black woman working on computer in the hallway, diversity, SysAdmin Day

Embracing more females within cybersecurity

black woman working on computer in the hallway, diversity, SysAdmin Dayblack woman working on computer in the hallway, diversity, SysAdmin Day

As a result of the ongoing pandemic, the cybersecurity industry has continued to accelerate, and has no indication of slowing down anytime soon.

With new and innovative methods of hacking affecting businesses of all kinds, the number of cyber attacks is also increasing. A report by DCMS showed that the UK’s cyber security industry is now worth an estimated £8.3 billion – but why do we still see a lack of female representatives for an industry so high in demand?

The industry predominantly remains male-dominated, and this lack of diversity, in turn, means less available talent to help keep up with the rise in mounting cyber threats. Women currently represent about 20% of people working in the field of cybersecurity, says Gartner. Andrea Babbs, Head of Sales UK & Ireland at VIPRE Security, outlines how attracting and embracing more females, and providing equal opportunities within the workplace, is significant for the future of the cybersecurity industry.

Male Dominated Subjects

Even at the very beginning of a ‘tech’ based career pathway, a woman’s success is already limited.  Females make up only 28% of the workforce in science, technology, engineering and math subjects (STEM), and are systematically tracked away from these subjects throughout their learning, and pushed towards written and creative arts, narrowing their training and potential positions to go into these fields later in life.

STEM subjects are traditionally considered as masculine by many. All too often, teachers and parents may steer girls away from pursuing such areas – with females making up just 26% of STEM graduates in 2019. Additionally, there is a need for more female STEM teachers, as young girls may feel that they cannot be what they can’t see.Because less women study and work in STEM, these fields tend to create exclusionary male-dominated cultures that are not inclusive of, or appealing to women.

Barriers into the cybersecurity industry already exist, such as often requiring a minimum of two years of experience for entry level positions. This proposes the question, how do you get those two years without being offered an opportunity to gain the necessary skills or lessons? This requirement leads to talented, tech-savvy young women entering non-tech sectors, further enhancing the pattern of fewer women in cyber security, as well as technology as a whole, even if they have trained in that subject.

Additionally, females who have been successful in entering the industry often receive different treatment compared to males who work in technology, and can occasionally be mistaken for having a less ‘dominant’ role. Another VIPRE colleague, Angela, who has been a Support Engineer at VIPRE for over ten years is still asked to put people through to an engineer on the phone – as it is perceived that as a woman, she can’t be one herself, despite having over a decade of experience. These stereotypes can therefore discourage young women from entering the field and diminish the accomplishments and self esteem of those already in it.

Obstacles and Challenges 

From engineers to analysts, consultants and technologists, the roles are unlimited in cybersecurity. It is clear for women entering the industry that the profession is not limited to just one type of job, and requires a range of skill sets, most of which can now be done remotely  – which has been heightened due to COVID-19.

However, research demonstrates that 66% of women reported that there is no path of progression for them in their career at their current tech companies, suggesting the very reason why women tend to end up in the more ‘customer facing’ roles, such as marketing, sales or customer support. How can females continue to advance once they have a foot in the door into more technical or product focused roles?

Despite girls outperforming boys across a range of STEM subjects, including maths and science, the  presumption remains that women are not equipped to take on ‘complex’ tasks and roles. To support this, research reveals those who attend an ‘all-girls’ school and see their female peers also participating in technology subjects, therefore do not have lower-esteem when pursuing that industry, and are in a learning environment free from gender stereotyping, unconscious bias and social pressure. And even if a female is successful within these areas, we continue to see a lack of women represented in senior leadership roles on boards, as CEOs and in STEM careers. We need to dispel the myths that women cannot take on ‘tech-heavy’ jobs.

Maternity leave or taking a break to raise a family is another challenge women face later on in their career. Employers might question the gap in their CV when they eventually want to return to work after taking a break from such a demanding industry to start and raise a family. A recent study shows that three in five professional women return to lower paid or lower-skilled jobs following their career breaks.  Additionally, the challenges faced by women returning to the workplace costs the UK an estimated £1.7 billion a year in lost economic output.

“It’s almost considered career suicide to leave,” explains the former senior director of the Anita Borg Institute for Women and Technology, Claudia Galvan. These women find it “almost impossible to go back to work, or if they do go back to work, they have to take totally different jobs from what their career was, a demotion, of course pay cuts — and that’s if they get the opportunity to get back into the workforce.”

