It’s no secret that women are underrepresented in cybersecurity. There are plenty of statistics that confirm the gender gap in cybersecurity, including a 2024 survey that showed women make up less than a quarter (24%) of the cybersecurity workforce and only 1% of women hold top executive positions.
To change the industry and remove barriers for women in cybersecurity, companies need to be proactive in adding more women to their cybersecurity ranks. Higher representation helps dispel the stereotype that tech jobs are just for men and encourages more women to join the cybersecurity community. cybersecurity expertsIt’s also an advantage when a company’s workforce is representative of the general population, especially in the security industry. To achieve this, companies need to start by getting better at recruiting female cybersecurity professionals.
Although women represent about 24% of the cybersecurity workforce, there are some encouraging numbers in the latest data. The (ISC)² 2023 Global Cybersecurity Workforce Report revealed that 26% of employees are in the under 30s category are women. With more women in cyber moving from early career to mid-career, there will be more women available to offer mentoring and networking opportunities to younger women looking to get their start and move up in the field.
The (ISC)² study also showed that while women in cybersecurity are less represented, however, DEI initiatives are making a difference in the amount of women in cybersecurity. For example, companies that have job descriptions that refer to DEI programs/goals result in 26.6% of the workforce being women. Those who don’t result in only 22.3% of their cybersecurity workforce being women.
The ISC2 report also stated that -‘Organizations that adopt initiatives, such as skills-based hiring and using job descriptions that refer to DEI programs/goals, can create a more diverse cybersecurity workforce. Those with skills-based hiring have an average of 25.5% women in their
workforce compared with 22.2% of those who have not adopted this initiative.’
Too often, employees will talk about the importance of diversity at company-wide meetings and forget about what it all means by the time they get back to their desks. Unless diversity is a core part of a company’s human resources and hiring strategy, it will be difficult to move the needle toward a more representative workforce.
Priscilla Moriuchi, Director of Strategic Threat Development at Recorded Future, told Forbes that diversity is not simply about doing the right thing.
"Diversity in perspectives, leadership, and experience is good for business,” she said, noting this is especially true in cybersecurity. "We need people with disparate backgrounds because the people we are pursuing (threat actors, hackers, 'bad guys') also have a wide variety of backgrounds and experiences. The wider variety of people and experience we have defending our networks, the better our chances of success."
Deidre Diamond, Founder and CEO of CyberSN mentions, “Society is waking up and realizing cyber attackers are diverse – all races, genders, religious backgrounds, and more, and from all over the world. “Cyber professionals need to know how their adversaries think, work, and perceive to work against them. How do you know if you don’t have those around you on your team to help you see those blind spots and look at things differently?”
There are a number of things people look for when pursuing a new job, regardless of gender, including better pay, more flexibility in hours, and a shorter commute. However, there are some things women candidates will be looking for to address their concerns about the gender gap in cybersecurity..
Demonstrate a real commitment to diversity: What efforts has your company made to create a more diverse cybersecurity workplace? Are those efforts visible to applicants? Women will be looking for signs that all genders, races, and nationalities are welcome at your company, so include images that reflect diversity on the company website and social media. Also, encourage the women at your company to participate in professional organizations like Secure Diversity and WiCys, which foster networking opportunities and provide connections, making it easier to recruit female cybersecurity experts.
Career development: Women want to work at a company where they have access to opportunities to learn skills that will advance their cybersecurity careers. These opportunities should be encouraged and not treated like a hassle or something that’s taking away from her day-to-day work. Enacting a mentoring program is another great way to foster talent, not just for women but all minorities underrepresented in cybersecurity.
Job security and satisfaction: Since there is a workforce shortage in the cybersecurity, many women enter the field for the job security it promises, but job security doesn’t mean much if the work environment is poor. Women want to work at a company where they are treated as a valuable member of the team. With so many cybersecurity jobs available today, your company risks losing female cyber candidates to other companies if your company has a reputation for allowing hostile work attitudes to persist.
Great (and equal) pay: Another reason women get into cybersecurity is because of the high salary they can earn. Average salaries between $100,000 and $200,000 a year are the norm. However, some companies fall into the trap of paying women less than what equal male counterparts make because of a variety of reasons that may go unnoticed by well-intentioned managers. Human Resources is essential in ensuring pay is equitable and suggesting remedies when it is not, especially when making initial offers to candidates.
