Fostering innovation in cybersecurity through diversity and inclusion
The demand for cybersecurity talent right now is growing exponentially. Globally, an estimated 1.2 million cybersecurity jobs are currently available, and many of the roles have been unfilled for some time. Employers cannot find qualified people to fill these vacancies. In Canada, the official count shows 10,000 cyber roles currently open – a number that is likely much higher if we include the hidden job market.
The cybersecurity workforce in North America has not typically been very diverse. Women make up a mere 20 per cent of the field, while only 25 per cent identify as Black, Indigenous, or persons of colour.
Asking good questions
When we envisioned creating a new cybersecurity rapid-workforce development training program, we started with some basic questions so as to build intentionality into our approach and address apparent gaps in the industry. We asked why we wanted to create a new program, who we wanted to attract to the cybersecurity industry, and what barriers would block these efforts. This enabled us to create a unique learning opportunity that could draw on people from a wide range of backgrounds, work and life experiences.
The Accelerated Cybersecurity Training Program (ACTP) at Rogers Cybersecure Catalyst, Ryerson University, empowers individuals who are making a career pivot to launch new careers in cybersecurity. We know that a diverse cybersecurity workforce will foster new perspectives and enable innovation to happen more quickly. Diversity on a cyber team brings novel ideas and new perspectives from individual unique experiences so that new insights emerge.
Defining diversity
One obstacle starts with defining diversity in cybersecurity. Organizations must grapple with what the term diversity means to them and examine how to implement that in practice. The definition that I like describes something that is represented and acquired through experiences, including education, work background, cultural differences and age. That means looking at the concept through a broader lens that includes but goes beyond gender, race and sexual orientation. Another challenge is the need to educate employers and companies about the tremendous positive impact that this approach can have on creating cybersecurity solutions and the bottom line.
Through intentional design of the program, we identified those whom we wanted to see represented in cybersecurity. Women, mid-career individuals, people who were changing careers, and newcomers to Canada could all bring new ideas and viewpoints into cybersecurity. We realized that a rapid workforce program with highly regarded microcredentials, rather than a degree or diploma that requires three or four years to complete, would enable us to boost the number of qualified individuals while increasing representation of these groups.
People with varied experiences ask different questions, and through this program we’ve seen people ask breathtaking questions that can lead to solving important cybersecurity problems. Driving insights for innovation through creativity comes from collaboration of diverse perspectives.
The value of partnerships
Asking basic questions about our goals and targets from the start helped us to implement our program. We partnered with community organizations and employment partners such as the YMCA and COSTI, which is for newcomers, and other influencers. Our model is designed for those from multiple professions and helps people pivot quickly into a new career via an intensive, seven-month program designed to give them the skills and certifications they need.
This intentionality of design has served our ACTP program well. We are proud to report that 72 per cent of our graduates are women. As well, we have participants training for cybersecurity who come from a variety of different careers. Chefs, teachers, mechanics and lawyers are among the individuals who have joined and thrived. We have also attracted new Canadians, who are often highly skilled but severely under-employed, coming from other nations and work experiences and bringing a tremendous level of knowledge, commitment and enthusiasm.
The pandemic has forced the program to move from hybrid training to a virtual environment. However, our participants have adjusted well to this shift, with many telling us that online learning has given them better balance between the program’s intensive training and the other demands of their work, family and home life. The ACTP was recently awarded $1.8 million from the Future Skills Centre to launch the Cyber talent transformation initiative, a research program and expansion of the current ACTP, with a focus on the recruitment of learners who are Black, Indigenous and persons of colour.
I see all of these efforts as vital to Canada’s cyber defenses. Incorporating a greater range of diversity into the Canadian cybersecurity workforce will strengthen our cyber efforts, both in the public and private sectors. At the moment, Canada does not have the numbers or diversity that will be needed for a robust cyber defense workforce, but we are making great strides to change that.
Rushmi Hasham is the director of development and accelerated cybersecurity training programs at Rogers Cybersecure Catalyst, Ryerson University.
The views, thoughts and opinions expressed here are the author’s own and do not necessarily reflect the viewpoint, official policy or position of the Future Skills Centre or any of its staff members or consortium partners.