, , ,

Gender, Diversity, and the Cybersecurity Service

One year ago, in November of 2021, the Department of Homeland Security (DHS) launched the Cybersecurity Service, an effort to modernize cybersecurity hiring through streamlined processes and more competitive compensation.

Raising the Incentives

The program boasted a sleek application portal coupled with a request for a Special Salary Rate (SSR) for cybersecurity positions. A working group led by the Cybersecurity and Infrastructure Security Agency (CISA) requested the SSR to “address the growing compensation gap between government and industry” and “increase the competitiveness of government offers and attractiveness of Federal civil cyber service.”

According to the DHS Cybersecurity Talent Management System (CTMS) portal, executive track Federal cybersecurity salary ranges would begin at roughly $175,000 annually and potentially go as high as the vice president’s annual pay, $255,800 in 2021.

A Lack of Diversity

The same CISA Working Group that cites the disparity in compensation between the public and private sector reports that 74% of the Federal cyber workforce are men. The report does not provide statistics on racial and ethnic diversity, but the Office of Personnel Management (OPM) Fedscope diversity data from March of 2022 indicate that of Federal employees in the Information Technology Management job series 2210, 18% are Black, 9% are Asian, and less than 3% are Hispanic/Latino.

Notably, the cybersecurity gender and diversity gap is a problem inside and outside government. According to a 2021 Aspen Tech Policy Hub report, an estimated 9% of cybersecurity workers self-identify as Black, 8% as Asian, 4% as Hispanic/Latino, and 24% are women. When comparing these statistics, the Federal cybersecurity workforce is slightly more racially diverse than its private sector counterpart — although equally as male — but none of these percentages indicate meaningful representation.

Unless the government makes an intense effort to bring gender and racial diversity to the Federal cybersecurity workforce, the request to increase compensation will, in effect, deliver higher pay to white men.

What Causes This?

In its 2020 Cybersecurity Perception Study, (ISC)², a nonprofit association of certified cybersecurity professionals, found that 77% of respondents said cybersecurity was never offered as part of their formal educational curriculum, and 61% said they believe they would need to go back to school in order to pursue a cybersecurity career. This perception creates a unique barrier to entry for underrepresented groups who may view cybersecurity jobs as not worth the time and resource investment.

In her 2021 Code Like a Girl article, Katyln Gallo cited the image of the cybersecurity profession as having a “masculine look,” and hackers in movies are often depicted as “a loner male in a dark hoodie.” The imagery and depictions can lead early career women to view cybersecurity as a “profession for men.” In addition, computer scientist Marie desJardins, a Founding Dean at Simmons College, cited a hackathon competition culture as a potential deterrent to young women who are wary of “encountering hostile attention.”

Efforts to Correct

In its 2022 study, the CISA working group nods at addressing the diversity issue by calling for an “environmental scan to identify diversity, equity, and inclusion (DEI) needs within the cyber workforce” and increasing diversity through “targeted recruitment strategies.”

In addition, the National Institute of Standards and Technology (NIST) published a National Initiative for Cybersecurity Education (NICE) Framework in an attempt to guide employers to “describe cybersecurity work, prepare cybersecurity workers,” and “lower barriers to entry for new organizations and individuals.” 

One Year Later

Now, one year after the launch of the Cybersecurity Service and as OPM decides the fate of the Special Salary Rate (SSR) proposal, DHS should provide more detail on how the Federal government will recruit more women and people of color into Federal cybersecurity. Perhaps some of the money that would fund the proposed salary increase should be spent on recruiting and operating a more representative and inclusive workforce.

Unless the government makes an intense effort to bring gender and racial diversity to Federal cybersecurity, the request to increase compensation will, in effect, deliver higher pay to white men. 

Mary Lazzeri is a former technology advisor and bureaucracy hacker at the U.S. Department of Health and Human Services, Office of the Federal CIO and United States Digital Service. She now serves as Head of Acquisition for Bloom Works, a public benefit corporation and woman-owned digital services consultancy. She received a Bachelor of Communications from Boston University and a Master of Public Administration from Baruch College in New York. A native of Bethesda, Maryland, she now lives in Chicago with her husband and two daughters.

Leave a Comment

Leave a comment

Leave a Reply