Women are making significant strides in cyber security, a noteworthy development in an industry that for too long was composed of a primarily male workforce
According to a recent report by the world’s largest non-profit association of certified cyber security professionals, nearly one-quarter of the global cybersecurity workforce is now made up of women. What’s more, women are ascending to positions of leadership. This is an important finding for a study that examined the global cyber security workforce gap that estimated the shortage of professionals at three million. The relation is symbiotic; the need for these professionals is paramount as cyber security efforts must address a surging dynamic cyber threat landscape where varied actor sets continually gain an advantage over defenders. Moreover, the inclusion of such diversity fosters creativity, which is an essential attribute in the cyber threat space where actors and activities continue to demonstrate innovation.
Closing the cyber security gender gap reflects the realities of the larger global cyber environment where there is diversity in gender, politics, social, economic, and culture. The bad guys are not only diverse in their thinking and actions, but also so are potential foreign security partners. As such, different perspectives and experience is a necessary complement to an industry that often hits an obstacle when it comes to language and terminology. More importantly, more inclusion into cyber security starts to tear down antiquated perceptions that the profession is geared toward males. This is almost ironic considering that women have played prominent roles in computers to include programming, designing computer systems to run U.S. census, and the software that supported Apollo 11 missions.
Addressing the cultural perception of the cyber security industry is necessary in order to continue to better level employment levels. Part of this requires a review to ensure that compensation levels are equal. According to a 2017 global information security study (that surveyed 19,641 respondents from 170 countries), women earned less than male counterparts at every level. This has to change as does how organizations promote individuals to more senior roles. According to an organization that tracks women in information technology, 56 percent of women left the workplace at the mid-level career level. That is a considerable amount that calls into question how many talented individuals have previously departed for other opportunities.
All is not bleak. There are some signs that things may be changing, albeit slowly. The millennial generation is contributing to reduce the cyber security representation disparity. According to a 2017 report that focuses on women in cyber security industry, 52 percent of women under the age of 29 have a computer science undergraduate degree. This is a positive development but will require more extensive monitoring to see how these individuals rise up the ranks in the face of various work-related challenges. The fact that more women hold a post-graduate degree in the discipline as compared to their male counterparts is very encouraging, and certainly suggests that women are in it for the long haul. This is important to start filling those open positions. Not only is there interest expressed, but the qualifications are also there. With women making up approximately half of the global population, and qualified women ready to immediately step into the cyber security workspace, this gap should quickly close.
But that is going to require a concerted effort to recruit this talent as a primary initiative and not an afterthought. And that requires organizations to scrutinize internal business practices and changing them, accordingly, as filling this need is not just a human resources problem, but an enterprise security imperative. All organizations face a similar reality: increasing challenges of promptly identifying and remediating volumes of hostile activity, a diverse threat actor landscape of varying capabilities, and ensuring the integrity of the cyber security lifecycle.
And that requires having the right people with the right backgrounds working in tandem with the right technology to mitigate the threat. In my career as a cyber security professional, I have worked with women in the government that have assumed leadership positions in the private sector, but these incidents of success are not indicative of the quality of individuals that is available. Women cyber security practitioners are perfectly poised to solve the employment gap as long as the financial and career opportunities are there. And that is something over which private sector organizations have complete control, and if we have any desire to reduce the employment gap and get on equal footing with hostile cyber actors, can no longer overlook.
About the Author
Emilio Iasiello has more than 12 years’ experience as a strategic cyber intelligence analyst, supporting US government civilian and military intelligence organizations, as well as the private sector. He has delivered cyber threat presentations to domestic and international audiences and has published extensively in peer-reviewed journals and blogs. Follow Emilio on Twitter