It’s no secret that women are underrepresented in cybersecurity. There are plenty of statistics that confirm the gender gap in cybersecurity, including a 2024 survey that showed women make up less than a quarter (24%) of the cybersecurity workforce and only 1% of women hold top executive positions.
To change the industry and remove barriers for women in cybersecurity, companies need to be proactive in adding more women to their cybersecurity ranks. Higher representation helps dispel the stereotype that tech jobs are just for men and encourages more women to join the cybersecurity community. cybersecurity expertsIt’s also an advantage when a company’s workforce is representative of the general population, especially in the security industry. To achieve this, companies need to start by getting better at recruiting female cybersecurity professionals.
Although women represent about 24% of the cybersecurity workforce, there are some encouraging numbers in the latest data. The (ISC)² 2023 Global Cybersecurity Workforce Report revealed that 26% of employees are in the under 30s category are women. With more women in cyber moving from early career to mid-career, there will be more women available to offer mentoring and networking opportunities to younger women looking to get their start and move up in the field.
The (ISC)² study also showed that while women in cybersecurity are less represented, however, DEI initiatives are making a difference in the amount of women in cybersecurity. For example, companies that have job descriptions that refer to DEI programs/goals result in 26.6% of the workforce being women. Those who don’t result in only 22.3% of their cybersecurity workforce being women.
The ISC2 report also stated that -‘Organizations that adopt initiatives, such as skills-based hiring and using job descriptions that refer to DEI programs/goals, can create a more diverse cybersecurity workforce. Those with skills-based hiring have an average of 25.5% women in their
workforce compared with 22.2% of those who have not adopted this initiative.’
Too often, employees will talk about the importance of diversity at company-wide meetings and forget about what it all means by the time they get back to their desks. Unless diversity is a core part of a company’s human resources and hiring strategy, it will be difficult to move the needle toward a more representative workforce.
Priscilla Moriuchi, Director of Strategic Threat Development at Recorded Future, told Forbes that diversity is not simply about doing the right thing.
"Diversity in perspectives, leadership, and experience is good for business,” she said, noting this is especially true in cybersecurity. "We need people with disparate backgrounds because the people we are pursuing (threat actors, hackers, 'bad guys') also have a wide variety of backgrounds and experiences. The wider variety of people and experience we have defending our networks, the better our chances of success."
Deidre Diamond, Founder and CEO of CyberSN mentions, “Society is waking up and realizing cyber attackers are diverse – all races, genders, religious backgrounds, and more, and from all over the world. “Cyber professionals need to know how their adversaries think, work, and perceive to work against them. How do you know if you don’t have those around you on your team to help you see those blind spots and look at things differently?”
There are a number of things people look for when pursuing a new job, regardless of gender, including better pay, more flexibility in hours, and a shorter commute. However, there are some things women candidates will be looking for to address their concerns about the gender gap in cybersecurity..
Demonstrate a real commitment to diversity: What efforts has your company made to create a more diverse cybersecurity workplace? Are those efforts visible to applicants? Women will be looking for signs that all genders, races, and nationalities are welcome at your company, so include images that reflect diversity on the company website and social media. Also, encourage the women at your company to participate in professional organizations like Secure Diversity and WiCys, which foster networking opportunities and provide connections, making it easier to recruit female cybersecurity experts.
Career development: Women want to work at a company where they have access to opportunities to learn skills that will advance their cybersecurity careers. These opportunities should be encouraged and not treated like a hassle or something that’s taking away from her day-to-day work. Enacting a mentoring program is another great way to foster talent, not just for women but all minorities underrepresented in cybersecurity.
Job security and satisfaction: Since there is a workforce shortage in the cybersecurity, many women enter the field for the job security it promises, but job security doesn’t mean much if the work environment is poor. Women want to work at a company where they are treated as a valuable member of the team. With so many cybersecurity jobs available today, your company risks losing female cyber candidates to other companies if your company has a reputation for allowing hostile work attitudes to persist.
Great (and equal) pay: Another reason women get into cybersecurity is because of the high salary they can earn. Average salaries between $100,000 and $200,000 a year are the norm. However, some companies fall into the trap of paying women less than what equal male counterparts make because of a variety of reasons that may go unnoticed by well-intentioned managers. Human Resources is essential in ensuring pay is equitable and suggesting remedies when it is not, especially when making initial offers to candidates.
Looking beyond job titles: The roles and responsibilities assigned to different jobs titles are all over the map in cybersecurity. We’ve identified 45 functional roles and 10 categories in cybersecurity. This can lead to Human Resources departments dismissing talented candidates just because the title doesn’t fit. Before eliminating women candidates, take a hard look at her skills and experiences, not just the job titles she’s held.
Despite the challenges some women face in the cybersecurity industry, men and women share a lot of the same concerns about their jobs. This can range from lack of support from upper management to lack of work/life balance. Many companies have begun to address these concerns, improving the overall work environment for the entire cyber team, which can only help in recruiting more women.
Being proactive about diversity in cybersecurity is essential in evolving the industry. It can be as simple as tapping the female employees for references or looking beyond the job title and at the skill set. The talent is out there. It’s just about knowing where and how to look for it.
For support in diversity hiring, get in touch.