Based on my personal experience at a previous employer, whilst it was agreed that I could work fewer days a week after returning from maternity leave, this arguably caused more problems. The ‘compromise’ that was reached was that I could work four days but I still needed to have the same target as people in the same position who worked five days a week. They also reduced my pay by 20% inline with the four day week, and actually created a more stressful environment as I found myself working longer hours over the four days.

Everyone is the target. So why not get everyone involved? 

To ensure that women gain equal footing in stereotypically male-dominated industries, there is an often-overlooked factor – men need equality too. Businesses need to offer the same level of paternity leave and support to men as they do women when it comes to looking after a family. This then leads to the need for flexibility within working hours for school runs, for example, as it needs to be understood that men have children too, and women are not always the number one caregiver. For example, my husband received more questions about taking time off if our child was unwell than I ever did. He was constantly asked of my whereabouts as if it was my sole responsibility to look after our child, not both of us. Ultimately, the debate here is not just that there needs to be more women in cybersecurity and technology, but that workforces must have diversity within them.

Having a diverse workforce allows there to be a balance of input, more creativity, new perspectives and fresh ideas. From different learning paths, to ways of approaching problems, and bringing in wider viewpoints, women bring an array of different skills, attributes and experience to cybersecurity roles. Working in an industry like cybersecurity where everyone is impacted and everyone is a target – we need everyone to be involved in developing solutions which work to solve the problem. This is not just limited  to gender, but also includes age, culture, race and religion. To truly mitigate the risk of cybercrime, we need a solution relevant to all the people impacted by the problem.

Taking Action 

To begin with, whether this is from a younger age during school studies or university courses, offering varied entry pathways into the industry, or making it easier to return after a break, women must be encouraged into the field of cybersecurity. These hurdles into the sector have to be addressed.

Each business has a part to play when it comes to ensuring that their organisation meets the requirements of all of their employees. From remote or hybrid working, reduced hours or adequate maternity and paternity support, working hours should be more flexible to suit the needs of the employee.

A “return to work scheme” would greatly benefit women if companies were to implement them. This can help those who have had a break from the industry get back into work – and this doesn’t necessarily mean limiting them to roles such as customer support, sales and marketing. HR teams must also do better when it comes to job descriptions, ensuring they appeal to a wider audience, offer flexibility and that the recruitment pool is as diverse as can be.

Setting up the Cyber Security Skill strategy, the government has started taking action. Businesses themselves have also started to enforce programmes to support those with gaps in their CV’s and are eager to return to their careers, such as the Ziff Davis’s Restart Programme. This programme is committed  to those who have a gap in their experience and are keen to return to their careers, providing them with an employment opportunity which emphasises growth and training, helping professionals return to the workforce. When businesses step up and take matters into their own hands, it provides more available paths into the industry for everyone.

Creating a Gender-Balanced Cyber Workforce 

The cybersecurity industry remains an attractive and lucrative career path, but more should be done to direct female students in the right way to pursue a job role within STEM and to support those who are returning to work.

There is more of a need than ever before for more diverse teams, as cybersecurity threats become more varied. Becoming part of a gender-balanced cyber workforce is an efficient way to avoid unconscious bias and build a range of solutions to complex problems.

Whilst the latest government initiatives and courses to attract diverse talent, and better the UK’s security and technology sectors is a great start, the only way to progress is more investment and emphasis on STEM as a career path. This will encourage both males and females, who are treated equally and can see themselves reflected in their senior management teams.

Andrea BabbsAbout the author

Andrea Babbs has worked in the IT Industry for over 20 years. During that time she has worked for IT Security Vendors and Resellers dealing with email, endpoint and web security. Andrea is currently Country Manager and Head of Sales for VIPRE Security Limited, where she manages the UK and Irish business. Andrea’s length of experience in the industry means she has seen the threat landscape change from simple viruses and spam to the sophisticated, zero-day, polymorphic threats of today. However, she recognises that in attacks of all types, humans are the last line of defence, meaning they need awareness and effective tools to help them prevent little mistakes with big consequences.


Finding a voice as a woman in cyber security

Article by Charity Wright, Cyber Threat Intelligence Advisor at IntSights

cyber securityWorking as a woman in any industry, including the cyber security industry can be incredibly challenging.  We frequently need to prove that our intelligence and knowledge is valid to be respected and have our voices heard. 

