Ep. 11: Cybersecurity and DEI—Why Diverse Teams Make Us Safer

Summary

“Diversity is easy,” says NPower’s Nelson Abbott, talking about the ways enterprises can attract new security talent. It’s the “inclusion” part of DEI (diversity, equity, and inclusion)—making workers feel wanted and appreciated once they’re onboarded—that is harder. In this episode, Abbott describes how NPower is training thousands of veterans, persons of color, and other underserved groups in cybersecurity, cloud computing, and tech fundamentals, and why diversity will make those sectors stronger.

HOST: Mike Curran, vp, global talent, Tanium
GUEST: Nelson Abbott, senior director of advanced program operations, NPower

Show notes

Check out these related articles in Focal Point, Tanium’s new online cyber news magazine. For enterprise leaders who’d like to learn more about how and why they can help, or for those interested in enrolling in NPower’s free classes, click on the resource pages below, or visit NPower.org.

• How NPower Creates Pathways to Prosperity
• To Strengthen Cybersecurity, Let’s Support Our Tech Teachers
• Command Shift: Accelerating More Women of Color in Tech | NPower
• SkillBridge: Free Training in Cybersecurity for Service Members Nationwide or Overseas | NPower
• Why Give: Your Investment Can Make Extraordinary Things Possible | NPower

Transcript

The following interview has been edited for clarity.

Nelson Abbott: Diversity is easy. You can make a conscious decision to hire more minorities, more women. But inclusion is so hard. It’s making people feel welcome once they’re onboarded.

Mike Curran: We’ve got good news and bad news for the tech sector. First, the good: A report released in March shows that amid our tech talent shortage, the number of women of color with tech-related skills is rising; in 2021 that number increased by 100,000 women, or roughly 4%. The bad news: The share of tech jobs held by women of color has only increased by about 1% in the last decade.

Hi, I’m Mike Curran, and today on Let’s Converge, we’re talking about diversity, equity, and inclusion—the all-hallowed DEI. We’re also talking about one organization fighting to make security teams more diverse and thus keeping all of us safer. That organization is NPower—that’s capital N, capital P, 0-w-e-r. And it was their data I was quoting just now.

Since launching in 2000, NPower has trained more than 6,000 students from underserved communities and underrepresented demographic groups, including veterans and persons of color. Based in Brooklyn, but with programs all over the country, this nonprofit trains new workers just entering the job market and mid-career professionals looking for a change.

Joining us today is Nelson Abbott, senior director of advanced program operations at NPower. Welcome to the podcast, Nelson.

Nelson Abbott: Thanks for having me.

Curran: Absolutely. So, moving right in: Diversity is a word that gets thrown around a lot these days. Sometimes it seems more like a buzzword, but in this case it’s more than that. Why is diversifying the world of cybersecurity so important?

Abbott: I think that’s a great question. And I agree with you that it’s been such a topic of discussion for so long that it is kind of getting that buzzword feel to it. But it really is so important, especially in cybersecurity, right? The world is a diverse place. The problems and challenges that cybersecurity teams are tackling are growing every day. And you really need that diversity of thought that helps create creative solutions to tackling these challenges. And that diversity of thought is developed through our life experiences, right? Women are going to have a different experience than men. Black folks are gonna have a different experience than white folks, and so forth and so on. And you’re not gonna get that diversity of thought unless you expand the diversity of your teams.

Curran: Yeah, I would agree. But when we talk about diversity here, it’s not just for appearance sake. There’s a functional aspect to it.

Abbott: Yeah, exactly. There’s tons of research around this, showing that more-diverse teams have higher profit margins, they work together better, they come up with better solutions that are longer-lasting, right? And so it’s for folks that are kind of more like, gimme the numbers, like, there’s data for that. You can just kind of Google “diverse team outcomes” and find scores of research around this.

But then, like, to dig in further as we talk about diversity, especially within cyber, some stats that we got from a [recent] Fortinet survey: Only 24% of the cybersecurity workforce is female, but they’re half of the world’s population. 9% of the cyber workforce is African American, but they’re 20% of the population across the U.S. And only 4% [of the cybersecurity workforce] is Hispanic. So again, you’re not getting that diversity of thought, and not really being representative, as you said, of the people that are dealing with these challenges, whether it’s large organizations or individuals like Grandma and Grandpa or your friends and neighbors.

Curran: Makes a lot of sense. Let’s talk about NPower. How does NPower work? Where does it find people with potential interest in cybersecurity and how does it nurture that interest?

Abbott: Absolutely. So I think the one thing I want to highlight is that all of our training programs are free of charge. So there’s no tuition cost for any of our participants, and we really like to look at ourselves as an end-to-end talent provider, right? So we have entry-level programs for people that are just starting out, and then the cyber and cloud programs that I oversee for folks that are more seasoned in their careers.

