Diversity in cyber is ‘knowing we’re going to be better,’ state and local officials say
A group of four Black state and local cybersecurity officials discussed Monday how more diverse workforces make their government organizations stronger, not just from a cultural perspective, but in terms of actual security, too.
Speaking during the virtual 2021 RSA Conference, Augustine Boateng, an information security manager for the City of Memphis, Tennessee, said that organizations’ unconscious biases about their teams can push people out and make it more difficult to recruit talented professionals.
“Most [database administrators] and developers look a certain way,” Boateng told moderator Art Thompson, the director of public safety IT and cybersecurity for Detroit. “Getting that unconscious bias out of the way and playing level for everyone to compete would be really helpful in retaining talent for cybersecurity.”
Boateng, originally from Ghana, shared his experience of struggling to get a job in cybersecurity, including a six-month jobless period during which he “couldn’t even get in the door.” At one point, he said, an interview with a “big company” was canceled because the recruiter said he could not understand Boateng’s West African accent.
“That was a barrier to me,” he said. “Fortunately,” he continued, he got a chance in city government when Memphis hired him as a Linux administrator in 2012, after which he added information security to his skill set.
Maria Thompson, North Carolina’s chief risk officer, said organizations need to more aware of detecting unconscious biases.
“If you don’t recognize it, you will run into a situation where you don’t have a diverse workforce,” she said.
A 2018 survey by the International Information System Security Certification Consortium found that just 9% of the U.S. cybersecurity workforce across all sectors identifies as Black or African American. Over the past year there have been several initiatives to bring more Black people into cybersecurity, such as a Pentagon program bringing resources to historically Black colleges and universities, and the #ShareTheMicInCyber nonprofit campaign.
Thompson said that she also stood during much of her 20 years in the Marine Corps as one of the few women in IT and communications roles.
“I can remember being in my communications unit and I was one of three, out of hundreds of male marines,” she said. “Already you can see the culture was not as diverse as it could be.”
Thompson said the North Carolina state government, which she joined in 2014, is well ahead of the Marines.
“I am pleased to say the leadership I’ve had at the state, they’ve had a very concerted effort making sure the leadership staff was representative of our employee base,” she said. “You can see women in leadership roles. There is an organization we have that is very inclusive, I’m very proud of.”
But state and local governments can’t close the gap on their own, according to Thompson, who said tech and security companies need to make their own efforts.
“We’re working on different projects at the IT level and getting support from our private sector partners in building this environment,” she said. “It’s not something SLTT can do by itself.”
Monsurat Ottun, an assistant solicitor for Providence, Rhode Island, who handles the city’s cybersecurity litigation and contracts, said she was drawn to the field based on the recommendation of a friend, who knew she was already interested in privacy law. Ottun, who is also Providence city government’s liaison to its Muslim community, enrolled in a master’s program in cybersecurity and said she is now advising leaders on the city’s needs.
“Diversity is not just including you or having you at the table because you’re different, but valuing you and knowing we’re going to be better because of the perspectives you’re bringing,” she said. “It’s about being intentional and creating space to bring in new perspectives.”