Strong and resilient women before us have ensured future generations have the ability to overcome discriminatory obstacles, but a history of patriarchal rule means that we still have a long way to go in ensuring an equal and fair workplace, without gender discrimination. For instance, The Pipeline’s Women Count 2020 report shows that out of the FTSE top 350 companies, only 14 are led by women, and 15 percent of companies have no female executives at all.

The cyber security industry also shows a larger gender gap. The NCSC and KPMG UK recently published their first annual Decrypting Diversity report which highlighted that there was “a lack of inclusivity across gender, sexual orientation, social mobility and ethnicity” within the industry, and female representation in UK cyber security companies is only 31 percent. Both reports highlight a need for more inclusivity and female representation in both the cyber community and in organisations in general. Without equality in the workplace, we cannot expect future generations to join an industry where the facts and figures suggest they do not have a place there.

There are, however, many women who have made a name for themselves and have succeeded in what is a predominantly male run industry. Cyber security offers a range of exciting opportunities, and every day is different which brings a personal diversity to a working day. There are many ways in which women can get into cyber security and become engaged in all that it has to offer.

Hungry to learn?

There are two predominant routes into the cybersecurity industry: the military and university.  However, they are not the only pathways. Many industries require the same skill sets that cyber security also requires. From law, to data analysts, and even business risk jobs, the skills used in jobs such as these are easily transferable to cyber security. If there is curiosity, a willingness to learn and the hunger to understand technology and how it is used in our world today, then the components needed to succeed within this industry are already there.

Skills and qualifications

With that said, cyber security recruiters will always be looking for a set of qualifications when considering hiring someone. While having the personal behaviours and attributes to work in cyber is important, so are qualifications because it shows a willingness to put in the work to learn and improve. For example, a degree in International Studies or in International Relations creates an understanding of the global issues affecting society today as well as establishing a better understanding of different nations and cultures. This aids a career in cyber security because this knowledge helps apprehend a nation’s, or a cyber attacker’s motives and possibly their behaviours according to differences in culture, ideology, and long-term goals.

Certifications also show that candidates are willing to put in the hard work to learn important skills. Security+ is an excellent starting point because it provides the foundational skills needed to pursue a career in security; from threat intelligence, to cryptography, vulnerability management and even physical security, there are numerous paths that can be taken in order to progress in the cyber security industry. Many people that are exploring cyber security as a career use the Security+ certification to help discover which area appeals to them the most.

Mentoring - how to know who is the right mentor for you?

Finding a mentor is also an important step to creating a successful career in cyber security. Reading thought leadership pieces or looking at research from seasoned cyber professionals is a great, free way to learn, and the information out there is unlimited. It’s also worth connecting with these individuals on LinkedIn and expressing an interest in the work they do by asking them questions.  Mentors usually look for individuals who already know the direction they would like to take in their career and who are taking proactive steps to start their journey in cyber by taking classes and learning about the industry. This demonstrates an eagerness to learn and progress so potential mentors are more likely to invest their time.

Once you find a job, find a female mentor within the company. Shadowing is a good way of finding out how females in a company work within the industry and within their space. Often, women find it difficult to speak up in a meeting or express how they are feeling about a certain topic or action at work, so it is important to ask a female mentor how they do it, or simply ask to observe a meeting where women are attending and contributing. For example, how do they go into a meeting room full of men and express their ideas and input? Where do the women sit at the table? Do they allow men to talk over them and interrupt them or do they respectfully insist on being heard?  Learn by shadowing a female mentor who demonstrates courage and strength and manages to assert herself in scenarios such as these.

Looking into the future…

There will be challenges in any working environment and career, but gender should never be one of them. With a drive and passion for wanting to get into cyber security, taking the steps to begin a career in the industry is straightforward. Whether learning from a mentor, from a qualification, or from a certification (or ideally all three), the power to succeed is there. With more women feeling able to enter a career in the cyber security industry, we should expect future diversity reports to show more equal figures and, hopefully, a rise in female leadership roles.

Charity WrightAbout the author

Charity Wright is a Cyber Threat Intelligence Analyst at threat intelligence company, IntSights.  She has over 15 years' experience at US Army and the National Security Agency, where she translated Mandarin Chinese. Wright now focuses her attention on dark web cyberthreat intelligence. She enjoys the dynamic threat environment of cybercriminal communication and networks and thrives on providing relevant, timely intel to her customers at IntSights.