Looking beyond job titles: The roles and responsibilities assigned to different jobs titles are all over the map in cybersecurity. We’ve identified 45 functional roles and 10 categories in cybersecurity. This can lead to Human Resources departments dismissing talented candidates just because the title doesn’t fit. Before eliminating women candidates, take a hard look at her skills and experiences, not just the job titles she’s held.
Despite the challenges some women face in the cybersecurity industry, men and women share a lot of the same concerns about their jobs. This can range from lack of support from upper management to lack of work/life balance. Many companies have begun to address these concerns, improving the overall work environment for the entire cyber team, which can only help in recruiting more women.
Being proactive about diversity in cybersecurity is essential in evolving the industry. It can be as simple as tapping the female employees for references or looking beyond the job title and at the skill set. The talent is out there. It’s just about knowing where and how to look for it.
For support in diversity hiring, get in touch.
We at CyberSN pride ourselves on our success in creating equitable and diverse work environments both internally and with our clients. Diversity is a result of inclusive cultures and we are super thankful for the leadership from our Founder and CEO Deidre Diamond, a woman who has been a wonderful ally to all genders and created amazing work cultures that women can thrive in. Deidre had the opportunity to share a keynote at the Ally of the Year awards during RSA 2022, she decided to write a poem called “Why Do I Need an Ally?” Due to many requests, we are formally sharing it with all of you.
Thank you for all you do to create inclusive behaviors at CyberSN and Secure Diversity.org!
I am a woman from a privileged life
Why do I need an ally?
1 in 4 girls are molested as a child
Why do I need an ally?
1 in 6 women are victims of rape
Why do I need an ally?
Money buys health and safety and yet only 11% of billionaires are women
Why do I need an ally?
Women are said to be equal and yet there are laws that govern their bodies
Why do I need an ally?
Women are said to have equal employment opportunities and yet men dominate the power seats
Why do I need an ally?
Women are said to be safe at work and yet 28% of women working in male dominated professions reported sexual harassment
Why do I need an ally?
I am a woman
And I now know I need allies.
I was molested for years as a child and a teenager
I needed allies to heal.
I dreaded school because I was fat, my body’s natural way of protecting me
I needed allies to see me through school so I had a chance at health and safety.
I was 9 when my sister committed suicide due to her years of sexual abuse
I needed allies to convince me life can be good.
I was told I can’t be an attorney because I must get married and have children
I needed allies to encourage me to provide for myself and graduate college.
I see my sisters having less opportunity than I, especially those sisters of color
I need allies to lift up my broken heart.
I live in a society with laws that harm myself and my sisters
I need allies to fight against injustice.
I am a woman
I have created a socioeconomic power that grants me safety.
I am a woman
Two entrepreneurial men hired me out of college and provided me with an opportunity in tech and cybersecurity for 21 years.
I am a woman
LUCKY to be of the 15% who are truly given equal opportunity and support at work.
I am a woman
Who represents 2.3% of women who are the sole founders of a tech company.
I am a woman
Who represents the less than 1% of women who have self funded and solely founded a tech company.
I am a woman
I needed allies every step of the way.
I am a woman
I long for a day when no human needs allies.
I am a woman
I pray that the generations to come will be allies to each other regardless of gender.
Until that day, join me, join us, be an ally, stand up for equality, fight for equality and be equality
For if you don’t, my story will be just a rare LUCKY story to be told on stages like this.
This is why I need an ally.
Deidre Diamond
For more information on our diversity and inclusion values, please visit Diversity, Equity & Inclusion - CyberSN
Diversity is often discussed at leadership summits and in C-level corporate offices around the country. It’s clear that within many industries, including cybersecurity, there’s a great need to bring more women and people of color into the ranks and into leadership roles. But many efforts to improve diversity in tech have failed. Why is it that after years of diversity training and initiatives, companies are still struggling to recruit and retain diverse talent?
Deidre Diamond, Founder and CEO of CyberSN and the founder of Secure Diversity, has spoken about the challenge of building diverse teams in webinars and at numerous conferences. When people ask her why diversity is still such a challenge, she points out, to get to diversity, you have to start with inclusion.
Inclusion—in the purest sense—is including others or being included within a group or structure. It’s about ensuring that all people, regardless of gender, race, religion, or other similar factors, are respected and appreciated as valuable parts of the organization.
