Microsoft at NICE Conference: Resetting expectations and enabling diversity in the cybersecurity workforce
Closing the cybersecurity talent gap is not something we can achieve alone; it requires a collective effort from the entire industry and focus on enabling cybersecurity awareness and education for all. This realization hit home for us during our recent participation in the National Initiative for Cybersecurity Education (NICE) Conference, held June 5 through June 7 in Seattle. This annual event brings together community members and thought leaders from education, government, industry, and nonprofits to explore how to develop a skilled cybersecurity workforce with the theme: Resetting Expectations: Creating Accessible Cybersecurity Career Pathways.
The numbers speak for themselves: according to the (ISC)2 Cybersecurity Workforce Study conducted in May and June 2022, there are currently a staggering 3.4 million unfilled cybersecurity jobs, which marks a nearly 350 percent increase from 2013. In this scenario, attracting the next generation of cybersecurity professionals is an imperative. I was fortunate enough to be a member of the planning committee for the conference and had the opportunity to meet people from across the globe and from a wide variety of organizations—all passionate and committed about making a difference to this industry issue. Here are some highlights I would like to share with you.
Impacting students and the future of the cybersecurity workforce
At Microsoft, our dedication to expanding the cybersecurity workforce runs deep. Our commitment to changing the cybersecurity career landscape includes leading efforts to reach young people before they’ve decided on their career path, and encouraging diversity in the industry. We strongly believe that cyber professionals should be as diverse as the bad actors they’re defending against and bring a variety of experiences and global perspectives.
This pledge was reinforced when the conference welcomed Kate Behncken, CVP of Microsoft Philanthropies, to explore how Microsoft’s mission to help empower every person and organization in the world to achieve more also applies to our commitment to supporting access to cybersecurity education. She was joined in this topic by Ruthe Farmer, CEO and founder of the Last Mile Education Fund, an organization with which Microsoft developed the Microsoft Last Mile Scholarship, which aims to grant 10,000 community college scholarships by 2025. This private sector and nonprofit collaboration is helping change the lives of underrepresented minority students, with projects such as the Microsoft Shadow Hunter student competition, exposing students to industry concepts, as well as leaders and mentors.
And as the AI technology revolution is unfolding and transforming the industry, AI cannot operate in isolation. The role of cybersecurity experts remains crucial in harnessing the power of AI while providing human judgment and context. That’s why we’re to help skill and recruit 250,000 people into the cybersecurity workforce by 2025, and globally, we’re expanding our efforts to 28 countries to strengthen the world’s cybersecurity workforce by partnering with nonprofits and other educational institutions to train the next generation of cybersecurity professionals.
Empowering women to conquer the cybersecurity frontiers
Women have been vital and instrumental for the development of the cybersecurity landscape, from the first cryptologists who were women, to current industry leaders. To explore this theme, during the NICE Conference, I had the wonderful opportunity to moderate the panel discussion, “The Power of Diversity”, where Microsoft Security Corporate Vice President Vasu Jakkal, Women in Cybersecurity (WiCyS) Executive Director Lynn Dohm, and Girl Security CEO and Founder Lauren Buitta shared the importance of advocating for girls, women, and underrepresented minorities as future cybersecurity professionals.
While their initial inspiration to get into cybersecurity ranged from a childhood love for Star Trek to a passion for national security, the panelists share the belief that cybersecurity suffers from inequality and perception problems, making the industry less welcoming to diverse candidates. The truth is that there’s a huge variety of cybersecurity careers, and to fight the skills gap, we urgently need to change the narrative and drive awareness.
Still, according to a recent Organisation for Economic Co-operation and Development (OECD) report in partnership with Microsoft, only 24 percent of the cybersecurity workforce identifies as women. Additionally, based on a study commissioned by Microsoft last year, 82 percent of women in the US believe there is opportunity for women in cybersecurity, but 71 percent believe cybersecurity is too complex of a career, and the lack of early exposure makes it harder for women to envision careers in cybersecurity. “A lack of role models and self-esteem are huge challenges in attracting young people to science, technology, engineering, mathematics, and medicine (STEMM) careers. No one should be excluded from these important arenas because we need as much talent as possible,” Buitta said.
