Get a Security Boost: Add More Women to Your Cyber Team

Women bring a diversity of experience that cybersecurity needs, report says.

It’s long been known that women are grossly underrepresented in information technology and cybersecurity jobs. But these shortages of women may be complicating more than just your organization’s diversity strategy; they also may be contributing to the frequent failure of enterprise cybersecurity strategies and defense, a new report suggests.

The report, “Agents of Change: Women in the Information Security Profession,” released Monday by (ISC)2, Frost & Sullivan and Symantec, found that, amid double-digit annual increases in the cybersecurity profession, women continue to make up just 11 percent of the cyber workforce. This is troubling, particularly considering that women often have more diverse academic backgrounds and perspectives than men, traits that could help accelerate the change needed in the information security industry, (ISC)2 found.

The evolution of the cybersecurity field to include threats such as a competitive global marketplace, conflicting regulatory requirements and the adoption of new technologies like cloud-delivered services and bring-your-own-device strategies shows a need for a new, diverse set of skills that the information security discipline has not yet been able to catch up with, the study found.

“There’s a force factor that is driving change in the industry, and the edges around the definition of the industry are getting squishy,” Julie Peeler, director of the (ISC)2 Foundation, said Tuesday. “The entire industry is being redefined and consequently, there’s a whole new set of needs in terms of skills. Women are well-placed to take advantage of that change in the industry and also to lead the changes that need to occur in individual organizations.”

There are differences in the way men and women define the variety of skills necessary to be an effective cybersecurity professional, and the unique skill sets brought by women may be key in addressing that threat evolution, (ISC)2 found. Women, for example, said professionals should maintain a variety of skills such as communication skills, broad understanding of the field and awareness and understanding of the latest security threats, while men were more likely to emphasize technical skills as a top priority.

Meanwhile, the research found little difference in average job tenure, median and average annual salary and academic background among men and women serving in senior cybersecurity roles. Women leaders, for example, spent an average of 13.5 years in the field, compared to men at 13.6 years, and both groups earned an annual average median salary of $105,000 per year. Ninety-one percent of female leaders hold a bachelor’s or advanced academic degree, compared with 89 percent of male leaders.

But Peeler said these differences were much more pronounced when looking at data for more junior level workers. “At junior levels, women are more educated and less well-paid than men in the industry,” she said. “We can’t just ask ourselves why women aren’t choosing information security; we also have to ask why they aren’t staying in the field. And I think if you look at those kinds of salary levels, that’s enough to tell you right there.”

Peeler said the industry must begin thinking much more broadly about where and how to find the skills to bridge the cybersecurity talent gap of more than 300,000 workers. The tendency, she said, is to look at the graduation rates of IT and engineering majors, but other nontraditional majors – such as law, psychology and sociology – can provide a solid foundation for cybersecurity work. The industry should boost efforts to recruit women in these backgrounds, including women who are looking to reenter the workforce after having left to raise a family, Peeler said. “They may not want to go back into their original field, so they could potentially be brought in for training to work in IT security,” she said.

In fact, simple math shows that women account for roughly 300,000 of the 3 million cybersecurity workers worldwide. If we simply double the number of women in these jobs, we’ve solved the cyber talent gap problem, Peeler said. “We need to flip our mindset of this being an issue of inclusiveness and more about gender equity as an economic issue,” Peeler said. “A concerted effort by the education system and within organizations in terms of recruiting would do a lot to change the gender imbalance and would make a huge stab at the gap in the workforce.”