Because if you don't have an inclusive culture, then diverse people won't stay. One study found that 50% of multicultural women were considering leaving their corporate job. The survey also revealed that culture was at the core of the problem. It found that 79% percent of multicultural women cite “male-dominated” culture as an obstacle and 74% believe they are considered “not fitting the profile of a leader.”
In the video below, “Hiring and Retaining Gender Diverse Teams: A How-To Conversation,” Diamond discussed the inclusion concept with Michael Joseph, Co-Founder and CEO of Technium.
He says he came to Diamond to continue to move his company toward diversity. In a customer focused business like his, a lack of gender diversity can hold the company back, Joseph said. They were recruiting women, but were not retaining them. He realized the changes he needed to make at his company had much more to do with overall culture than a specific diversity program.
“The only thing I did do right is I decided culture was important,” said Joseph. “We made a decision a couple of years ago to fix our culture to be a happy, good place to be so now I want to make it more inclusive.”
He continued, “The focus has to be as much on the internal as the external. You can’t spend all your time trying to make customers happy and not making your people happy. Otherwise, you’re not going to have happy customers.”Watch now >>> “Hiring and Retaining Gender Diverse Teams: A How-To Conversation,” Michael Joseph, Co-Founder and CEO of Technium
How does a company shift its culture to be more inclusive? What steps do managers need to take to show that every employee has respect and is valued? Developing leadership skills should include developing emotional intelligence skills.
An often overlooked aspect of management, recruiting, workforce retention, and ultimately inclusion is emotional intelligence, or EQ. Having empathy for others, understanding non-verbal cues, and being able to manage a team that makes everyone feel valued are important EQ skills and are essential aspects to creating a more inclusive environment.
After years of working in business, tech and cybersecurity, Diamond has learned that everyone wants the same seven things out of work. According to Diamond, understanding what people are looking for in their jobs and seeking to provide them, companies can build stronger relationships with employees. When all employees feel valued, that there is equal opportunity for advancement, and they are treated fairly and with respect, it will become easier to build and retain diverse teams.
Here are the ways to retain people and have cultures with inclusion behaviors
How do you make a cultural shift and create a workplace culture that achieves these things and in turn, becomes more inclusive?
Researchers and strategists Lori Nishiura Mackenzie and JoAnne Wehner from Stanford VMWare Women’s Leadership Innovation Lab, suggest getting managers and other leaders involved in diversity training, inclusion strategies, and culture decisions from the start. It helps create buy-in and makes for a smoother implementation. Management is also more likely to stick to a program that includes their ideas.
To make sure the program is truly inclusive, it helps to work with someone outside the organization to facilitate.
A report by Cybersecurity Ventures estimates women made up 20% of the cybersecurity workforce in 2019. One way to increase the number of women entering and staying in the field is to show women in high-profile roles. If only white men are seen representing cybersecurity at your company, then women and people of color will have a harder time envisioning a future with you.
Offer women and people of color more opportunities to represent the company at conferences, leadership training, and other events, both internal and external. This will help them feel more invested in the company, they will be seen as leaders by peers, and allowing them to show off their skills will help battle negative stereotypes and the perception of tokenism.
Fostering an inclusive environment can be a lot of fun: team building, having lunch together, and outings let people get to know each other and build trust. But don’t let culture get out of hand. Certain behaviors considered “all in good fun” by some could be viewed as toxic by others.
In her conversation with Joseph, Diamond said there are certain workplace behaviors that she feels are not discussed as much as they should be in workplaces today. These are basic behaviors, but for managers to truly build inclusive cultures, Diamond said they must follow these rules of behavior:
Inclusion and diversity are often tossed around as being one and the same, but understanding inclusion must come first is essential to achieving diversity and making it last. An inclusive workplace where EQ and empathy are priorities is one of the best ways to create and maintain a healthy and diverse workplace.
It’s no secret that tech has struggled to diversify its workforce. Equal representation of minorities and women in tech still has a long way to go. But as companies also struggle to fill cybersecurity jobs, there can sometimes be a disconnect between needing to fill a position today and working harder to make cyber teams more diverse in the future. To properly address the problem, first we need to understand what’s causing the problem.
In 2014, some of the biggest tech companies in the world came together to look at the representation of women and minorities among their ranks through a joint diversity study. The idea was that by understanding the demographics of the company, it would be able to better move toward a more diverse workplace.