As trainees move through our programs, they’re learning their CompTIA A+ skills, they’re getting hands-on labs and lectures around those cyber concepts and terminology. And then we also expand on the in-class content that we’ve developed with guest speakers from our corporate partners. And they come in and they’ll do a deep dive on forensics, or a red team activity, or just general things like how to navigate your technology career advice. So really just kind of a full 360 introduction, deep-dive exposure to cyber professionals.

Curran: OK. And where do you find folks that have that passion for cybersecurity and want to become part of and get trained at NPower? Where’s your demographic that you find these folks and get ‘em interested?

Abbott: You know, we really champion ourselves as a provider of diverse talent. So we focus on young adults age 18 to 26 at the entry point. And military-connected, which is kind of an umbrella term that we use to include reservist, active duty, transitioning service members, veterans, and military spouses. And really just, you know, word of mouth is kind of the biggest pipeline. Someone goes through the program, they have an amazing experience, they tell their friends, families, and stuff like that.

I think that cybersecurity has just only increased in visibility and popularity as a career field that people want to pursue.

Curran: Tell me about the veterans. That’s a specific group that NPower works with pretty closely. What sort of hurdles do they face when they enter the tech world?

Abbott: I think the biggest thing they face is really just kind of translating military speak into civilian speak. It’s the one thing that we see, the most common challenge that our program teams see with our military-connected trainees. But what’s really great is that they are extremely well suited. They’re coming with that military mindset, that defense mindset. They’re strategic. So they’re already kind of coming in with that head space around how do we defend this arena, right? So it’s just really helping them translate a lot of military jargon into civilian terminology and being able to translate the skills. Leadership for folks who have worked either in intelligence or in technology, just being able to translate that work experience into, you know, corporate terms.

Curran: In an average year, how many folks are ready to be hired?

Abbott: So, across all of our programs—all three of our programs, which is tech fundamentals, cyber, and cloud—we train around 1,500 trainees per year. We’ve also been working with high school students to really kind of plant that seed earlier in the pipeline, with about 600 high school students a year. So we’re looking at just over 2,000 people per year that we are enrolling in training. And then for our cyber program, we recently just increased our headcount. We’re now going to be doing 120 trainees per year.

Curran: I’m curious about the folks who are doing the training. Tell me about them. Is it a volunteer activity or people taking their time? Tell me about the teachers.

Abbott: All of our instructors are paid, so they’re on our payroll. We have an in-house pool of instructors, and we have an in-house curriculum that we have developed in cooperation with our corporate partners. So everything we do is industry-informed. So it’s kind of a quid pro quo situation in that, you know, we recognize that there is this talent gap in the IT and cyberspace, and there is this untapped pool of talent that is super excited about technology but just didn’t have the opportunities to pursue it. And so how can we help both of these populations meet? So, you know, helping lift up folks that don’t have access to IT careers, get them up to speed, and then helping our corporate partners fill those talent gaps.

Curran: We recently celebrated Women of Color in Tech Day. Can you talk a bit about the research that NPower has conducted looking into this particular demographic?

Abbott: That is an initiative called Command Shift, which is our women of color in tech initiative. For anyone who’s interested, you can go to our website, which is NPower.org, and look under the Engage tab and get more detailed information. But the kind of thumbnail sketch of that is they did this amazing research where they found that only 5% of the technology workforce is women of color. And the goal that they set for themselves is to increase that number to 10% by the year 2030. So they launched in 2020, and since then, that number has grown from 5% to 7%. They just did a presentation, kind of a town hall meeting, where they updated their progress over the last three years. So they’ve helped contribute to that increase in 2%. It’s slow but steady.

And we are currently working on developing another training program targeted specifically to women of color who are in tech-adjacent roles. Think of a call center manager—they are technology fluent. They use technology in their day-to-day job, but it may not be IT- or cyber-specific, but we’re confident that with the right training, they’re able to take that knowledge and skill base and transition into a more, like, keyboard facing technology role or a management or a project management type of role.

Curran: I’m cognizant to make sure if anyone’s listening to the podcast and they fall into the demographic you described to be part of NPower from a student standpoint and the certification process. How do they get in touch? Do they just go to the website, or how would they get in touch so they could become a student?

Abbott: Yeah, absolutely. So they go to NPower.org, and then right on that front page there is an apply section. And once you hover over that, it’ll drop down to all of our programs. So, as I mentioned, there’s tech fundamentals for folks that are just starting out. We have cyber and cloud for folks that have a little bit more experience. And then most recently we have SkillBridge, which is a Department of Defense partnership where we are training transitioning service members that are within six months of discharging from their active duty and training them in cybersecurity. So they are getting that cybersecurity curriculum as well. It’s virtual for this cohort, but it’s going to be on-base training for those folks that are going to be transitioning.

Curran: Let’s talk about the businesses. What are the basic steps for corporations to take right now to get involved with NPower?

