The skills shortage across the cybersecurity sector has been well documented, but with the computing sector generally, and cybersecurity specifically still struggling to attract female candidates, it’s vital that men in the cybersecurity sector do more to make it an attractive place for women to work.
A few years ago, estimates suggested there was a shortage of around 3 million cybersecurity professionals across the world.
Roughly three-quarters of those who apply for cybersecurity roles were deemed to be insufficiently qualified to do the job properly.
Across the computing world, this kind of shortage has prompted a concerted effort to increase the number of women operating in the sector. It’s an area of particular weakness in cybersecurity, with PwC data from 2017 revealing that just 14% of the cybersecurity workforce in the United States was female, which compares to 48% across the workforce in general.
What’s more, it’s a problem that’s even worse outside of the United States. Research published in Nature reveals that just 10% of cybersecurity professionals in the Asia-Pacific region are female, with just 7% in Europe, and a paltry 5% in the Middle East. As in other disciplines, this then filters through to an even smaller representation of women in senior management positions, with one study showing just 1% of female cybersecurity professionals occupying managerial roles.
Many of the challenges we face in attracting more women into the cybersecurity profession have deep societal roots. For instance, recent research from Carnegie Mellon highlights how the language we use can undermine efforts to attract women to STEM-related fields.
The study found that biases are formed in even the youngest children about the kind of careers men and women are 'suited' to, with women typically associated with caring and supportive roles.
“What’s not obvious is that a lot of information that is contained in language, including information about cultural stereotypes, [occurs not as] direct statements but in large-scale statistical relationships between words,” the researchers say. “Even without encountering direct statements, it is possible to learn that there is stereotype embedded in the language of women being better at some things and men at others.”
Research from Rutgers University highlights how this pervades adult life, with the study revealing how distorted things like stock image libraries are when visually portraying various professions. For instance, when images of nurses or librarians were produced, they were predominantly featuring women in those roles, whereas when images of programmers or engineers were produced, they were predominantly men.
Why this matters
Does this matter? In short, yes.
When determining the skills shortages facing the sector, technical skills make up a relatively small part of the cybersecurity pros toolkit.
Soft skills, such as the ability to work in teams, strong communication ability, and personality traits such as integrity and empathy were found to be crucial to good cybersecurity. Women also tend to offer very different viewpoints and perspectives than men, which can be crucial in assessing and addressing cyber risks.
The challenge is part of a wider issue around female representation in science, technology, engineering, and mathematics (STEM) fields, with just 30% of scientists and engineers women. This helps to forge a societal perception that cybersecurity is a predominantly male profession, despite there clearly being nothing that predisposes men to be either more interested or more capable in the role than women. This misconception can be further bolstered by an industry that is often only too happy to represent cybersecurity is solely requiring strong technical skills.
A good first step in overcoming this imbalance is to do a better job of awareness building among women.
A recent survey found that across the IT field, 69% of women didn’t pursue opportunities in the sector because they were largely unaware of them. Another survey, by security firm Tessian, revealed that just 50% of organizations felt they themselves were doing enough to attract women to cybersecurity roles.
A diverse approach
Diversity matters because female leaders often not only explore areas that men might overlook, but go about their work in a different way. In many ways, this is a consequence of their professional backgrounds, with data showing that nearly half of women in cybersecurity roles have business or social science degrees, versus just 30% of men. What’s more, women working in cybersecurity appear to place greater emphasis on training and education among their teams. This research also suggests that female cybersecurity professionals are better at working with other organizations, which as cybersecurity increasingly involves a wide range of stakeholders, is likely to be crucial to maintaining the security of complex networks.
A good example of an initiative that has helped to attract more women to cybersecurity is Shift, which is a joint project between Israel’s Defense Ministry, Startup Nation, and the Rashi Foundation. The project aims to identify girls in high school who have the desire, curiosity, and aptitude to learn IT skills, and then works with them to help develop those skills.
The girls are provided with access to a range of training programs and hackathons, while also having support and guidance from a team of female mentors, some of whom herald from the crack technology units in the Israeli military. The program provides participants with a wide range of technical training, including a number of programming languages, network analysis, and even hacking skills.
By 2018, it’s estimated that 2,000 girls had participated in the initiative.
This is a good example, but there are many others in place around the world to try and attract a more diverse pool of talent into the field. The projects underline the multidisciplinary approach that is likely to be required, including ensuring job adverts are appealing to female applicants, that attempts to target schools with high female enrollment are made, and that once in the workplace, female employees are given ample career opportunities to choose from.
Finding male allies
It’s a situation that U.S. Naval War College professors David Smith and Brad Johnson believe will require strong allies among men already in the industry to overcome it. In their latest book, Good Guys, they highlight how too often, men can turn a blind eye to problems that don’t affect them, especially if they have a zero-sum mindset that prompts them to think that any gains for women will come at the expense of men. This prevents them from developing the kind of skills required to support all under-represented groups in the workplace, including along racial and ethnic lines.
“Whether you work for, alongside, or manage women, deliberately engaging with them in the workplace is the only real solution to overcoming the systemic sexism and inequality that keep all of us from maximizing potential and our organization from thriving,” they write.
They recommend a number of actions men can make to become better allies to women in their workplace, including:
- Sharpening your situational awareness. Be vigilant in observing how female colleagues experience meetings and other gatherings to be alert for any disparities you observe.
- Cure your gynophobia. Publicly push back on false narratives about the risks of engaging with women at work, while also deliberately and transparently initiating conversations and mentorships with female colleagues.
- Ask about women’s experiences. With genuine curiosity and humility, learn about the gendered workplace experiences of the women you work with.
- Recognize that all women are not the same. Be attuned to the unique experiences of the women you work with.
- Own and deploy your privilege. Recognize and fully own your privilege as a man, while leveraging it for the benefit of women and other marginalized groups.
Getting more women into cybersecurity is not only good for the women themselves, but good for the organizations that recruit them, and indeed for society as a whole. If we are to win the cybersecurity battle with hackers, then it’s vital that we don’t leave huge amounts of talent on the sidelines. Projects such as Shift have shown the way. Now we need to make their efforts mainstream.