Unfortunately, the 2020 study showed little has changed in the past decade, despite efforts to increase diversity. While women are now 23% of Facebook’s technical workforce, African-American employees are woefully underrepresented (3.8% of the workforce) as well as at Twitter (2% of the workforce). At Apple, 53% of new hires are from historically underrepresented groups in tech, however the lack of diversity in leadership roles indicates people within these groups are not sticking around or being promoted.
The need for more women in tech and an overall increase in diversity throughout the tech world is well documented and even more pressing when it comes to cybersecurity. In 2020, it should go without saying that diversity is good for business, leading to better products and services that are designed for a wide range of people. With the demographics of the U.S. becoming more diverse each year, smart businesses should be making diversity hiring a priority if they are to compete in the future, yet as we see with these tech giants, it takes more than simply acknowledging the problem.
To create a diverse workforce, your company must hire and retain a diverse staff. Encourage an environment where team members are supportive. Competition should be healthy, not cut-throat. Nicknames and teasing, even if done “in good fun” can leave employees feeling like they’re on the outside.
Companies are wise to take a hard look at company culture and ensure it is not discriminatory, especially if areas of your workforce are male-dominated. A 2017 poll by the Pew Research Center found that 50% of women said they had experienced gender discrimination at work. The numbers were even higher for women working in tech at 74%, or in a male-dominated workplaces at 78%.
Bottom line? There’s a need to ensure workplaces are safe environments for all employees and that companies foster a culture of support and inclusion, free of snarky comments and cliques. Letting a negative workplace environment fester can not only lead to attrition, but as word gets out in tight-knit circles like cybersecurity, it can hamper recruiting too.
Every hiring manager and HR recruiter is looking for that impressive resume with a specific degree from a top school and all the right job titles, but in a tight cybersecurity job market, those can be hard to come by. Instead of relying on HR software to curate resumes, look more closely for people who may not be an exact fit at first glance but have all the right skills.
While most hiring managers may be reluctant to admit it, unconscious bias can influence hiring decisions, especially when looking for people who will fit in with the team. This can often lead to hiring people like themselves, in appearance, background and world-view. One way companies are overcoming this, according to TechRepublic, is to use diverse analytics software to hide personal information, such as name, age, gender, and ethnicity, allowing recruiters to focus on more relevant factors like job skills and experience.
This kind of tech is the idea behind the CyberSN platform KnowMore, which also puts the focus on skills and experience, creating anonymous profiles companies can review without the professional worrying about bias.
Because there’s a shortage of cybersecurity professionals in the workforce today, it’s a great opportunity for people who have left work for a while to re-enter the workforce. It remains an amazing untapped talent pool.
COVID-19 is forcing many people, especially women who are often the caregivers, to opt out of the workforce. It can be difficult for women to come back to work after such breaks, leaving talented people willing to work sidelined. Why risk losing a qualified professional just because of a career gap? In the interview, ask about the break—motivated people will often tell you about volunteer work, training, or professional development they did during that time, ensuring they stayed engaged and kept skills fresh.
The financial research firm Morningstar formed a women’s initiative group that aims to make Morningstar a leading supporter of women in financial services, and created a diversity council to provide a platform for discussions on diversity to foster change. Tech company Vail Systems created a policy requiring at least one woman participate in the interview process for each role. The company also makes sure to have women representing Vail at all of its recruiting events.
These examples reveal that hiring for diversity takes more than simply a desire to do so. Taking action within the company indicating diversity is a priority is a good first step. Giving your hiring process a fresh look and how it may be leaving people out is another.
As a woman-owned company, CyberSN is committed to improving diversity throughout the cybersecurity industry and helping others do so too. Our results speak for themselves. At CyberSN, 52% of our placements are diversity hires. We know it’s possible to find great talent among all races and genders. If you’d like to learn what your company can do to improve workplace diversity, get in touch.
Female students' achievement in mathematics and science is on par with their male peers and female students participate in high level mathematics and science courses at similar rates as their male peers, with the exception of computer science and engineering.
