Demand for cybersecurity jobs is expected to be very high, according to the Burea of Labor Statistics (BLS), which states employment is projected to grow 28% from 2016 to 2026, much faster than the average rate for all occupations*.
This explosive growth is spurring a substantial shortage of cybersecurity professionals that is expected to widen as cybersecurity jobs continue on an upward trajectory. Vacant positions in cybersecurity can represent a national security issue, as government and private institutions alike need to bolster – and maintain – their systems against malicious hacking. Security breaches can be costly and, in some cases, dangerous.
Although cybersecurity is facing a talent shortage, the field is also dramatically underrepresented in many demographics, like women, who comprise a mere 14% of the cybersecurity workforce in North America according to a 2017 report produced by the Center for Cyber Safety and Education and the Executive Women’s Forum (EWF) on Information Security, Risk Management & Privacy. Closing the gender gap by cultivating a new crop of talented female cybersecurity professionals may help close the talent gap as well.
Why Close the Gender Gap?
Setting aside the basic issues of equity that should drive businesses to close the gender gap, bringing more women into cybersecurity can help drive outcomes, Priscilla Moriuchi, Director of Strategic Threat Development at Recorded Future, told Forbes. Diverse experiences, leadership styles and varied perspectives improve business, particularly cybersecurity, because the hackers cybersecurity professionals are fighting against are also diverse. More creative, varied solutions often represent a greater chance of success in the war for cybersecurity.
When assessing the gender gap in cybersecurity, it’s also important to examine leadership levels. Not only are women underrepresented in the industry, but they are deeply underrepresented in the highest levels at greater intervals. In North America, only 4% of women are in senior executive roles compared to 25% of men.
Encouraging more women to join the field also helps cybersecurity meet its growing talent needs with highly qualified and educated talent that simply isn’t being capitalized on now.
Challenges in the Cybersecurity Industry
To bring more women into the cybersecurity industry, leaders and organizations have several hurdles to overcome, including:
Ingrained Messaging
In many cases, boys and girls are taught in childhood taught in childhood that STEM (science, technology, engineering and math) fields are for men, and women simply aren’t as good in them, Rose Elliott, senior director of product engineering of Tenable.io, told Forbes. And when girls – or adult women – do show an interest in the field, they will quickly find themselves one of few, if not the only, female in the room. Even media can perpetuate the image of the cyber expert coding away in his hoodie, which women don’t necessarily relate to, Kim Tremblay, founder of security firm Arctic Wolf Networks, told Government Technology. As a result, girls can struggle to picture themselves working in the cybersecurity field.
A Cycle of Bias
Tenured professionals tend to mentor and hire people who they relate to, which often keeps the mostly male-dominated arena recruiting and mentoring more men. And offensive assumptions, such as asking a woman whose badge she’s borrowed at a tech conference or assuming the male in the room is the project lead when the lead is the female (both real examples from Government Technology), create a frustrating bias women are forced to regularly overcome.
A Troubling Wage Gap
According to the EWF report, women globally earn less money than men for the same positions. While at the higher levels this is on the decline, women in managerial roles are still paid 3% less than men on average for equivalent roles. The gap is actually increasing at the non-managerial level, climbing from 4% less in 2015 to 6% less in 2017.
Prolific Discrimination
51% of women reported experiencing discrimination compared to just 15% of men, according to the EWF report. For the majority (87%) that was unconscious discrimination, but more than half (53%) reported denials or delays in career advancement and 19% reported overt discrimination.
Female Cybersecurity Trailblazers
Although the cybersecurity landscape is rife with hurdles for female professionals, many are taking them in stride and finding rewarding careers in the process.
Pavi Ramamurthy, a 15-year veteran of the industry, told Forbes that she enjoys the day-to-day work of building security programs and working on the incident response process. Jessica Ortega of SiteLock says she appreciates the work/life balance afforded in an industry that allows for self-paced training, remote work and self-study.
