing diversity among the IT and cybersecurity workforce will require getting to the root causes of why people might not picture themselves in the field or feel included once they are on the job, many experts say. 

When asked about policy fixes to gender inclusion in the federal IT space, Laura Stanton, an assistant commissioner in the Federal Acquisition Service at the General Services Administration, said that while there are pipeline issues in terms of getting diverse candidates in the workforce, culture plays an outsized role. 

"When you look at the technology industry, it's really the business values and the culture that is one of the barriers, and that's not a policy issue," she said at a Jan. 19 panel held by the Association for Federal Information Resources Management.

"That's really taking a hard look at how we work, how we behave - and this is across the public and private sector - but really taking a look at the opportunities to be able to shift the culture to be more inclusive," she said. 

Brooks said that the EEOC recommends that agencies start with data on their workforces to understand the situation by using it to look for barriers preventing equal opportunity.

It's a misconception that hiring more diverse candidates alone will fix the problem. 

"What is the origin of that," Brooks said of the data showing disparities in the federal cyber workforce. "Are there policies, practices or procedures in place that facilitate that lack of inclusion? That's the harder part in terms of changing it."

The White House recommended in its executive order is that agencies hire chief diversity officers. 

The FBI's first chief diversity officer, Scott McMillion, said at the NICE event that his work is ensuring that DEIA is "part of the FBI's DNA."

"Diversity inclusion and equity and accessibility cannot be something that is an afterthought," he said.

The Bureau is prioritizing these efforts in its policies through including DEIA in performance evaluations for senior executives at the FBI and adding it as a performance objective for all supervisors, McMillion said.

Brooks pointed to training for hiring managers to understand their own implicit biases as another  tool.

There are some DEIA issues specific to the federal technology space. 

Entry level jobs in the IT space are lacking, for example, limiting options for who can join and with what qualifications. According to Brooks, there are proportionately fewer entry level IT jobs than there are for the total federal workforce.

Other experts have flagged the impact of often expensive certifications as a barrier to entry.

Outdated federal HR structures also have an impact. Limited specific IT job classifications mean that data about the federal cybersecurity workforce in particular isn't necessarily "clean," Brooks said. It's hard to drill down on cyber workers in particular.

There are also governmentwide legal restraints for data collection on government employees, especially in the areas of sexual orientatiotn and gender identity.

Ultimately, this type of work will help the government compete for talent, said Rita Sampson, director of the Office of Personnel Management's DEIA office. 

"You can hire anyone, but the organization has to be ready," she said. It "has to have the culture that is welcoming, has to acknowledge the talent that walks in the door and gives them a place of belonging and empowerment and is committed to their development and enhancement. So those are the challenges of DEIA.