DEI controversy collides with state-level cyber workforce needs
ATHVisions via Getty Images
Despite the federal government’s movement away from DEI practices, state agencies can still explore ways to broaden their cyber workforces to fill talent gaps.
Diversity, equity and inclusion have become hot button terms in recent weeks as the Trump administration works to chip away at policies and programming in the federal government aimed at serving vulnerable populations. The anti-DEI push has some concerned about its impact at the state and local level, particularly as the public sector continues to grapple with a workforce shortage.
State and local cybersecurity-related agencies are particularly feeling the squeeze as governments struggle to attract and retain cyber talent amid a surge in cyberattacks on public organizations in recent years.
“It’s clear from qualitative and quantitative feedback and studies that there are not enough people in the field,” said Max Shuftan, director of mission programs and partnerships at SANS Institute.
Despite the federal government’s movement away from DEI practices, state and local agencies can still explore ways to broaden their cyber workforces to fill cyber talent gaps.
“A lot of times that means reaching out to communities that aren’t often represented in the [cybersecurity] field proportional to their representation of the general population,” Shuftan said.
An expanded cyber workforce “is really about problem solving, getting more people into an organization who have different perspectives, different experiences … different ways of making decisions and letting them learn from each other,” he added.
The Maryland Department of Labor, for instance, has partnered with the SANS Institute since 2018 to administer the Cyber Workforce Academy program, which reskills residents with little to no cyber experience to prepare for a career in cyber. The program is cost-free for participants and particularly focuses on women and individuals from other underrepresented communities.
“We’ve seen 89% of graduates of the program get jobs in cyber or IT within a year, and the average salary increase for a program graduate from their wage prior to entering that reskilling program … is about a $45,000-a-year increase,” Shuftan said.
The program also offers participants assistance with building their resumes, practicing their interview skills, developing future career goals and cultivating other soft skills to help ensure their sustained success.
“When working with career changers from all backgrounds, it’s important to have those supportive services,” Shuftan said. Some people, such as individuals transitioning out of the military, may not have had previous opportunities to learn how to navigate the job market and application systems.
Maryland also administers a cyber range program that trains students at community colleges to detect, mitigate and remediate simulated cyberattacks. It also targets individuals underrepresented in the cyber industry, like women and people of color.
Another way to promote diversity and inclusion and fill workforce shortages is to implement skills-based hiring, according to a recent report from the National Governor’s Association.
Nearly half of U.S. states have removed degree requirements, as have some federal agencies such as the General Services Administration’s work to remove them from major contract requirements.
“By expanding skills-based hiring, states and territories not only address critical workforce shortages but also cultivate a more dynamic, diverse, and adaptable public sector workforce. And by improving the skill fit between workers and the jobs they fill, they improve public services as well,” the report authors wrote.
Jurisdictions across the U.S. vary in their approach to DEI, and states could further divide themselves on the issue as some move to ban DEI practices and others move to protect them.
In a survey of state chief information security officers released late last year, for instance, one CISO reported that “our commitment to diversity is integral to our broader mission of establishing an inclusive, innovative, and high-performing cybersecurity team.”
Another survey respondent reported, “My office is not diverse, and I cannot address this concern until a job role opens up. Security personnel are unionized employees, and no roles have become available during my tenure.”
Ultimately, the federal government’s approach to cybersecurity training and workforce issues moving forward will likely greatly impact state and local governments’ efforts.
“If the federal government continues to emphasize [cyber training],” Shuftan said, state and local agencies will as well because “they have a responsibility to … grow the cyber workforce so employers can hire the talent they need to.”
NEXT STORY: California county taps tech to improve labor negotiations