CISA's Easterly wants to close the cyber workforce gender gap by 2030

Jen Easterly at her nomination hearing to lead the Cybersecurity and Infrastructure Security Agency in June, 2021

Jen Easterly at her nomination hearing to lead the Cybersecurity and Infrastructure Security Agency in June, 2021 Kevin Dietsch/Getty Images

Women currently constitute about one quarter of the global cyber field, according to estimates.

Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, wants to close the gender gap in the cybersecurity field by 2030, something she called an "ambitious goal" at a March 18 keynote for a Women in Cybersecurity conference. 

"Women are only 24% of our field of cybersecurity, despite the fact that women make up 51% of our global population," she said. "We need to get to 50% of women in cybersecurity by the year 2030 because without more women in our field, we know we are missing out on incredible talent."

Currently, there are almost 600,000 cybersecurity job openings in the United States, according to the National Institute of Standards and Technology's Cyberseek. Government in particular, with its long hiring times and relatively low salaries, is having a hard time competing for talent with the private sector.

 Bringing more women into the field is part of closing that gap, Easterly said. 

The ISC2, a nonprofit organized around cyber, estimated in 2021 that 25% of the global cyber workforce is made up of women.

The gender gap and other disparities are evident in the federal government's own cybersecurity pool as well, which is less diverse than the overall federal workforce.

About 45% of the federal workforce is composed of women, but women make up less than 30% of federal IT employees, a category that emcompasses cyber positions as well. And both women and people of color hold leadership positions at a lower rate in the IT space than the government writ large. 

Among the challenges to shoring up diversity in cybersecurity are the extensive use of expensive certifications, which some say can be a barrier to entry, as well as requirements for years of experience for entry-level positions. Federal agencies in particular are also dealing with outdated human resources structures. 

Within CISA, Easterly does have some new tools at her disposal. 

Last year, a new talent system for cybersecurity workers launched at the Department of Homeland Security, bringing new hiring and pay flexibilities with it, something Easterly touted in her speech. 

Easterly also stressed the importance of workplace culture in cultivating a diverse workforce, offering up the fact that CISA gives feds the option of putting their pronouns in their email addresses as "a small but meaningful symbol of the importance of acceptance." Easterly said that the agency is among the first to do this.

"We've been building an organization that recognizes that attracting and retaining incredible talent requires us to create an environment of psychological safety where everyone feels valued and empowered and always treated with dignity and respect," she said. "Because diversity - neurodiversity, diversity of gender identity, of sexual orientation, of race, of national origin, of age, of background - that all equals diversity of thought and that makes us better problem solvers."

Easterly will likely have to work with the other federal agencies in the cyber game if she wants to move the needle on gender in cyber. 

A recent congressionally mandated report recommended that the Office of the National Cyber Director take the lead on a multi-sector effort for the cyber workforce, something top officials at the ONCD have signaled that they're interested in doing. CISA has its own outward-facing workforce development programs, aimed at building the pipeline of workers choosing the cybersecurity field, like partnerships with educational institutions from K-12 to higher education.