In 2020, the Hewlett Foundation Cyber Initiative engaged evaluation consultants Jodi Nelson and Claire McGuinnes to evaluate its “talent pipeline” grantmaking strategy, which provides funding to universities to train “experts with the necessary mix of technical and non-technical skills and knowledge to staff” the core cyber policy institutions fostered by the initiative, as well as other institutions, government agencies, and private industry.

Three evaluation questions guided their data collection and analysis:

  1. Where are we now? – What is the current state of Hewlett’s talent pipeline, and the larger landscape of university cyber programs? What is working well and what is not, and why? What groups are well-served by the pipeline?
  2. How did we get here? – What factors have driven the pipeline’s development? How effective was Hewlett’s approach, and what role did its assumptions play? How did that effect which stakeholders were served and why?
  3. Where do we go now? – What opportunities exist to further build the pipeline in the future? What gaps still exist, particularly in who Hewlett is serving? What are the approaches and lessons learned that can be shared with other funders as Hewlett prepares to exit the field?

The full evaluation document provides a map of interdisciplinary cyber programs at American universities—public and private, Cyber Initiative grantees and non-grantees—while identifying the barriers to the formation and success of such programs. These barriers, which are not unique to interdisciplinary cyber programs, include how tenure decisions fail to provide incentives for interdisciplinary work, as well as the challenge of getting buy-in from university leadership and securing funding for such programs.

The evaluators go on to examine how university cyber programs approach issues of diversity, equity, and inclusion (DEI) in their practices. Among their findings, they note that public university programs are more likely to prioritize specific DEI actions than those located at private universities and that to date no minority-serving institutions are included in the Cyber Initiative grantee portfolio.

The evaluators conclude with a series of recommendations to the Cyber Initiative and other funders interested in contributing “to an effective, diverse, equitable, and inclusive cybersecurity field,” including:

  • Increasing support for public universities already in the Cyber Initiative grantee portfolio.
  • Supporting schools where the student population is predominantly non-white, such as historically black colleges and universities (HBCUs) to “help create the conditions for robust cyber programs.”
  • Investing in HBCU partnership models while making grants to HBCUs themselves rather than their predominantly white partner institutions.
  • For other funders interested in investing in university cyber programs, addressing the challenges that faculty face in establishing interdisciplinary programs and considering other ways of supporting cyber education, including at the K-12 level.