March 8 was International Women’s Day. A lot of folks will say, “why do we need a special day for women? Women have equality now – don’t they?” To an extent, this is true. Compared to the 1950s, women in many Western countries have better access to education and the workplace. However, in the world of technology and, specifically in cybersecurity, there still seems to be a wide chasm to cross to achieve parity of the sexes.
The tech world, in general, still seems to be a man’s domain. Statistics from some of the world’s largest tech companies show that women are still in the minority in holding tech jobs. Uber has a female workforce of only 15% with Apple slightly better at 23% (1).
In cybersecurity, the situation is even worse. A 2017 (ISC)2 report showed that women made up only 11% of the global security workforce. (2)
You may be saying to yourself at this point, “So what – women obviously don’t like cybersecurity and aren’t interested in technology.” But, we have to start looking more deeply at the whys of this, because study after study warns of the imminent workforce shortfalls in cybersecurity. One such study, by (ISC)2 and Booz Allen Hamilton, indicated that there will be a shortfall of at least 1.8 million workers by 2022. (3)
Cybersecurity, perhaps more than other areas of technology, requires a multidisciplinary approach to problems. In cybersecurity, problem-solving skills and a holistic view of a challenge is key to resolving an issue. Having a team made up of diverse individuals can only work to improve the outcome of that team.
Encouraging women to look to a career in cybersecurity is one way in which we can plug the gap between workforce needs and the supply of workers.
Why Are Women Not Entering a Career in Cybersecurity?
The aforementioned (ISC)2 report also found that 51% of women working in cybersecurity experienced some form of discrimination. This often took the form of the glass ceiling, as men were 9 times more likely to hold managerial positions. The report also states that women earned less than their male counterparts at all levels in the industry. This is demonstrated in statistics from DataUSA, which show that male security analysts earn, on average, $100,157, whereas their female counterparts only earn $77,347 (4).
This kind of environment quickly translates into an unhappy employee. And word gets around. If your female friend who works in cybersecurity mentions negative experiences to another female, it discourages that female from thinking about entering the profession.
So just why are women staying away in droves, or even leaving, the cybersecurity industry?
- Perception and bias: There is at least a perception that the industry is “techie” and therefore more suited to men than women. This is a societal issue. STEM fields, in general, have become associated with men. This is something that is caused by gender stereotyping from childhood. Again, study after study has shown this to be the case and highlights the importance of having the right environment to allow girls and women to feel comfortable at work (5).
- Male-dominated environment: Computing has not always been male-dominated. The early history of computing had outstanding contributions by women. But as computing became commercialized and entered the general workplace in the ‘70s and ‘80s, it started to exclude women. This has continued, as the statistics mentioned earlier prove. A male-dominated workplace can be a challenge to work in from a woman’s perspective. It puts women off, making them feel like outsiders.
- Bad behavior and outright sexism: Posts like that of Susan Fowler from Uber tell a tale of outright sexism in the industry (6). Many women in the industry, myself included, can tell similar tales of bad behavior. This may be laughed off by some as “banter” but it is preventing organizations from creating a truly inclusive workplace.
How Can an Organization Encourage Women to Work in Cybersecurity?
In India, 45% of entrants in computing courses are female; this is almost three times the proportion in the United States. When this was analyzed, it was found that a mixture of early encouragement by family and visible role models, often displayed in ads encouraging women to enter a career in computing, created the perception of a more attractive career for women. Unfortunately, the study also found that the women quickly moved out of computing careers because of discrimination in the workplace (7).
Discrimination comes in many forms for women. It can be active repression of salary or career path or it can be the slow drip, drip, drip of an aggressive manager who makes a person feel worthless. It can also be at an enterprise cultural level, as was seen recently at Google: A male employee sent out a memo suggesting that the gap between numbers of male/female workers was due to “inherent psychological differences between men and women.” as opposed to sexism (8). It is worth noting the science does not validate these views (9).
Women should not be discouraged from working in the cybersecurity industry. The industry is dealing with enormous challenges that have now gone beyond just technology, as crimes like business email compromise (BEC) have shown (10). Cybersecurity affects all of us and the cybercriminal uses every tool available. We need a cohesive and inclusive way of dealing with this phenomenon. Men and women work fantastically well together in many other areas of life. We need to embrace each other in the area of cybersecurity, too. Together, we can create teams to solve problems on the multiple levels that cybersecurity faces.
