It’s no secret that women are underrepresented in cybersecurity. There are plenty of statistics that confirm the lack of gender diversity, including a 2019 survey that showed women make up less than a quarter of the cybersecurity workforce. This number is up from a survey conducted in 2013 that found the cyber workforce was only 11% women.
To change the industry and remove barriers for women, companies need to be proactive in adding more women to their cybersecurity ranks. Higher representation helps dispel the stereotype that tech jobs are for men and encourage more women to enter the field. It’s also an advantage when a company’s workforce is representative of the general population, especially in the security industry. To achieve this, companies need to start by getting better at recruiting female professionals.
Although women represent about 24% of the cybersecurity workforce, there are some encouraging numbers in the latest data. The (ISC)² 2019 Women in Cybersecurity report revealed that 45% of women in cybersecurity are millennials, most of whom are in that important 30-something stage of their careers. With more women in cyber moving from early career to mid-career, there will be more women available to offer mentoring and networking opportunities to younger women looking to get their start and move up in the field.
The (ISC)² study also showed that while women are less represented, they are rising in the ranks and become key decision makers at a greater percentage than men. For example, 7% of women, versus 2% of men in cyber, are chief technology officers and 18% of women versus 14% of men are IT directors. In the report, Jennifer Minella, CISSP, vice president of engineering and security at Carolina Advanced Digital, Inc. and chairperson of the (ISC)2 Board of Directors, said it’s an encouraging sign.
“For many years this hasn’t been the case, and we need to continue to do all we can to make ours a welcoming profession for the most talented and innovative individuals, regardless of gender,” she said.
Despite this good news, pay disparity persists. The report showed 15% of women earn between $100,000 – $499,999, while 20% of men in the field earn at least that much.
Too often, employees will talk about the importance of diversity at company-wide meetings and forget about what it all means by the time they get back to their desks. Unless diversity is a core part of a company’s human resources and hiring strategy, it will be difficult to move the needle toward a more representative workforce.
Priscilla Moriuchi, director of strategic threat development at Recorded Future, told Forbes that diversity is not simply about doing the right thing.
"Diversity in perspectives, leadership, and experience is good for business,” she said, noting this is especially true in cybersecurity. "We need people with disparate backgrounds because the people we are pursuing, (threat actors, hackers, 'bad guys') also have a wide variety of backgrounds and experiences. The wider variety of people and experience we have defending our networks, the better our chances of success."
There are a number of things people look for when pursuing a new job, regardless of gender, including better pay, more flexibility in hours, and a shorter commute. However, there are some things women candidates will be looking for to address their concerns about the gender disparity in the industry.
Demonstrate a real commitment to diversity: What efforts have your company made to create a more diverse workplace? Are those efforts visible to applicants? Women will be looking for signs that all genders, races, and nationalities are welcome at your company, so include images that reflect diversity on the company website and social media. Also, encourage the women at your company to participate in professional organizations like Women in Cybersecurity and Secure Diversity, which foster networking opportunities and provide connections, making it easier to recruit women candidates.
Career development: Women want to work at a company where they have access to opportunities to learn skills that will advance their careers. These opportunities should be encouraged and not treated like a hassle or something that’s taking away from her day-to-day work. Enacting a mentoring program is another great way to foster talent, not just for women but all minorities underrepresented in cybersecurity.
Job security and satisfaction: Because there is a workforce shortage in the cybersecurity sector, many women enter the field for the job security it promises, but job security doesn’t mean much if the work environment is poor. Women want to work at a company where they are treated as a valuable member of the team. With so many cybersecurity jobs available today, your company risks losing female cyber candidates to other companies if your company has a reputation for allowing hostile work attitudes to persist.
Great (and equal) pay: Another reason women get into cybersecurity is because of the high salary they can earn. Average salaries between $100,000 and $200,000 a year are the norm. However, some companies fall into the trap of paying women less than what equal male counterparts make because of a variety of reasons that may go unnoticed by well-intentioned managers. Human Resources is essential in ensuring pay is equitable and suggesting remedies when it is not, especially when making initial offers to candidates.
Looking beyond job titles: The roles and responsibilities assigned to different jobs titles are all over the map in cybersecurity. We’ve identified 45 different job titles and dozens more subtitles in the industry. This can lead to Human Resources departments dismissing talented candidates just because the title doesn’t fit. Before eliminating women candidates, take a hard look at her skills and experiences, not just the job titles she’s held.
Despite the challenges some women face in the cybersecurity industry, men and women share a lot of the same concerns about their jobs. This can range from lack of support from upper management to lack of work/life balance. Many companies have begun to address these concerns, improving the overall work environment for the entire cyber team, which can only help in recruiting more women.
Being proactive about cybersecurity diversity is essential in the evolving cybersecurity industry. It can be as simple as tapping the female employees for references or looking beyond the job title at the skill set. The talent is out there. It’s just about knowing where and how to look for it.