International Women’s Day is a day to celebrate the social, economic, cultural, and political achievements of women. The day is also a call to action for accelerating gender parity and promoting women’s rights. But is it truly a cause for celebration for those women working in cybersecurity?
ISMS.Online, the people-friendly SaaS platform empowering every business to achieve simple, secure and sustainable data privacy and information security, sat down to speak with three of their team members to; understand the current challenges facing women in the sector, get their perspectives on the state of women in information security and answer the question; is the cybersecurity sector doing enough to achieve parity for women?
The gender parity challenges facing cybersecurity
Many stereotypes pervade the cybersecurity sector and, indeed, the wider STEM sector that creates unnecessary barriers to entry or turns women off from entering careers in this space. And there is also overwhelming evidence that these stereotypes are sadly reasonably accurate. According to the ISMS.online team, four persistent challenges are particularly frustrating and seemingly, despite many efforts, hard to resolve.
Men out number women In cybersecurity three to one
The cybersecurity industry is heavily male-dominated. According to various reports, women comprise only about 24% of the cybersecurity workforce. This underrepresentation of women in the industry definitely contributes to the perception that cybersecurity is a male-dominated field and unwelcoming to women. Couple that with the relatively low number of women in senior roles; just 17% of Fortune 500 CISOs are female. The sector needs to move forward with enabling and empowering more female leaders.
However, cybersecurity is a vast sector, and plenty of varied opportunities exist within it. More must be done to tackle the perception issues within cybersecurity and actively increase the number of women entering the sector. Awareness-raising and guidance by career advisors, industry events, and P.R. could show how exciting it is to be part of this ever-changing, ever-growing industry and the massive personal growth opportunities for women within it.
In the same breath, the industry needs to do more to drive tangible change in pay parity, recognition and promotion opportunities, and a safe and inclusive work environment to remove the male bias and see the female workforce grow.
The qualification myth in cybersecurity
It is generally assumed that you need a degree in computer sciences or to be really technically minded to have a career in cybersecurity. Put plainly, it’s not true, which is good news for many women who were never encouraged to go into STEM careers. Whilst a tech degree can be helpful, it’s not mandatory and cyber skills can be taught on the job.
Ultimately, what defines a good cybersecurity and infosec professional is how they approach problem-solving and other soft skills, such as verbal and written communication, presentation skills, leadership and logical reasoning. One thing successful cyber operators tend to have in common is a willingness to keep learning.
Lack of early years encouragement In STEM
Women are put off from or not steered towards tech careers from an early age. An ISC2 study highlighted the dramatic decline in the percentage of girls choosing I.T., tech or computer classes past primary school. Meanwhile, PWC research reported that just 3% of women who studied tech or computing at university went on to work in cybersecurity.
Starting at primary school, a greater focus on encouraging girls into technical and computing classes is vital. Then, the industry needs to support with activities such as mentorship programs and speaking in schools – building awareness of career paths for girls in tech and cybersecurity to tackle the misinformation that it’s not a welcoming sector for women. Internships and work experience placements could also help more females entry to the industry.
Cybersecurity means coding or hacking
Some roles require these skills, but they are far outnumbered by the many positions that don’t. Publicising them isn’t helped by job descriptions that list requirements for coding, hacking and understanding every role in the industry. This can be incredibly daunting to women, who, studies have shown, are prone to underestimate their qualifications.
With an estimated 1.8 million cybersecurity job vacancies at the end of 2022, according to ISC2, the industry needs to improve at promoting the varied and different roles available and stop perpetuating the myth that cybersecurity requires candidates to be proficient with hacking, coding and all aspects of cyber generally. The right mindset is far more critical to success.
Why cybersecurity needs gender parity and diversity
Despite all the off-putting messages and drags on female entry, almost 25% of the cybersecurity workforce is female. That may sound low, but the figure was just 11% in 2013, so the trend is heading in the right direction. How can the cybersecurity sector accelerate this growth, and what are the benefits better gender parity and diversity more generally can offer the industry? Here, three senior female ISMS.online professionals share their thoughts.
Rebecca Harper, Head of Cyber Security Analysis (pictured above left), highlights the tangible benefits women and better diversity can offer cybersecurity.
“A diverse and inclusive workplace, where women are more equally represented, can positively impact an organisation’s security. Including women in the cybersecurity and information security workforce has been shown to lead to positive outcomes, such as improved decision-making and reduced cybercrime.”
“According to a report by the National Cybersecurity Institute, organisations with more diverse workforces were found to have a lower risk of cyberattacks, with organisations with at least 30% of women in their cybersecurity teams experiencing 40% fewer security incidents.”
“Having more women in the sector and more diversity generally is so important when you consider the technology being built now, such as A.I., facial recognition, IoT health devices and how those will impact our lives significantly moving forward, the need for tech to be designed and developed by diverse groups has never been more important!”
Julia Heron, Head of Enterprise Sales & Partnering (pictured above right) challenges traditional thinking on qualifications and argues that hiring based on best fit will accelerate more women entering the sector.
“Concentrate on the transferrable skills that the role requires. The rest is industry knowledge, and good old Google can provide much of the generic insight to get started.”
“Good organisations can spot excellent transferrable skills and an appetite to learn and succeed in anyone, and then help this top talent acquire any required specific learning or credentials.”
“The industry needs people committed to fresh takes on approaching problems and investing in solving them, and willing to collaborate with others to create a solution. Cybersecurity and information security is a team sport. It takes a diversity of thought to make tech that is fit for a purpose, truly serves all people and is a catalyst for growth.”
Sadia Nasir, InfoSec Governance & Compliance Executive (pictured above, middle), says it is vital to carefully manage work and personal life in the demanding cybersecurity field.
“It is all down to self-management. Don’t make work your life; keep a balance and have your own time and activities.”
“Organisations that recognise the need to prioritise empowering staff to achieve better work-life balance are more likely to attract and retain top talent. This is especially true for women who often have more pulls on their time outside of office hours.”
“With the increasing cybersecurity skills gap, firms can no longer afford to ignore the gender imbalance in their own organisations and must do more to create a welcoming environment”.
Is the cybersecurity sector doing enough to achieve gender parity?
There’s no doubt that women must still navigate infuriating, discriminatory roadblocks to careers in cybersecurity that men are simply untroubled by. However, talented female professionals are making inroads and contributing to the sector every bit as meaningfully as their male colleagues. Whether those inroads are happening fast enough and if the industry and women’s allies are doing enough to help drive that change is still a question that is complicated to answer.
International Women’s Day, whilst providing a valuable opportunity to examine the cybersecurity sector’s challenges, highlight gender bias and focus attention on increasing the number of women in the field, is only as valuable as the meaningful action and sustainable change it can drive. The risk is that many activities are symbolic gestures supporting diversity but lacking follow-through.
Striving for gender parity should be a year-round focus, not just one month. The goal for every organisation in the industry is a 50:50 women-to-men ratio at all levels. So, I think we have to all agree that, as an industry, achieving gender parity is still a work in progress.
