Why we need more women in cybersecurity

and the obstacles that are getting in the way…

If you were to ask somebody to picture a person who works in cybersecurity, they would likely fall back on the Hollywood stereotype of an individual hunched over their laptop in a dark room – and nine times out of 10, that person would probably be a man.

Cybersecurity’s portrayal in the media has played a large role in the poor representation of women working in the space, but this depiction is sadly not too far away from the truth.

Women make up just 36% of cybersecurity workers in the UK. There are several factors to blame for this, but what it ultimately boils down to is accessibility.

Obstacles in my career

Growing up I thought I wanted to be a solicitor, but after spending some time working at a local firm, I soon realised it was not the career path for me. Instead, I pursued my keen interest in IT – largely inspired by police and crime dramas I watched as a child – and enrolled in Forensic Computing at De Montfort University in Leicester.

This decision instantly raised eyebrows at school. I was told by my headteacher it was not what was expected of me and asked whether I was sure of my choice. Instead of encouragement, I was met by judgement and a clear lack of support.

This soon became a pattern in my career. In my first job out of university, I was immediately faced with biases and was repeatedly told I was not a good fit for the role, just because I was a woman.

Imposter syndrome is almost inevitable when being subjected to such scrutiny, especially when you look around the office and realise you are one of few women in the room.

This imbalance starts in the recruitment process. In workplaces with a male dominated workforce,  hiring managers are naturally more likely to be inclined to consider men over women, even if they have the same skills set.

The world is growing more inclusive, but the tech industry, and the cyber space in particular, is still lagging behind. That is not to say I have not had any support at all, though. Over the course of my career I have been fortunate enough to work with some really fantastic individuals, some of whom I still lean on today

When I joined MHR at the beginning of 2022 I instantly felt at home. The work culture is extremely inclusive and it is empowering to be recognised as the Information Security Manager I am, and not being overlooked as I have been in the past because of my gender.

Diversity improves collaboration

The traditional approach to cybersecurity has been extremely linear, but as technology evolved and the arena grew more complex, the scope has broadened. In the past, a single way of thinking may have sufficed, but today there is a real need for varying ideas, perspectives, and collaboration.

As human beings, the way we approach a challenge depends solely on past experiences, our background, and our upbringing. Therefore, teams that are made up of very similar people will inevitably produce very similar ideas. When the diversity pool is widened, new perspectives are introduced and it gives way to a much wider range of ideas.

Businesses that embrace diversity and encourage more women – and other marginalised groups – to join their ranks will benefit from stronger work output as a result.

The time for change is now

The cybersecurity space is expanding rapidly and after the pandemic forced so many business processes online, security teams must grow to keep up with demand.

There is absolutely no shortage of jobs for individuals looking to get into cybersecurity at the moment. The shift to online has made business owners pay more attention to their digital landscape, and in many cases companies will rely on their IT department to run smoothly.

Now is the perfect time for the tides to change, and to introduce more female talent to the cybersecurity space. Jobs are there to be filled, so work must be done to encourage young girls and support their decision should they choose tech is the career path they want to go down.

A good place to start would be improving the representation of female cybersecurity workers in the media. Having somebody to look up to, and somebody that you can see qualities of yourself in, is crucial when it comes to creating the belief that you can do something – and it will hopefully play a role in inspiring the next generation of women in tech.

Read all about MHR’s cybersecurity support here: https://bit.ly/3e69ERQ

About the author

Emma Doyley, Information Security Manager at MHR

Diverse workforces create the best defence: Why cybersecurity needs more women

Article by Nicky Whiting, Director of Consultancy at Defense.com

Women are woefully underrepresented across the entire technology sector, and while efforts are being made to increase female representation within the sector, a significant disparity still exists. 

Cybersecurity sits somewhere in the middle of the various sectors regarding representation, currently 10% higher than the industry average. However, there is a distinct underutilisation of female talent within cybersecurity: women across the globe hold more qualifications than their male counterparts. It is essential to mention that statistics such as these indicate that women often feel like they need to be more qualified than men to be considered for the same role within the cyber sector. As a result, there is currently an enormity of untapped potential leaking out of the industry. This leak needs fixing. As an industry, we are missing out on future leaders, fresh talent essential for innovation, and a collection of diverse mindsets, all of which are crucial to tackling the evolving threat landscape.

The business case for diversity in cybersecurity

By championing diversity and inclusion, businesses can play an important role in addressing long-term societal issues. In the workplace, this action helps to create an environment where innovation, originality and empathy thrive. Working environments where these factors are pervasive often produce cutting-edge products and solutions, precisely what is needed to secure systems against today’s cyber threats.