Co-Authored by Lisa Kendall, CyberSN and Katie Perry, Technium
By now, it’s widely known that cybersecurity is a male-dominated field with the most generous estimates saying that we might have 24% women in our workforce. After half a decade of intensive effort to increase the level of equality among the genders in the security profession, we are still falling woefully short. A survey of 1000 girls aged 13-17 from April 2020 revealed that Interest in tech and STEM careers is actively falling among girls, with just 9 percent interested in careers in STEM (down from 11% two years ago). In 2018, only 18% of computer science grads were women. It’s clear that more drastic measures are needed to balance the scales. Meanwhile, over the last 10 years, the gender balance of the veterinary industry literally flipped upside-down, going from 80% men - to 80% women! Let’s explore the factors that contributed to that happening, and see if there are any lessons to help improve the gender balance in cybersecurity.
With the passage of Title IX in 1972, college admission restrictions based on gender were eliminated at universities and colleges. Soon after, the rate of women entering the veterinary field began to increase. After that, the balance of men vs. women began to “feminize” resulting in the rates of inclusion swapping places! Men’s desire to pursue careers that offered more autonomy, an increase in female role models, and the portrayal of veterinarians as carers in social and pop culture are all speculated to be reasons why less men and more women began entering the field. Also, scientific developments in sedatives for large animals have made this career field more realistic for women veterinarians as demand is high for those who can service livestock and large farm animals. The increase in female role models in the veterinary field is another contributing factor. The portrayal of women in TV and movies, for example "The Big Bang Theory", a leading CBS sitcom, featured a love interest character who was a female veterinarian. This is a great example of how representation matters. When young women see it, they know they can become it.
Another social issue plaguing our cyber workforce is the topic of work/life balance. The veterinary field, like the cybersecurity field, is a 24x7 job. Patient care, like user services or outage alarms, don’t often conveniently happen during business hours. By creating options like part-time work and split shifts, the veterinary field was able to give more dynamic work options to their practitioners. This type of employment model, where the employee has more control over their schedule and number of hours, could also help to subvert another major issue in cybersecurity: burn out! When 91% of CISOs report feeling constant burnout, you know there is a deep-rooted issue with work/life balance that needs to be addressed. This contributes greatly to the cybersecurity talent shortage because who would volunteer for a job that is all but guaranteed to run them ragged in a few years? It’s not good for the people in our community, and it’s not good PR for the recruiting efforts that we need to enact as a profession.
This past weekend Susan Fowler, a former engineer at Uber, published her blog describing repeated gender discrimination by her department’s leadership and Uber’s HR department. Susan’s blog can be found here. As she put it, her “situation was escalated as far up the chain as it could be escalated, and still nothing was done”. This is unacceptable.
As a champion of healthy, gender-balanced workplace cultures, I feel compelled to comment on this story as it develops. When will this stop? How could female HR representatives act like this? How could this be happening at a modern tech company comprised of people from a younger generation who have seen the impacts of harassment and harsh treatment?
Our community needs to wake up. The lack of women in cybersecurity is a matter of national security. The disrespectful treatment of women in cybersecurity is causing them to leave the field. In a recent NCWIT study, it was found that 56% of women leave their jobs in tech in under 10 years, “a higher rate than both science and engineering, and about twice as high as the attrition rate for men”. The industry is short one million cybersecurity professionals—we do not have time for leaders to not lead!
In addition, Uber’s response really misses the mark (you can read it here).
I do not want to read the statistics around Uber having more female employees than Apple or other tech companies. This conversation is not about how many women are employed at Uber; this is about sexual harassment and a lack of equal treatment. And to call out having 2% more women employed than in other tech companies is no great accomplishment. I would expect Uber to respond with statements like, “we take this matter very seriously,” “we will take serious action against anyone who acts in this harassing manner,” and “we will be investing X dollars into programs that ensure all managers are trained on leadership qualities (i.e., equality-based management behaviors and recognizing behaviors towards employees that are deemed grounds for termination – including sexually harassing emails!),” among other statements. One act of sexual harassment, be it via email or in-person, puts women in a horrible place and forever creates a cloud of discrimination within an organization. It must never be tolerated.
To Uber: I have switched to Lyft. The involvement of your HR department in this behavior is appalling. Get it together, show our community you really care, and then I will be happy to return as a customer.
In closing, I would like to thank Susan Fowler for speaking up. Thank you for having the courage to tell your story! Through sharing and speaking out, we can stop this behavior. There are many amazing men and women in tech who will always stand beside you. Ladies: please speak up and know that you are not alone. This behavior must stop now — not tomorrow. I am calling out to all leaders in technology to stand before your teams and demand behaviors of integrity, respect and equality for women at work.