Lynn Dohm’s organization, WiCyS, aims to increase the number of women in cybersecurity roles by providing mentorship, networking opportunities, events, professional development programs, and access to training and resources to its more than 7,000 members in more than 70 countries. It also fosters people, mid-career, to be successful in the industry through structure and community. Employees of WiCyS partners, such as Microsoft, have 36 percent fewer experiences of exclusion and 15 percent higher levels of satisfaction in the workplace, according to a WiCyS state of inclusion assessment, indicating the importance of diversity advocacy within the organizations.
“We must encourage girls and women to embrace power they already have and be fearless and engage with current cybersecurity initiatives and opportunities. Explore these opportunities and dive right in.”
Lynn Dohm
Lauren Buitta’s organization, Girl Security, provides training and resources to girls and young women to help them explore careers in cybersecurity and gain the skills they need to enter and succeed in the field. It focuses on underrepresented minorities, low-opportunity communities, and communities targeted by violence. Since its inception, Girl Security’s mentorship program has served almost 1,000 mentees and aims to drive change in national security through education, mentoring, and workforce training.
“It’s not enough to have representation. You can’t recruit women into a space and expect them to assimilate to your culture. You need to completely redesign the system and that takes time and leadership… Find your inner rebel and challenge the status quo to see possibility where you don’t immediately see it.”
Lauren Buitta
In addition, Vasu Jakkal stated that “It’s also important to spotlight the women professionals who have made it into cybersecurity to provide girls with role models and create an inclusive community. Creating inclusive job descriptions that consider the many possible career pathways and education options can attract more diverse applicants, and leaders can become powerful allies by encouraging better practices like the use of gender-neutral tools when recruiting.” She noted that “We can’t solve our workforce gap challenges by taking a linear approach to cybersecurity. Technology and threat actors are evolving each day, and we need more people to take that challenge on with intention and passion to make the world a safer place. These efforts are important because not only is diversity important from the point of gaining different perspectives, but also because, for example, the fastest way to fight the skills gap is to include more women—still an underrepresented group—in the cybersecurity workforce.”
Challenging industry biases and impacting the next generation with accessible and inclusive pathways
Challenging the status quo in the cybersecurity workforce should not be limited to gender diversity. In his keynote, Microsoft Engineer Zach Oxendine shared his diverse upbringing and nontraditional cybersecurity pathway, in which he dreamed of working at Microsoft and persevered despite not getting an offer from his first job interview. To provide these opportunities for others that look like him, sound like him, and come from different backgrounds and origins, he created technology camps for underrepresented minority students, giving back to his community and even being recognized by the White House Summit on STEMM Equity and Excellence.
“There are more people like me. Don’t overlook the people who don’t talk the way you think they should talk. Don’t overlook the folks who may not have the credentials and may have a different background than what you think is ideal for the opportunity you may be able to help them with. And the people who are looking, never stop looking.”
Zach Oxendine
A good example of this support to underrepresented communities is Microsoft’s work with the NICE Challenge Project that was kicked off with community colleges to provide more realistic experiences to students at scale. This challenge is based on a phishing attack, giving students a fun workforce experience while identifying and solving a cyber threat.
The change starts with each of us
The transformation of the cybersecurity workforce landscape begins with every one of us, as we embrace continuous learning, adopt secure practices, and contribute our unique skills to fortify digital defenses. Besides mentorship opportunities with partners’ organizations, such as Girl Security and WiCyS, there is a vast set of options for those who want to make a difference for cybersecurity education. Since 2009, the Microsoft Technology Education and Learning Support (TEALS) program has supported more than 100,000 students by building sustainable computer science (CS) programs in high schools. TEALS helps teachers learn to teach CS courses, including in cybersecurity, by pairing them with industry volunteers and proven curricula. The program is actively recruiting cybersecurity professionals as volunteers to increase students’ interest in this field.
We are also partnering with University of South Florida’s The 502 Project to provide educational resources, summer camp sessions, and resources to high school students, using a program where any cybersecurity professional can remotely act as a mentor or subject matter expert to student questions.
Meeting the demand for cybersecurity professionals with the right skills and a diverse set of people is an imperative for the digital economy, and success in this vital endeavor will require a multistakeholder effort that unites employers, educational organizations, policymakers, and the technology industry. Let’s embrace the challenge ahead with courage and determination, knowing that by working together, we can make a difference and create a brighter future for all.
Whether you’re a security professional looking for volunteering opportunities or a student interested in this field, explore the multiple skilling and education opportunities highlighted on our Cybersecurity Awareness and Education website. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.