Abbott: We have historically relied on internships over the years. And that’s a great way for our trainees to get that initial hands-on exposure, on-the-job kind of training and mentorship. But recently we’ve been really pushing apprenticeships. Apprenticeships, especially for cybersecurity, is a great way to onboard and ramp people up.

We always say here at NPower that entry-level cyber roles are not entry-level IT roles, and you gotta bring either a certain level of skill and knowledge or experience to hit the ground running—even for entry-level cyber roles—and apprenticeships are a great way to do that because you can take someone that kind of has those basic skills and that are trainable and hungry to learn more, and then over a course of six months, get them acclimated, get them trained, maybe get them some additional certifications that we don’t offer and get them really ready to, um, potentially transition into a full-time role.

Curran: Business leaders, sometimes they shoot themselves in the foot by creating job descriptions or requirements that disqualify worthy candidates. One that comes to mind is maybe a bachelor’s degree requirement or something that just certainly wouldn’t be applicable. Can you give some examples of that?

Abbott: Yeah, absolutely. My favorite example is you see an entry-level security analyst role that requires a CISSP certification. Why does an entry-level role need a, a management-level certification that requires a minimum of five years experience in the field? And then I think there was a tweet going around about a year or two ago, and it was a gentleman who had created a technology tool that was shared on GitHub, and he was like, I just applied for a job that requires five years in a technology that I just created two years ago .

I think there’s a lot of disconnect between the talent acquisition teams and the cyber managers and them just not communicating with each other. So I’m working on developing a toolkit to help hiring managers craft really good job descriptions and foster that communication between the cyber leaders and the talent acquisition team.

I get that if you want to move into management and senior-level roles, you may have to go back to school and get some education, but for those entry- to mid-level roles, [the employer could be] cutting out as much as 60% of potential candidates. And then, going even deeper than that, to the diversity aspect, you start cutting out like 70% of African Americans and maybe 80% of Hispanic candidates. And in every conversation that I have anecdotally with hiring managers, they never talk about college degrees. When we ask them what they look for, they’re like, we want someone that’s a good team player, we want someone that’s a good communicator and someone that is a good learner. And the skill of being able to learn is gonna be the most valuable skill in the future, right?

Curran: Yeah. And intellectual curiosity.

Abbott: Yes.

Curran: You know, that’s super important, and you obviously don’t get that out of a four-year degree all the time. As we talk about DEI, certainly part of it is the attraction of diverse talent, but another big part of it is making that diverse talent feel included and welcome at the company. The inclusion part of that sometimes gets overlooked.

Abbott: The one thing I kind of like to preach is that diversity is easy. You can make a conscious decision to hire more minorities, more women. But inclusion is so hard. It’s making people feel welcome once they’re onboarded, right? And so it’s like walking this fine line of like, Hey, we need to be flexible in our onboarding approach to cater to all of the different life experiences of candidates that are coming to us without making them feel like a diversity hire at the same time.

Curran: Huge point, huge point. I think a lot of companies, they look and they solely focus on the hiring, and then they realize that the talent isn’t resonating here. It’s not an environment where they can thrive.

Abbott: Yeah. And it’s hard—I’m putting on my anthropology hat here, but like when you look at how society has kind of kept people separated in their little silos, cultural silos, it’s so hard to break out of that and kind of think broader than your life experience, right?

Curran: The graduates of NPower, where do they go to work—bigger corporations or startups, or is it 50-50? Is it any kind of industry?

Abbott: We are headquartered out here in Brooklyn. So due to our proximity to Wall Street, we have a lot of finance engagement out here. But Citi is a great example, right? We started off with them many, many years ago, and they would take one or two folks. And now that partnership has expanded where they take dozens of interns and apprenticeships—every cohort, which is twice a year across the country.

We also work with managed service providers, like WWT is another big partner, and they kind of contract out folks to various companies. We also work with federal organizations. The Federal Reserve Bank is actually another partner that we’ve worked with over the years. You know, we have a spectrum of talent, so we try to have a spectrum of opportunities, from large corporations to small local nonprofits, that’ll be a good fit for any of our trainees.

Curran: Like you mentioned earlier, with all the digital transformation that’s going around, every company is a tech company right now.

So Nelson, this has been great. Congratulations on your all, all your success, but the best is yet to come with NPower, so keep up the great work.

Abbott: Thank you.

Curran: I’ve been talking with Nelson Abbott, senior director of advanced program operations at NPower.

If you’d like to read more about NPower and its work as a cybersecurity training pipeline, check out Focal Point, Tanium’s online cyber news magazine. We’ve got links to several articles in the show notes. Or visit tanium.com. To hear more conversations with today’s top business leaders and security experts. Make sure to subscribe to Let’s Converge on your favorite podcast app. And if you liked this episode, please give us a five-star rating.

Thanks for listening. We look forward to sharing more cyber insights on the next episode of Let’s Converge.