Several of the country’s top cybersecurity jobs are now held by women, including the Head of the Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT), Ann Barron-DiCamillo, and Microsoft’s Senior Director of Cybersecurity and Strategy, Angela McKay.
Not only are these pioneering women inspiring to future female cybersecurity professionals, but they also help lay the groundwork for breaking the glass ceiling in more organizations and for general inclusion in the industry.
Tips for Women Entering Cybersecurity
For women who are ready to take the plunge and start a career in cybersecurity, consider these tips:
Seek Internal Opportunities First
A career change doesn’t have to equate a company change. Instead, network with your own security team to understand current opportunities in your company’s security team. You may be able to leverage some on-the-job training and self-guided learning to position yourself in your new role.
Exhibit Confidence
Rose Elliott told Forbes she was stunned in the first meeting she attended where she didn’t feel heard. To combat being outnumbered – and sometimes ignored – Elliot advises acting and speaking decisively, even when that’s not entirely how you feel.
Embrace Risks
It’s easy to feel intimidated when you’re the only women in the room, or worse, when many believe you don’t even belong there. But don’t let this phase you. Instead, fight for the opportunities you want, and take chances to acquire the experience you’ll need to grow your career.
Network
Cultivating a mentoring relationship can be pivotal for receiving wise guidance, getting questions answered, and gaining a full understanding of opportunities. Although a female mentor can shed light on her own experience as a woman in the field, don’t discount a male cybersecurity professional you have a natural mentor relationship with, as expertise and knowledge are always valuable.
Learn – Perpetually
As with any field, new entrants don’t come in as experts. But in cybersecurity, knowledge is dynamic, and new challenges often crop up. Embrace constant learning to develop your expertise, generalist knowledge and managerial skills to grow in the field.
How to Increase Women’s Presence in the Field
Leaders and businesses can also take steps to boost the number of women in the field.
Increase Your Female Interns
At Cisco, interns in recent years have been 60% female, according to Marty Loy, Senior Director of the Security & Trust Organization Engineering. More female interns mean more accepted full-time job offers, and over time, the gender gap closes.
Educate Youth
Young women should be equally included in messaging that advertises the wealth of jobs available in cybersecurity. And, the industry needs to debunk the “hoodie and basement” myth by highlighting the variety – and high profile nature – of these jobs. Girls-only cybersecurity camps can also cultivate interest in the field and teach girls basic industry practices along the way.
Promote and Pay Equally
This may seem obvious, but until the practice permeates every organization, it’s worth stating: organizations must pay women equally to men for the same role, and qualified women should be promoted at the same rates men are.
Cultivate Mentorship or Sponsorship Programs
Organizationally-backed mentorship programs can provide a structure to ensure leaders are investing and building up their mentees as they should be. Formal programs also emphasize the value the organization places on mentorship.
Engage with Other Women
Women already in the industry should partner – not compete – to learn from each other, combine skillsets, and support each other toward advancement. Organizations like the Cisco Women in Cybersecurity Community provide a forum for women new to the field to network with more experienced cybersecurity professionals and can help encourage passion for the field.
Closing the widening talent gap in the cybersecurity field is critical to bolstering the country’s industries and institutions against emerging security risks. And, it’s likely that necessary talent is already available – it’s just untapped. To capitalize on the potential of female cybersecurity professionals, we have to transform an age-old narrative that tells girls they don’t belong in the field to a new one that shows them not only do they belong, but they are necessary to the future of the industry.
*Bureau of Labor Statistics, Occupational Outlook Handbook, Information Security Analysts, on the internet at https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm (visited March 27, 2019).
National long-term projections may not reflect local and/or short-term economic or job conditions, and do not guarantee actual job growth. Information provided is not intended to represent a complete list of hiring companies or job titles, and program options do not guarantee career or salary outcomes. Students should conduct independent research for specific employment information.