diversity in cybersecurity
Image provided by Shutterstock

Cybersecurity has been fighting many of the same serious challenges for the past 20 years: malware infections, phishing attacks, identity theft, and more.

When you think about the state of security, it’s safe to say, we haven’t solved all of the problems. I can’t help but wonder if we’re in this situation partially due to a lack of diversity and innovative thinking. In the late 1990s, the percentage of women in cybersecurity was often reported to be less than ten per cent. By 2011 we reached about 11 per cent. Today, it’s around 24 per cent, a generous representation thanks to a broad view of who works in the cybersecurity field, including individuals who spend at least one quarter of their time on cybersecurity activities.

It’s widely accepted that diverse teams, companies, and industries are more innovative. Many studies show this, including this one that says diverse teams generate 19 per cent more revenue. You see diverse teams build off of one another as they develop creative, inventive, and exciting concepts that drive excitement within the organisation.

Unfortunately, it’s not just cybersecurity, but all science, technology, engineering, and math (STEM) careers where we see an unfortunate lack of diversity. Thankfully, there are many things we can do to improve diversity and recruit and retain younger women.

One of the things younger women, just entering the field, should consider is identifying male colleagues who see you as an equal. Work as closely with them as you can. They will be the men who can be your champion. For instance, if someone is dismissive to you in a meeting, these are the men who will jump in and reinforce your views.

It’s also essential that established women in the field put themselves out there as mentors. Women who have faced women-specific challenges have all of their experience to offer younger women coming into the field. These established women also need to go out and participate in as well as speak at events. So many women in this field are incredible at what they do, but often they are too timid to share their expertise. I believe many of them don’t like presenting or leading discussions for fear of coming off too confident, or worse arrogant. We have to change this by encouraging women to network and share what they know. Younger women will see this and realise that security is a field where women not only exist, but are welcome and can thrive and contribute in meaningful ways.

We also need to start young. My company engages with the Girl Scouts, ages six through twelve. We’ve invited close to 100 Girl Scouts to our offices on two separate occasions to help the girls earn either a STEM badge or a cybersecurity badge. For the events, two women on my team and I were heavily involved and shared our own experiences with the young girls. It may seem like a small step, but it’s important that girls see successful women in the cybersecurity field so that they realise Wow if I wanted to do this, I could, too.

One action I see that is not helping, is holding women-only events to discuss this issue. Women talking to women about this problem isn’t going to solve anything. Men have to hear what women have gone through for there to be progress. Men have to be invited to the conversation and play an active role in the conversation. It’s crazy, eye-opening for men when they listen to our stories and they then are motivated to change.

Things have definitely gotten better in the past twenty years when it comes to getting more women in the cybersecurity field, yet there’s still so much more to be achieved. We will finally have success when we not only have about 50 per cent parity in the field, but also find it’s no longer necessary to discuss this as a topic.

Jadee HansonAbout the author

As chief information security officer at Code42, Jadee Hanson leads global risk and compliance, security operations, incident response, and insider threat monitoring and investigations. To her position, she brings more than 15 years of information security experience and a proven track record of building security programs.