By Diana Kelley, Cybersecurity Field Chief Technology Officer, Microsoft
During my career in the cybersecurity sector, I’ve seen many developments and innovations in how we keep online threats at bay, from physical security tools to the newest cloud technologies. Most recently, I’ve witnessed the evolution of AI (artificial intelligence) and its ability to recognize threats and patterns on a scale far beyond human capabilities.
AI has been a huge boon for online safety, arming organizations with innovative and cutting-edge tools to counteract digital threats. For example, Microsoft receives more than 8 trillion security signals per day, and AI allows us to sift through the data to find deeper meaning in ways we never could before.
However, hackers haven’t stood still either. Attackers have gotten smarter and begun to look to AI for malicious purposes. Cyber-adversaries are a cognitively and experientially diverse set of actors and it is because of this, that the security sector needs an influx of diversely skilled talent if it is to keep pace with this increasingly challenging and varied landscape.
This is ironically where we are lacking the one thing AI can’t provide: humans.
While AI is a fantastic tool to help humans achieve more, in the end, it is a tool which requires people to use and deploy. And with the pronounced lack of cybersecurity professionals in the workforce worldwide, we will become increasingly vulnerable until we shore up our current talent situation.
The Talent Gap
Currently, estimates range there are anywhere from hundreds of thousands to millions of jobs that won’t be filled in the industry in the next few years, with many more new jobs being created each year. Even though 71% of STEM jobs are in computer science, only 8% of STEM graduates are going into computer science jobs. By 2030, 50 million more people will be needed to fill open tech jobs.
In fact, according to a recent survey by ISACA, 59% of organizations have open and unfilled cybersecurity and information security positions, and this gap is only growing. Estimates for 2020 now range from hundreds of thousands to millions of new cybersecurity positions that will go unfilled.
This labor crunch also has secondary effects on organizations. Predictably, almost two-thirds (63%) of cybersecurity professionals note increasing workload on existing staff as a result. Overworked staff often leads to exhausted or burnt-out workers. And more than 2 in 5 (41%) report that their time is disproportionately spent on incident response rather than long-term, strategic planning.
Perhaps more worryingly, 41% of cybersecurity professionals report that “business conditions can’t support additional personnel”. This can result in expanding junior employees’ remit into roles they may not be ready for, rather than hiring or training people toward the appropriate level of cybersecurity skills.
The Diversity Difference
While these numbers can sound dire, they reflect a great opportunity. Because one of the fastest ways we can address this gap is to increase diversity in the sector.
For example, women currently only make up around 20% of the cybersecurity field. And globally, women are underrepresented in STEM. According to UNESCO, 29 percent of those in science research and development are women, with a low of 19 percent in South and West Asia and a high of 48 percent in Central Asia.
However, things are changing. A closer look at the millennial population by the Center of Cyber Safety and Education revealed that a shift is underway, with 52 percent of women under the age of 29 holding an undergraduate degree in computer science.
But male versus female workers is just one aspect of diversity. Cognitive diversity includes different ways of thinking and problem-solving that can be influenced based on where one was raised, educational focus, and social mores. Cyber adversaries come from many places and backgrounds – cyber professionals should too. As we change the ratio and build a more diverse workforce, we will likewise start addressing our resource gap, and build stronger teams that can make more headway against cyberthreats.
And this is not just wishful thinking. McKinsey has been tracking diversity and team success for years. In their 2017 study, they demonstrated that more culturally and gender diverse teams outperformed their less diverse peers by as much as 29%.
Different cognitive backgrounds and approaches are equally important parts of the equation for creating stronger protection and defense from multi-varied cyberthreats. Often this means including people with different backgrounds, areas of study and work histories, anything from legal affairs to graphic designers and everything in between.
Diversity also includes how our teams work. By combining different methodologies, problem-solving models and work styles, we can also be more effective.
The Road Ahead
Our two best weapons against cyberthreats are smart, diverse people working with and benefiting from the power of AI. The more skills and knowledge we can collect and put to use as defenders, the more effectively we can operate and benefit from new technology.
As a woman who has been in this field for 30 years, I am incredibly excited about the increase in diversity we are beginning to see, and I know that by continuing down this road we will start to address the current talent gap, creating a more varied and robust cybersecurity sector, and ultimately creating a safer online world for everyone.