As computer and data security has begun to receive more attention than before, and as the demand for security professionals grows, the lack of women in the cyber industry is staggering. Although strides have been made, women continue to be underrepresented in cyber companies. According to research from the Center for Cyber Safety and Education (the Center) and the Executive Women’s Forum on Information Security, Risk Management and Privacy (EWF), only 11 percent of the information security workforce is comprised of women. Additionally, according to CompTIA, just 37 percent of girls know of someone with a job in IT. In fact, only 27 percent of middle school girls even consider a career in tech, but by high school, this number drops to 18 percent. Among those who have considered a career in IT, only 60 percent know an IT professional.
This gender gap in the cyber industry exists not due to a lack of interest in things like cyber security or intelligent video analytics, nor because of a lack in qualified women who want the job. CREST’s 2016 Diversity Workshop revealed from participants that very often the language used to describe the industry can be considered “too opaque, too intimidating and full of male connotations.” Attendees discussed the perception that the industry is overly technical or boring. Moreover, the research from the Center and EWF found that women in cybersecurity hold fewer senior-level positions and earn less money and 51 percent of women in the cyber industry in North America and Latin America have experienced some form of discrimination, whereas only 15 percent of men have.
EWF’s executive director Lynn Terwoerds said, “It is one thing to have the suspicion that women are feeling a level of discrimination. It’s a whole other thing to see it in writing as a metric. It’s not a motivator to come to the profession or to stay in the profession.” The 2017 Global Information Security Workforce Study offered practical ways to attract and retain women in the cyber industry: end pay inequity, identify bias in recruiting and performance evaluations, value different educational backgrounds, and make the workplace more inclusive. Along with this, Tara O’Sullivan, chief creative officer at Skillsoft states the “cyber gap needs to be closed with education.”
Closing the gender gap has huge implications for our global economy. There is a growing realization that a diverse team of cyber techs can actually be better prepared and more efficient at identifying and counteracting known and unknown threats. At the 2017 Rocky Mountain Regional Collegiate Cyber Defense Competition, a winning team of four women and four men showed just how crucial it is to have this diversity. Cyberdefense coach Dale C. Rowe’s team has won the competition two years in a row and doesn’t think it’s a coincidence. The BYU team has won two consecutive regional titles and landed in second place nationwide last year. According to Rowe, the women in the program “are whipped up for internships and placements with extraordinary rapidity.”
Companies that are looking to diversify their teams need to identify unintentional biases in their hiring processes and, of course, this goes beyond gender. People from different cultural, educational, financial, and ethnic backgrounds bring different and new insights to problem-solving. As companies look to diversify, they will need to proactively recruit women in the field. CompTIA’s research showed that of the women who haven’t considered a career in IT, 69 percent attributed this to not knowing the opportunities that are available to them. Fifty-three percent said additional information about career options would encourage them to consider an IT job. Along with this, attendees at the CREST workshop also stated that portraying the industry in “an accurate, positive way” is crucial to increasing the amount of women in the industry. According to the group, "the marketing of the cybersecurity industry needs a lot of further consideration, particularly relating to ensuring its messaging is gender-neutral and thus attracting both sexes." Shamla Naidoo, global chief information security officer at IBM has said: “With increasingly sophisticated threats and the demand for security talent soaring, the cybersecurity field is one that absolutely cannot afford to neglect the population of women and the many talents they offer.”
Companies can close this gender gap by also working with schools to educate girls and by marketing cybersecurity career opportunities to women. And, of course, by promoting women to high-level cybersecurity jobs to provide role models for girls. Primary educators and parents play a huge part in introducing these subjects to young girls and encouraging their interest in technology. Participants at the CREST workshop suggested that employers could even have stronger connections with the schools by “running initiatives to engage school children in workshops, classes, and demonstrations to inspire them to strive for cybersecurity careers.” Companies need to play a larger role in encouraging girls to pursue technology careers and subjects in school. Changes will be seen as access to education and training and encouragement from IT companies, parents, the media, and peers increases. As vulnerabilities and threats in the industry increase, it is imperative for the cyber industry to facilitate the recruitment, retainment, and promotion of women.