A Guide for Women in Cybersecurity- According to the InfoSec Institute, there is a global shortage of approximately three million cybersecurity workers, with half a million in North America alone. And the problem is only going to become worse as demand for information security resources is predicted to skyrocket in the near future.
Meanwhile, Cybercrime Magazine estimates that cybercrime will cost $6 trillion annually by 2021, up from $3 trillion in 2015, demonstrating the industry’s urgency and speed of expansion.
The shortfall in staffing is estimated to rise to 3.5 million people by 2021.
One concerning aspect of the shortfall is that it might be significantly narrowed if one part of the population – women — were proportionately represented in the business.
According to a research study conducted by Frost and Sullivan in 2013, women made up only 11% of the global cybersecurity workforce. Despite the fact that the study’s scope was limited in terms of the employment roles and types of cybersecurity covered, everyone believes that female presence in cybersecurity is startlingly low.
Cybercrime Magazine concluded in a March 28, 2019 research study that women currently make up roughly 20% of global infosec payrolls. Of course, this is an impressive increase over six years ago, but it is still far short of the 50 percent level that would indicate parity.
The unemployment rate in cybersecurity is zero, and has been since at least 2011, therefore the gender disparity in employment cannot be explained only by industry gender prejudice in recruiting.
Women and STEM (Science, Technology, Engineering, and Mathematics)
It’s not just cybersecurity positions that are dominated by men. Even after decades of equal gender rights measures, most STEM professions still have a shortage of women in their ranks.
On the surface, it appears to be a scenario from the 1970s, although this is still the situation today. STEM-related fields, which comprise the broadly defined subjects of science, technology, engineering, and mathematics, appear to be avoided by young female students. Despite the fact that women consistently score as well as or better on math and science-related tests, the perception that STEM is better suited to men seems to linger in many parts of the country.
While the recent trend suggests that young women are increasingly disregarding prejudices in the workplace, the gap will take a long time to close at this rate. And the fact that women continue to be underpaid and undervalued for their accomplishments will make resolving the issue even more difficult.
Before significant progress in STEM can be made, a new generation of recruiting managers and C-suite executives will need to take control. However, recent anecdotal evidence suggests that the transition to equal treatment for women is well advanced.
More women than ever before are being promoted to executive cybersecurity roles, so optimism is the order of the day. Even though the need for unfilled job vacancies is driving this shift in mindset, it is a healthy trend for women.
Why are women underrepresented in cybersecurity?
It would be helpful to understand why the gender gap occurs in the first place in order to close it and bring female representation closer to 50%. It’s tempting to dismiss the issue as a matter of gender bias or discrimination, but gaining a better knowledge of the issue will aid in finding solutions.
Identifying simple gender bias as the source of the problem would lead to decades-old solutions such as training employers about the value women bring to the workplace and maybe educating males about the same from an early age. In recent years, a few study publications have been released that throw some light on the issues: In January 2018, Forbes magazine published a summary of a study that first appeared on Quora; Government Technology used some high school cybersecurity camps to learn more about what teenagers think about their career prospects in the industry; and in April 2018, NBC and The Hechinger Report released a joint report.
Evidence demonstrates that teenage girls establish ideas about their role in the world during or even before high school. Despite the media’s focus on all of the positive improvements that have given women more chances, teenage girls are still adopting beliefs that will limit their job options in the future. Some parental influences, as well as other societal beliefs, appear to still be steering girls away from technological careers.
Young women frequently perceive cybersecurity as a field in which women must be far more accomplished than men in order to be treated equally. Even some high school females have concluded that technological jobs are better suited to male. In fact, existing research indicate that this is frequently the case.
Whether it is deserved or not, cybersecurity has a reputation problem. Most sensible people would imagine that cybersecurity jobs are performed in highly heated war room-like environments by mysterious young men in hoodies, based on media portrayal.
Some of the cybersecurity industry’s own language, such as cyberattacks, gives the idea that the job is done in military war rooms. In some parts of cybersecurity, such as ethical hacking, this notion is not wholly incorrect. However, many aspects of the rapidly growing sector are carried out outside of a war room.
There’s also evidence that among women who do decide to pursue a career in cybersecurity, a startling number of them quit the industry pretty quickly. Some say it’s because of the field’s relative intensity, while others say it’s due of the boys’ club culture they have to deal with.