The lack of diversity in cybersecurity has resulted in teams comprising employees whose experiences, opinions, and ideas are incredibly similar. We need to see more effort being made to embrace better diversity management and a more holistic, inclusive approach to work.

For cybersecurity, as in other industries, the business case for diversity is overwhelming. Organisations that promote diversity and inclusion regularly outperform their rivals and see higher profitability than their less diverse counterparts. Boston Consulting Group found companies with more diverse management teams have 19% higher revenues than their less diverse counterparts. Diversity also has important benefits in boosting employee retention.

If we are to realise these benefits, investing in STEM education needs to be a priority for our industry.

The obstacles facing women in STEM

The gender disparity in the technology sector derives in part from a lack of female representation in STEM (Science, Technology, Engineering, Mathematics) education. A correction needs to occur if we are to see gender divisions within technology begin to shrink. This underrepresentation in STEM is spurred by many obstacles that hold talented women back.

A major obstacle is the lack of role models currently within cybersecurity. Young minds are easily moulded by various forms of media, and at present, there is a blatant lack of female cybersecurity role models for young women to look up to and emulate. Concerted efforts need to be made amongst organisations to ensure that the stories of women in cybersecurity are heard. The amplification of these stories will begin to rectify the STEM issue at hand while attracting females from other sectors who have had somewhat of an interest in this exciting field.

We also need to see more time invested by cybersecurity companies in showcasing to women what a STEM career has to offer them while also enlightening advisors, educators, and parents. Whether it is backing skills workshops in schools, careers presentations to students, or even targeted apprenticeship programmes – cybersecurity companies can and must do more to encourage more women to consider it as a career path. Furthermore, this work must happen as early as possible in young women’s lives, as it becomes increasingly difficult to move into STEM when someone chooses, for example, humanities-based exams at GCSE or A-Level.

It is also important to note that while STEM pathways provide the easiest route to obtaining a career in cybersecurity, it isn’t always necessary. Compliance – a vital part of modern cybersecurity – does not require a background in STEM. 

Creating a cybersecurity environment where women excel

Having worked in various info-sec companies across the UK, I am proud that at Bulletproof, we are committed to creating a workplace that celebrates diversity and encourages a truly inclusive approach to work.

The blueprint for achieving an environment like this is simple. Women must be highlighted within the business and encouraged to step into the spotlight. Employees must be afforded the flexibility needed to deal with the varying circumstances within their lives. Organisations need to ensure that inclusive language is used in all recruitment stages. Recruitment practices should also be re-evaluated to ensure that female candidates understand that they can apply for a role without ticking every box in terms of skills, as men will often apply for positions without doing so. Equal pay and opportunities must be afforded to every individual. Finally, ensuring that a culture of belonging and community is championed throughout the organisation is paramount. Any form of toxicity within an organisation, such as misogynistic comments, must be met with a zero-tolerance approach. This sends a strong message from the top, builds values and creates an environment where women feel comfortable and safe.

Ensuring that this environment is created will only benefit an organisation. The more diverse a cybersecurity workforce is, the more equipped it will be to deal with the myriad of threats facing the current cyber landscape.

teenager on a computer, gaming, cyber security

Women in cybersecurity paid 21% less than men

teenager on a computer, gaming, cyber security, cybersecurity, women in cybersecurity

Women in cybersecurity are paid 21 per cent less than men, according to new research.

Despite more women working in cybersecurity, the research, Cybersecurity Workforce Study, conducted by (ISC)², found that women are paid, on average, 21 per cent less than their male counterparts globally.

The average salary for female cybersecurity employees in North America is just under $80,000, versus an average of around $96,500 for men. In Europe, the average salary for women is about $40,500 compared to $67,000 for men.

More women than men (22 per cent vs. 13 per cent) cited discrimination as a challenge they’ve experienced during their career. However, in other areas, such as “unclear career path opportunities,” “lack of available cybersecurity positions” and “cost of cybersecurity certifications,” men and women respondents were never more than five percentage points apart.

The study did find some positives for women in cybersecurity. The research found that higher percentages of women in cybersecurity already planned to work in the field even before starting in the profession – and that interest in pursuing cybersecurity education is substantially higher among women under the age of 45. 68 per cent of women in cybersecurity polled by (ISC)2 also said they plan to stay in the field for the remainder of their careers.

The study also reveals that a majority of women cybersecurity professionals are successfully progressing in their careers. Nearly one-third said they are “exactly where I was expecting to be with my career,” compared to 20 per cent of men. 33 per cent of women say they are “very close” and 22 per cent “moderately close” to where they expected to be.