Some Ideas to Make Your Organization Woman-Friendly
- Mentor: We all need role models to encourage us. Set up mentoring programs for women by women.
- Positive discrimination: This is controversial, but consider a program where you actively recruit women.
- Create a comfortable environment: Many meetings may have an underrepresentation of females. It can be hard to speak out as it draws attention. Encourage women to speak up in meetings without feeling like they are being judged for how they look.
- Create a flexible working environment. Women are still predominantly responsible for family arrangements. Build a more flexible working environment so that childcare and other care arrangements can be accommodated without impacting a career. This should also benefit men in the same position.
Resources for Women in the Cybersecurity Industry
Groups for women in cybersecurity and related fields:
- Diana Initiative: Aims to support women who want careers in information security.
- Women in Cybersecurity (WiCyS): Helps to raise awareness of the issues faced by women entering the information security workforce.
- Women in Security and Privacy (WiSP): Full community support and conferences.
There are a number of LinkedIn groups and Meetups:
- League of Women in Cybersecurity
- Philadelphia Women and Cyber Security
- Seattle Women in Cyber Security and Info Security (SWiCSIS)
- Women in Identity
- Women in Security and Privacy
- Women in Cybersecurity
Cybersecurity Scholarship Opportunities From InfoSec Institute
InfoSec Institute just launched a new cybersecurity scholarship program to help close the growing cybersecurity skills gap and encourage new talent to join the industry. It awards over $50,000 in training courses to four recipients each year. Valued at $12,600 each, the scholarships guide aspiring security professionals through a progressive career path.
Scholarships target underrepresented groups in cybersecurity (including women and minorities), and include certification exam vouchers to give recipients the skills, credentials and experience needed to secure a professional-level cybersecurity position. Selection criteria varies by scholarship, but exclusively focuses on those seeking a career in cybersecurity. Available scholarships include:
- Women in Cybersecurity Scholarship
- Diversity in Cybersecurity Scholarship
- Military Cybersecurity Scholarship
- Undergraduate Cybersecurity Scholarship
WiCyS conference 29-30 March 2019, Pittsburgh: https://www.wicys.net/
5th National Women in Cybersecurity Conference (March 2018): https://cra.org/cra-w/events/5th-national-women-cybersecurity-conference-wicys/
DefendCon May 31, 2018,Bellevue: https://www.wisporg.com/events-calendar/2018/5/31/defendcon
Women in Security Forum: https://www.wisporg.com/events-calendar/2018/5/3/women-in-security-forum
- Statistica, The Tech World Is Still a Man’s World: https://www.statista.com/chart/4467/female-employees-at-tech-companies/
- (ISC)2 ,Women in Cybersecurity Report: https://iamcybersafe.org/wp-content/uploads/2017/03/WomensReport.pdf
- (ISC)2 and Booz Allen Hamilton: https://www.isc2.org/News-and-Events/Press-Room/Posts/2017/02/13/Cybersecurity-Workforce-Shortage-Continues-to-Grow-Worldwide
- AAU, Why So Few? Women in Science, Technology, Engineering, and Mathematics: https://www.aauw.org/research/why-so-few/
- Susan Fowler blog, Reflecting On One Very, Very Strange Year At Uber: https://www.susanjfowler.com/blog/2017/2/19/reflecting-on-one-very-strange-year-at-uber
- Thakkar, D., al., The Unexpected Entry and Exodus of Women in Computing and HCI in India: https://ai.google/research/pubs/pub46533
- Motherboard: https://motherboard.vice.com/en_us/article/kzbm4a/employees-anti-diversity-manifesto-goes-internally-viral-at-google
- Recode, We’ve studied gender and STEM for 25 years. The science doesn’t support the Google memo: https://www.recode.net/2017/8/11/16127992/google-engineer-memo-research-science-women-biology-tech-james-damore
- Infosec Institute, What is Business Email Compromise (BEC)?: https://resources.infosecinstitute.com/business-email-compromise-bec/
- DataUSA: https://datausa.io/profile/soc/151122/