Now more than ever, cybersecurity is a national security and international security imperative. As the US government rolls back support for diversity programs and shrinks the size of the federal workforce, the risk grows: a shrinking talent pool, AI blind spots, and weaker national security. In an era where cyberattacks are evolving daily, sidelining diversity isn’t just a setback — it’s a vulnerability.
Diversity is a cybersecurity superpower — without it, we’re fighting an increasingly complex cyber war with severely limited resources. Cyber threats come from all over the world, weaponize social and political dynamics and bias, and exploit blind spots that homogenous teams often miss. Diverse teams supported by best practices like psychological safety produce unique perspectives, sharper problem-solving, and a broader understanding of global threats, making defenses stronger and more adaptive.
The #ShareTheMicInCyber (#STMIC) movement, for example, was created to shine a light on the often unseen yet important contributions of Black cybersecurity professionals to cybersecurity, privacy, and technology, and to dismantle institutional barriers toward greater diversity, equity, inclusion, and belonging (DEIB) in this field. As veterans of the military, of federal service, of the White House, technology companies, and public policy programs, #STMIC’s driving force is the safety and security of our nation. #STMIC as part of broader DEIB efforts in cybersecurity are simply a means toward that end.
We have seen up close the threats to our public health and safety, economy, and critical infrastructure that underpins our daily lives by malicious cyber actors. These threats aren’t going away, in fact, they’ll only increase as more insecure devices and critical functions connect to the internet and AI reduces barriers to entry for malicious actors. We need actionable and practical solutions focused on combating risks as they materialize and evolve, along the entire spectrum of security and resilience, and we will continue to work to develop them through our community.
Amid rising cybersecurity threats to the United States and a chorus of voices calling for more cybersecurity talent to fill hundreds of thousands of roles, we recognized that DEIB efforts were crucial to meeting those challenges. We believe, as we did back when #STMIC began, that diversity is vital to cybersecurity and therefore, our national security. Many decry DEIB efforts as a means to replace individuals currently working or operating in a space, but this stems from a pervasive scarcity mindset. Today, there are around 450,000 cybersecurity job openings in the US — this staffing shortage does not begin to approach the true need for experienced workers, which is only increasing. The goal in cybersecurity and privacy is to grow a workforce and body of expertise, not shrink it.
By illuminating career pathways or creating opportunities for those who have been historically overlooked, DEIB programs welcome people that may not have been exposed or traditionally have lacked access to the space. Across the US, Black practitioners make up only 8% of the total tech workforce. In a 2024 ISC2 report, an annual survey that looks at the gender, age, and skills of the cyber workforce, less than 15% of cybersecurity practitioners identify as female. Earlier studies have consistently shown that women have been systematically excluded from career growth, recognition, and access to opportunity. Removing DEIB-focused staff and curtailing DEIB focused initiatives is harmful to our cyber and national security because it limits our ability to understand the threat landscape, recruit and maintain personnel, and innovate on new ways to mitigate risk, ultimately capping US capabilities to innovate and defend.
That was the lens through which we created #STMIC and how it evolved from a social media movement and community of practitioners and allies to the establishment of the #STMIC Fellowship at New America. In just two years, our diverse Fellows have published articles and papers that illuminate overlooked issues and provide recommendations to address them, such as addressing real-world harms of cyberattacks on women, combatting AI-driven misinformation, a model bill to help states address cyberattacks on small-and-medium sized businesses, and shoring up support for the cybersecurity risks of the metaverse.
Effective cybersecurity demands a socio-technical approach, as it requires a complex interaction between human and science in creating, maintaining, and securing technology. Different cultures, communities, regions of the country, genders, use technology differently and adopt behaviors based on societal and cultural dynamics. Those behaviors and dynamics can illuminate why and how a person might be manipulated or when they may use a technology in an unexpected or abnormal way. That information is essential to building technical, policy, environmental, and behavioral mitigations to cyber risk. Ultimately, the codes, protocols, and developers protecting and defending our information and critical infrastructure, work within the context of regulations, economics, and culture, and the safest and most secure systems take both into account. Having a diverse team is the best way to anticipate, identify and mitigate risk.
Current efforts to sow division on the importance of DEIB will only lead to less security for all. We invite everyone to act now, to support each other, and organizations like #ShareTheMicInCyber, for a diverse and therefore more secure cyber environment.
No Responses