The (ISC)² Cybersecurity Workforce Study is conducted annually to assess the cybersecurity workforce gap, better understand the barriers facing the cybersecurity profession and uncover strategies that organisations can use to recruit, build and strengthen their cybersecurity teams.

Speaking about the research, Agata Nowakowska, AVP EMEA at Skillsoft said, “Whilst progress is under way for pay equality for women, it’s by no way complete."

"The scrutiny faced by organisations such as the BBC for having such a huge discrepancy in gender and BAME pay scales, has brought a welcome light to this issue."

"In fact, 2020 has already seen headlines on how the BBC presenter Samira Ahmed successfully won a case against the BBC over unequal pay."

"We need to see more of this."

"What can we do to speed up change?"

"Organisations need to stand up and address this issue head on."

"Women should not have to question if they are being paid the same amount as a male colleague with the same role and responsibilities."

"If companies really care about equal pay – they should know that offering equal pay is a benefit to everyone."

"We also need to teach about gender equality within schools."

"Both boys and girls need to learn to regard themselves as equal and they are both capable of taking up any role, whether that’s in STEM or leadership."

"Educating children at a young age is the only way to remove unconscious bias that affects us later on in our professional working life.”

WeAreTechWomen covers the latest female centric news stories from around the world, focusing on women in technology, careers and current affairs. You can find all the latest gender news here.

Don’t forget, you can also follow us via our social media channels for the latest up-to-date gender news. Click to follow us on Twitter, Facebook and YouTube.

Bringing a fresh perspective to tech

Women codingCarolyn Crandall, Chief Deception Officer at Attivo Networks

At first glance, cybersecurity can seem like a lonely profession for women, with female practitioners almost always greatly outnumbered by their male colleagues.

Research from IBM found that women make up just 11 percent of the security industry; even fewer (as little as one percent) are in a leadership role. Yet, cybersecurity is also an exciting, fast-paced career that can be hugely rewarding for anyone with a passion for technology, regardless of gender.

One myth I can dispel right away is that to get into cybersecurity you first have to be some sort of coding expert. This is not always the case. In cybersecurity, there are many different and important roles to occupy, which rely on a wide range of skills. From product management, risk management, testing, problem solving, sales & marketing to budgeting and more. This industry thrives on its diversity of experience, education, and background.

Learning and experience

A good way to get started is by taking a course, applying for an internship, or an entry-level position to obtain foundational qualifications and certifications. Not only does this allow you to develop your knowledge-base and skill set, it also shows your willingness to learn new things. Even with baseline experience, it’s still important to always continue to learn and stay current on new technology and ways to address modern challenges. I recommend seeking out managers who present opportunities for long-term career progression and understand the importance of providing continuous learning for their employees. For example, with my recent college graduate hires, I have created a learning environment that encourages them to ask questions and try out new things. I also urge them to sign up for training classes and engage with the many training resources that are made available online.

Something else that helps within this space is to stay on top of the latest trends, technologies, and news. Educate yourself about what is going on in the cybersecurity community, so as you continue to develop in your career and in your day-to-day skills on the job, you also maintain a high level understanding of the market and allow it to inform your professional decision-making .Personally, I strive to read any significant security stories in the news. An awareness of what’s going on is essential if you want to stay relevant and ahead of the competition.

Another piece of advice is to try new and different workplaces to experience what it’s like to work for both large and small organizations. A larger company will have well-defined roles that you can learn within and the budget and infrastructure to expose you to a wide range of interesting projects and life lessons. Working for a small business, by contrast, will have less definition to how a role needs to be done, teaches you to take on more responsibility and to make tighter budgets stretch as far as they can go.

Getting the job

In my experience, women are every bit as suited to cybersecurity as men. However, over the years, I’ve also noticed a distinct difference in their approach, especially when it comes to landing a job or career advancement. Men tend to be good at exuding confidence about a role even if they are not entirely qualified. By comparison, women can tend to be more conservative and prefer to successfully master every detail before committing to take on a new responsibility. I would strongly encourage women not to let the lack of a “checked box” hold you back. Hardly is there ever a perfect candidate that can do it all. It’s much more important to present yourself as someone who is very capable and is willing to learn what they don’t know. I will often bet on the “athlete” with a hunger for success over someone who has simply done the job before.

