Collecting, analyzing and sharing data on the state of diversity in the cyber workforce can help remedy the effects of systemic issues present in the security industry, such as racism, sexism, homophobia and transphobia.

A whitepaper from MITRE, "Diversity in the Cyber Workforce: Addressing the Data Gap," examines the current state of diversity in the cybersecurity workforce, summarizes the findings of a previous report on the challenges around collecting diversity data, and provides recommendations to address those challenges.

Diversity representations help organizations generate new ideas and recognize implicit biases that could impact hiring and retention practices, according to the whitepaper. The firm also identified a need for the U.S. government to more clearly develop a overview of diversity in its cyber workforce.

Data collection, analysis and distribution challenges

The whitepaper highlighted the findings of a previous MITRE report that measured the challenges of data collection, analysis and sharing regarding diversity benchmarking in the cybersecurity field. Among the highlighted findings are:

  • Lack of funding: Measuring diversity levels in the cybersecurity industry will require long-term funding that the report hypothesizes industry leaders would not supply. If that holds to be the case, the report suggested funding from the U.S. government as a long-term research grant source.
  • Data type and collection: Collecting data on diversity in cybersecurity entails identifying where cyber leaders are present throughout an organization — measuring not only diversity in software development and information technology (IT), but also in managerial roles and policymakers.
  • Centralizing data efforts: The report suggested that diversity data collection, analysis and distribution should be handled by one organization. A nonprofit organization may be best-suited to the endeavor, according to the report.

Recommendations for diversity efforts in cybersecurity

In order to address these challenges, the whitepaper outlines recommendations for cybersecurity leaders and government officials to enact:

  1. Fund a year-long pilot program for a nonprofit organization to develop and test data collection, analysis and sharing efforts regarding diversity in cybersecurity.
  2. In concert with the pilot program, explore options for long-term research on cyber workforce diversity benchmarking.