However, women in cybersecurity, like women in many other industries, are paid less and advance at a slower rate than males. Where these arguments are correct, the employer has failed to ensure that girls are comfortable in cybersecurity.
Today, in part because of the personnel shortage in cybersecurity, managers are increasingly hiring candidates with degrees and experience in fields other than infosec.
Many areas of STEM and general security are now covered by the labour pool. With a little training, those with skills in computer science and information technology can readily transition to cybersecurity.
However, because women are underrepresented in STEM fields, that pool is likewise male-dominated and cannot be relied upon to close the cybersecurity gender gap. If the gender gap in STEM is to be bridged fast, the recruiting pool must be expanded to include new disciplines of interest.
What can be done to Increase Women in Cybersecurity?
What is being done to lure more women to cybersecurity in light of this stark reality? What further measures or changes to procedural and behavioural flaws could be implemented? Much has previously been done, with varying degrees of success that are finally beginning to shift the needle. If the cybersecurity workforce shortfall is to be significantly alleviated, more can and must be done.
Some signs emerging in the last few years have already begun to show the initiatives in place are having the desired effect.
There are several things cybersecurity organisations can do to adjust internal policy to create a more female-friendly environment, starting with the workplace itself.
To begin, implement a diversity policy in the workplace that includes not only women, but people of all nationalities and backgrounds. In 2017, helpnetsecurity.com released an article titled “What leads women to cybersecurity, and what keeps them there?” that highlighted a survey conducted by Cobalt, an app security business. “A team that combines variety of all kinds – disciplines, genders, backgrounds, nationalities, etc. – ensures fresh insights, spurring innovation and creativity,” said Andrea Little Limbago, Principal Social Scientist at Endgame.
There’s also the issue of many recruiting managers and human resource departments focusing far too narrowly on the cybersecurity hiring pool.
Many companies view STEM fields as the most fruitful source of cybersecurity candidates, almost completely ignoring other career paths.
In the same poll, less than half of the women who replied said they got into cybersecurity through IT or computer science careers.
This means that cybersecurity companies that haven’t done so already need to diversify their backgrounds when hiring new staff. Women in a variety of areas have achieved success in cybersecurity, including compliance, auditing, psychology, and sales.
Retaining valuable personnel should be a top concern for every company, but with the cybersecurity shortage, it has become even more crucial. For consistent satisfaction of employees, particularly women and minorities, more inclusive work environments are a must-have.
Organizations must teach all employees what true inclusion is, and ensure that nothing less than that will be permitted.
The goal should not be simply to eliminate sexual harassment but to make women feel comfortable, respected and valued in the workplace. And of course, inclusiveness means real equality in pay scale and opportunities for advancement.
There are now various cybersecurity professional groups dedicated solely to serving the requirements of and promoting women in the industry. Three such groups are the Women’s Society of Cyberjutsu (WSC), Women in Cyber Security (WiCyS), and Executive Women’s Forum on Information Security, Risk Management, and Security (EWF). WiCyS and EWF have yearly conventions to bring together members to discuss women’s issues in cybersecurity as well as industry-wide concerns.
Women benefit from these organisations because they help them feel included and supported by other women. In general, however, such groups are only required in industries where women are not already treated equally.
In cybersecurity, what’s really needed is for other professional groups to give women equal opportunities, such as keynote speaker roles and other forms of respect. However, the trend in these companies is encouraging, so hopefully they are on the right track.
Female participation and keynote speaker nominations have increased significantly at recent meetings.
The focus shifts to higher education as you work your way back down the recruitment funnel. Cybersecurity must be introduced as a desirable career option for students in a wide range of undergraduate and graduate majors through placement and career counselling activities at schools and universities.
According to this graph, 52 percent of women have advanced degrees in cybersecurity, whereas 44 percent of males do.
Again, information security candidates aren’t limited to IT and computer science students. Promoting and facilitating access to industry training and certifications will also help students get a head start in the cybersecurity field.
Expanding course offerings and choices of majors within cybersecurity will help all students find their way into the industry, not just women. And opening the student bodies to professional organizations, particularly those serving women, will give students access to women already in the field.
It will also give industry representatives a more direct way to talk with students about the area. The University of Maine, which has worked with WiCyS to open the dialogue between professionals and students, is one school that is already doing so.