In this industry, you may find yourself going head to head against exceptional individuals with exhaustive security experience or military backgrounds. And, admittedly, it can be very intimidating to compete with or to participate in projects with these seasoned professionals. I encourage you to take a deep breath and believe in your abilities. If you know your stuff, walk the walk, talk the talk, and do it with the swagger that you have earned. Although you may encounter some jerks, you will find most people to be welcoming to women in the field and will appreciate what you bring to the table, both today, as you learn more, and as you grow stronger in your capabilities.

Regardless of where you are in your career, take the time to build a reputation for yourself, internally and externally, as an expert and a recognized authority in your field. This means demonstrating knowledge and experience to your colleagues and sharing insights with industry peers. Blogging, contributing to articles, and commenting on posts can all be excellent ways for establishing a name for yourself. Speaking at conferences can also be a great way to share your insights and for networking purposes.

Encouraging more women into tech

Women entering into cybersecurity with their fresh perspectives have so many things they can offer the industry. A different point of view or approach can be extremely beneficial when it comes to driving innovation, reducing risk, and delivering on a new product or service.

Both men and women need to make sure that women joining cybersecurity don’t end up feeling isolated, unsupported, or alone. We collectively need to create strong support networks and help each other out more. This can be as simple as socializing so that you get to know your female colleagues, mentoring other women, or even joining online groups of like-minded people to learn how they cope with similar circumstances to your own.

The tech industry has a lot to offer women, and women have a lot to offer the tech industry.  By being welcoming and supportive, we can attract incredible talent and be a better workforce to show for it. That’s why I would not hesitate to encourage any women thinking about a career in cybersecurity to go for it.

Carolyn Crandall About the author

Carolyn is a technology executive with over 25 years of experience in building emerging technology markets in security, networking, and storage industries. She has a demonstrated track record of successfully taking companies from pre-IPO through to multi-billion-dollar sales and has held leadership positions at Cisco, Juniper Networks, Nimble Storage, Riverbed, and Seagate. Carolyn is recognized as a global thought leader on technology trends and for building strategies that connect technology with customers to solve difficult information technology challenges. Her current focus is on breach risk mitigation by teaching organizations how to shift from a prevention-based security infrastructure to one of an active security defense based on the adoption of deception-based cyberwarfare.

NTT Security launches Women in Cybersecurity Awards in Europe

Women in Cybersecurity Awards

NTT Security, the specialised security company and centre of excellence in security for NTT Group, has launched its inaugural Women in Cybersecurity Awards as part of an initiative to recognise and inspire talented female professionals and newcomers in the cybersecurity industry.

The new awards, developed in partnership with Global Digital Women (GDW), will recognise the voices of women in cybersecurity across Europe and change perceptions of them as well as inspire young women to consider a career in the sector. With women representing 26 per cent of NTT Security workforce in Europe, the project also forms part of NTT Security’s long-term drive to improve upon the gender gap.

Applicants can apply themselves or nominate female experts in the cybersecurity industry. There are two categories: ‘Newcomer’, which celebrates women who have been working in the cybersecurity sector for under 5 years or who have recently completed a cybersecurity-based degree and ‘Professional’ for women who have been managing a cybersecurity team or been involved with the industry for five or more years.

The awards are open for entries from now until 16th August in the DACH region: Germany, Austria and Switzerland, and until 13th September in Northern Europe: UK, Benelux and Nordics. Finalists will be chosen by a panel of independent experts, with the winners announced at Information Security World (ISW), a series of established industry events held by NTT Security in Vienna on 17th September and London on 15th October 2019.

Speaking about the awards, Kai Grunwitz, SVP NTT Security EMEA, said, “For as long as anyone can remember, the industry has suffered from a major gender imbalance problem."

"When viewed in the context of the global cyber skills shortages, it’s clear we are reaching crisis point."

“With the new Women in Cybersecurity Awards, we have made it our mission to give talented women in our industry the visibility they deserve and thank them for the work they do every day in this field."

"We also want to encourage more women to make a name for themselves in cybersecurity."

"There are already a lot more female role models out there today, but there is still a long way to go."

"We still don’t have enough women working in the industry and recruiters are failing to deliver on diversity promises.”

The latest figures from (ISC)² last year put the global cybersecurity skills shortfall at 2.9m professionals, with women occupying just under a quarter (24 per cent) of roles. This is an improvement on the 11 per cent previously estimated. Furthermore, men still dominate the industry all the way to the top, occupying a large majority (87 per cent) of CISO roles at Fortune 500 firms.

Kai concluded, “Our industry needs to continue pushing for more women in cybersecurity and, while the gender diversity problem won’t change overnight, we hope NTT Security’s new awards will help increase the visibility of the profession among females.”

To learn more about the Women in Cybersecurity Awards, visit www.women-in-cybersecurity-awards.com/en/