Attorney Camille Stewart co-founded #ShareTheMicInCyber, a nonprofit initiative elevating Black cybersecurity professionals and tackling racism and sexism in the field, as the anti-racism movement gained momentum last summer.
Even as the Covid-19 pandemic raged, Stewart, the global head of product security strategy at Google LLC, felt a sense of urgency to begin organizing diversity and inclusion efforts in the cyber industry. So far that initiative, stemming from social media, has spurred at least six lawyers to work at drawing a more diverse workforce to the field.
Her efforts have taken on new importance as the rash of recent cyberattacks on companies like SolarWinds Inc., Colonial Pipeline Inc., and
Stewart said bringing more diverse talent to the field, especially in cybersecurity law, will close that gap and help companies improve defenses.
“Cybersecurity is rooted in people; you are seeking to protect people and you are seeking to figure out what the malicious people are trying to do,” she said. “Representing people in all backgrounds, all lived experiences, all ethnicities and races only enhances your ability to understand the malicious actor and to understand the user that you seek to protect.”
Creating pipelines to encourage diverse lawyers to practice cybersecurity and privacy law should be a priority, lawyers say, and like Stewart, many are taking the lead.
Liisa M. Thomas, partner and co-chair of Sheppard, Mullin, Richter & Hampton LLP’s global privacy and cybersecurity practice and adjunct professor at Northwestern University Law School, is co-heading a fellowship program at her firm for a small group of experienced lawyers eager to dive into cybersecurity and privacy. The fellowship will last 18 months with the lawyers most likely going in-house, Thomas said, to meet the increased demand from businesses.
Thomas has had the idea for the program for over a decade as she rose to partner and saw younger lawyers seek her mentorship.
“People began to come to me and say, ‘Can you help me? You’re biracial, you’re a Black woman. Help me out with my career,’” she said. “There are very few Black women partners. I moved up in the ranks; it’s something I’ve always been thinking about.”
Avery A. Dial, co-deputy chair of the data privacy and cybersecurity practice at Kaufman Dolowich Voluck LLP, pointed to his firm’s participation since 2019 in the Mansfield Rule certification program and said there are diverse candidates for firms looking to hire.
Administered by Diversity Lab, the Mansfield Rule measures participating law firms’ hiring practices to ensure at least 30% of the candidates considered for senior positions are women, lawyers of color, LGBTQ+ lawyers, and lawyers with disabilities.
“While in the legal industry there are, in general, a limited number of cybersecurity attorneys, we were still able to add diverse attorneys to the practice group in the past year,” Dial said in a statement, including hiring a woman as practice group chair.
In the U.S. cybersecurity workforce, 9% self-identify as African American or Black, a 2018 report co-sponsored by trade nonprofits (ISC)² Inc. and International Consortium of Minority Cybersecurity Professionals found. Overall, non-White professionals account for 26% of the field, and 14% of the workforce is female. Women make up 17% of professionals of color.
The report partly blamed the skills gap on the lack of adequate training and mentoring programs that could encourage professionals of color to stay in the field.
The daughter of a computer scientist, Stewart knew she wanted to be a lawyer when she made her parents sign contracts promising cash rewards for good grades, and her first job out of law school was at a cybersecurity company. Black lawyers may not notice the value of cybersecurity law if they don’t see anyone who resembles them practicing, Stewart said.
“You’re not going to go into an industry where you can’t see people who look like you thriving in that space, or at least surviving in that space,” she said. “Showcasing the talent that is already in the industry I think is an important part of building a pipeline that not only showcases their talent but is elevating their talent.”
Mary N. Chaney, chairwoman and CEO of Minorities in Cybersecurity, said her group is partnering with different businesses each month to share job opportunities. Coinbase Inc. was a partner in May and
“Many of my mentees have the same problems with microaggressions, with unconscious bias, with flat-out racism, with being ignored,” she said. “Why we leave the field has a lot to do with some of the unspoken things that happened. We just don’t feel welcomed.”
Chaney pushes companies partnering with MiC to ensure they work to retain diverse cyber talent.
“Going back to why we drop out is because we don’t feel supported or wanted, so what are they doing to change their culture? What are they doing about equal pay?” said Chaney. “I have these questions that I ask to ensure that they are the right fit for our organization.”
Closing the Skills Gap
Chaney, currently the information security and privacy director at Esperion Therapeutics Inc., is in talks with her alma mater, Texas Southern University Thurgood Marshall School of Law, a historically Black institution, about developing a cybersecurity and privacy law curriculum.
“There is just not a lot of minority lawyers that are looking at cybersecurity and privacy as an avenue,” she said. “I’m trying to expose the field to more people.”
Michelle Moore, director of the Graduate Cyber Security Operations and Leadership program at the University of San Diego, said the roots of the skills gap run deep, starting with elementary, middle, and high school students who may not have access to technology or hear about cybersecurity careers.
“Communication is a big piece of it, knowing where to look and where to go and where to get the right information,” she said.
Black cybersecurity lawyers say the anti-racism movement forced law firms and companies to notice their efforts to promote diversity, but they still want to see businesses and firms more actively involved to ensure success.
“It’s one thing to have a diverse team. Your diverse team needs to feel comfortable and able to provide their perspective. If you as a firm haven’t created that culture and that environment,” said Thomas, “then you’ve lost a lot of that benefit.”
Handing off the issue of promoting diversity to Black professionals will not be enough, added Chaney.
“There is work being done, and there is outreach being done,” Chaney said. “I often tell companies you can’t put the burden on the minority to fix your minority problem.”