Cybersecurity should be introduced to teen girls in high school or younger as a realistic and desirable career option. Such measures should also aim to reduce the influence of societal gender biases on our children’s choices.
There are several initiatives around the country designed to open the eyes of students to see the attractiveness of cybersecurity.
Through its National Youth Cyber Education Program and CyberPatriot, the US Air Force Association has been doing this for some time. The National Youth Cyber Defense Competition is the country’s largest cyber defence competition, pitting middle and high school students in an online competition.
GenCyber is a summer cybersecurity camp for children and teachers in grades K-12 that is co-funded by the National Security Agency and the National Science Foundation.
The programme is open to everyone and is intended to educate safe internet habits as well as the basics of cybersecurity.
GirlsGoCyberStart is an online programme meant to expose high school girls to cybersecurity in a fun and participatory way. Young ladies are taught cryptography, password cracking, digital forensics, and open-source intelligence gathering to pique their interest in the profession. Over 10,000 girls have participated in the programme, which is free to kids, and the reaction has been extremely favourable.
GirlsWhoCode is largely focused on young students interested in programming as a career route, but it is also striving to alleviate the gender gap in technology industries in general. After-school groups, summer classes, and summer immersion programmes are all promoted by the organisation. It also assists programme graduates in succeeding in college and networking with other women working in technological professions.
The Girl Scouts of America has introduced a cybersecurity merit badge to encourage young girls to learn about cybersecurity and excel at it. In 2019, the Girl Scouts Research Institute released “Decoding the Digital Girl: Defining and Supporting Girls’ Digital Leadership,” a report. “How females are leveraging their digital experiences to enhance their lives, their communities, and the world,” it says.
Scholarships and Other Assistance Available to Women
Financial and non-financial assistance initiatives for women who want to work in cybersecurity or other STEM fields are on the rise.
These options are for college and professional training and certification. InfoSec, Inc. and CompTIA have teamed up to provide significant financial help to women interested in cybersecurity jobs through scholarship scholarships that include free enrollment in cybersecurity boot camps. The Information Assurance Scholarship Program, which is open to both men and women, is a scholarship-for-service opportunity offered by the United States Navy.
The Center for Cyber Safety and Education, in collaboration with (ISC)2, offers a $40,000 scholarship to women pursuing a bachelor’s or master’s degree in cybersecurity. SWSIS, a collaboration between Applied Computer Security Associates (ACSA) and CRA-WP, is a scholarship programme for women pursuing a bachelor’s or master’s degree in a cybersecurity area.
Raytheon also offers a $8,000 grant to female cybersecurity students. The Scopes Educational Scholarship Program is sponsored by the National Security Agency (NSA) for high school seniors who have exhibited competence in essential areas of computer science and electrical engineering and plan to specialise in one of them, including cybersecurity. In addition to summer employment, the CIA offers many internships that provide tuition help to qualified candidates. The emphasis is on intelligence-related sectors, such as cybersecurity.
Women as Role Models in Cybersecurity
There are many successful women in cybersecurity today who may serve as good role models and even mentors to women who want to get into and excel in the profession.
These role models have experienced what it’s like to overcome obstacles to success, and they should be held up as examples to young women to show that it’s possible. Successful women can be found at industry gatherings where women are given the opportunity to speak as keynote speakers, or in online video interviews with female cybersecurity leaders. As role models, WiCyS provides a few female information security professionals.
Here are a few video interviews available online featuring successful women engaged in cybersecurity professions. Mary-jo de Leeuw, March 2019; Inbal Pearson, 2019; Ashley Podhradsky, December 2018.
The Future of Women in Cybersecurity
STEM fields in general, and cybersecurity in particular, have long been plagued by a severe lack of female participation. However, the tremendous increase in cybersecurity needs, as well as a general shortage of accessible expertise, has brought the absence of women in the area to the forefront.
Working to draw more women into infosec, there are many initiatives now being promoted by government agencies, industry participants, high school and middle school educators, and colleges.
Companies in the cybersecurity industry are putting more attention on both discovering new ways to recruit women and changing their internal settings and processes to keep women in the profession for longer than in the past. There are no easy remedies for raising women’s participation in cybersecurity from the current 20% to the objective of parity, given the industry’s overall shortage of expertise.
