For too long, STEM subjects like maths and science have been perceived as male domains, writes Heather Gantt-Evans, CISO of SailPoint. Name a scientist, technologist or engineer, and figures like Professor Stephen Hawking or the fictional Sheldon Cooper immediately come to mind for many.

Even for the modern-day tech entrepreneur, the narrative is often a computer whizz coding in his family garage and using the space to launch his own start-up.

Some IT careers are closed off to women…

This perpetuates the perception that the tech industry is closed-off to those who don’t feel they fit the ‘mould’. And all too often, this applies to women, with the tech industry remaining male-dominated. In cyber security, just a just a quarter (25%) of jobs globally are held by the female workforce.

The industry must work to build a more open and inclusive environment where more women can envision themselves working within IT. In the past year, we’ve seen record levels of investment for the UK cyber security sector, but it must ensure it is growing in-line with new perspectives and greater diversity.

Below are three considerations as we look to break down the STEM stigma and dispel the industry’s often-intimidating reputation once and for all.

Expertise in cyber security can be taught

When any of us, men and women alike, picture a career in STEM, we keep to the storyline that all technologists can read ones and zeros – this is simply not the case, even within cyber security.

Despite the common narrative, you don’t need a STEM-based degree to get into the industry. A good security professional isn’t defined by their qualifications or academic achievements but by their ability to approach a problem from multiple perspectives. There is no denying that a computer science degree is helpful, but these skills can be taught on the job – what is key to making a good security professional is how to approach problem-solving.

Core cyber security skills are incredibly teachable, as long as you’re willing to learn. There are many free, online courses that can teach the fundamental skills of security. Self-training is a great way to enter the industry with foundational knowledge and some self-earned certifications to your name. Then, working within the industry first-hand can help to piece together any gaps in knowledge.

There are some cyber security skills that can’t be taught

Conversely, there are numerous skills that are difficult to teach that the cyber security industry needs more of – skills such as effective leadership, programme management, governance, story-telling, analytical thinking, and emotional intelligence to name a few. Career transitioners and those with non-STEM educational backgrounds pose a great opportunity to infuse cyber security organisations with these harder to teach skills that are in fact success criteria.

A key barrier to more women entering the industry is the perception that it’s a field for men. We need to break through this glass ceiling once and for all, but to do so, it’s important to remind ourselves of the progress that has already been made. In the past decade, the number of women globally in cyber security has increased by 150%. It certainly isn’t a profession exclusive to men, and the trend is quickly moving in the right direction.

This is underpinned by the increasing levels of gender parity we’re now seeing in higher education. In England, women (56%) are more likely to enter higher education than men (44%) – a key indicator for the future labour force and talent pipelines.

Despite this progress, there is still a long way to go before ‘imposter syndrome’ starts to fade. Studies show women are often more prone to underestimate their own qualifications. Tech leaders have traditionally been touted as masculine figures, which has often left women feeling inadequate and struggling internally with the problem of measuring up, despite their track records and potentials of success.

Companies that demonstrate a strong value-led culture can make a huge difference. This means creating a safe working environment to learn and grow by placing emphasis on professional development, support and providing constructive feedback – empowering women to break into the field. This support network is crucial and it’s already having a major impact on women staying in the industry – with two-thirds of women in cyber security saying they are committed to the profession for their whole careers.

Cyber security is suffering an acute talent shortage

If anything, joining the cyber market in 2023 couldn’t be more well-timed. With the industry facing an acute talent shortage and workforce gap – some 3.4 million people globally – businesses need to look further afield for people to mould into skilled security professionals. This is the optimal time for candidates looking to break into the profession.

Applicants mustn’t feel phased by over-complex job descriptions, and the industry needs to strongly reassess the level of jargon and skills requirements they include – they also need to be purposeful about approachability. Coding and hacking skills are, of course, very useful, but most roles don’t actually require all of this pre-existing knowledge. It’s about people with raw passion who are willing to learn while also offering new lenses to old problem sets. Organisations can then offer education, training programmes and mentor schemes to equip individuals with the skills and knowledge to be successful within the industry.

The time to enter cyber security is now

The time has come to break the glass ceiling on gender parity in cyber security once and for all. Our teams need to look as diverse as our communities and customers. Perceptions like it being a ‘man’s field’, or that technical expertise or certain degree subjects are required, are simply not true. These previous barriers to entry must come down. Instead, we need to celebrate the huge contributions women and other underrepresented groups have already made to the profession and the progress being paved for more women to get involved.

To anyone unsure about pursuing a career in cyber security, my advice to you is simple – go for it. Whether it’s getting involved in some IT-related volunteer work, looking to switch roles to more hands-on technical support work, reaching out to a potential mentor, or sending off a job application, raise your hand and get stuck in. You won’t regret it!

Heather Gantt-Evans, Chief Information Security Officer at SailPoint

Heather Gantt-Evans is currently the Chief Information Security Officer (CISO) at SailPoint – the leader in identity security governance. Heather has 15 years experience across cybersecurity, technology management, digital transformation, risk, resilience, privacy, compliance, and marketing. She has broad experience working within government and commercial sectors including financial, technology, retail, and manufacturing industries. She is known for her ability to clearly define and execute hyper-growth and transformative strategies while maintaining a strong people focus. Throughout her career she has shown the ability to scale strategies for start-ups, SMB, and Fortune 100.