More Women Needed In Cyber Security

Directors Report:  This article is exclusive the Premium Subscribers. For unrestricted website access please Subscribe: £5 monthly / £50 annual.

The participation of women in tech and cyber security sectors is rising too slowly and yet cyber crime is recognised as one of the greatest threats to businesses around the world. And now, with company and government data becoming increasingly reliant on the Internet, it is critical that their computer systems are protected from malicious attacks or data breaches.

Currently more than 1 million security jobs worldwide are unfilled and of those employed as cyber security professionals, women represent only 11 percent of the workforce.  These unfilled cyber security jobs aren’t just a staffing issue - they’re a matter of national security and women can help us solve the problem quickly. 

Our current need for women in cyber security is no different from when we needed women to work in what were then considered to be stereo-typically male roles during WWII. As a result of the ongoing pandemic, the cyber security industry has continued to accelerate, and has no indication of slowing down anytime soon. 
With new and innovative methods of hacking affecting businesses of all kinds, the number of cyber attacks is also increasing. 

A report by the the British Government's Department for Digital, Culture, Media and Sport (DCMS) showed that the UK’s cyber security industry is now worth around £8.3 billion, but lacks female representatives for an industry so high in demand.

The industry predominantly remains male-dominated, and this lack of diversity, in turn, means less available talent to help keep up with the rise in mounting cyber threats. 

Women currently represent about 20% of people working in the field of cybersecurity, and the number of women in cyber security is growing; organisations must address the diversity debt to capture and retain this new labor force. Even at the very beginning of a ‘tech’ based career pathway, a woman’s success is already limited. Females make up only 28% of the workforce in science, technology, engineering and math (STEM) subjects, and are systematically tracked away from these subjects throughout their learning, and pushed towards written and creative arts, narrowing their training and potential positions to go into these fields later in life.

The (ISC)2 Cybersecurity Workforce Study 2021, based on data obtained from thousands of cyber security professionals in North America, Europe, LATAM, and APAC regions, estimates that the global cyber security workforce is approximately 4.19 million at present, up from 2.8 million in 2019 and 3.48 million in 2020. 
The average salary before taxes in the US has also increased from $83,000 in 2020 to $90,900 this year. However, the percentage of women among cyber security professionals in these regions is still approximately 25%. 

Considering the cyber security industry still needs 2.72 million more professionals urgently so that organisations can fill up crucial vacancies, the lack of women in the industry is contributing to the burgeoning cyber security gap that organisations aren’t able to address at the scale required.  (ISC)2 said that even though 700,000 professionals entered the workforce in the past year, the workforce gap reduced by just 400,000, indicating that the global demand continues to outpace supply.

Another factor that remains to be addressed is the percentage of women in leadership roles in the cyber security industry. In 2021, women made up just 17% of Fortune 500 CISO positions and there is only one female CISO in the top ten US companies. However, it cannot be said that the participation of women isn’t improving quickly. The percentage of women in Fortune 500 CISO positions was a paltry 14% last year.

STEM subjects are traditionally considered as masculine by many. All too often, teachers and parents may steer girls away from pursuing such areas, with females making up 34% of STEM graduates in 2021 but only 13% make up the overall workforce. 

Furthermore, women who have been successful in entering the industry often receive different treatment compared to males who work in technology, and can occasionally be mistaken for having a less ‘dominant’ role. From engineers to analysts, consultants and technologists, the roles are unlimited in cybersecurity. It is clear for women entering the industry that the profession is not limited to just one type of job, and requires a range of skill sets, most of which can now be done remotely – which has been heightened due to COVID-19.

However, research demonstrates that 66% of women reported that there is no path of progression for them in their career at their current tech companies, suggesting the very reason why women tend to end up in the more ‘customer facing’ roles, such as marketing, sales or customer support. How can females continue to advance once they have a foot in the door into more technical or product focused roles?

Despite girls outperforming boys in maths and science, the presumption remains that women are not equipped to take on ‘complex’ tasks and roles. 

Girls who attend an ‘all-girls’ school and see their female peers also participating in technology subjects, therefore do not have lower-esteem when pursuing that industry, and are in a learning environment free from gender stereotyping, unconscious bias and social pressure. Even if a female is successful within these areas, we continue to see a lack of women represented in senior leadership roles on boards, as CEOs and in STEM careers. We need to dispel the myths that women cannot take on ‘tech-heavy’ jobs.

Maternity leave or taking a break to raise a family is another challenge women face later on in their career. Employers might question the gap in their CV when they eventually want to return to work after taking a break from such a demanding industry to start and raise a family. 

To ensure that women gain equal footing in stereotypically male-dominated industries, there is an often-overlooked factor, men need equality too. 

Businesses need to offer the same level of paternity leave and support to men as they do women when it comes to looking after a family. This then leads to the need for flexibility within working hours for school runs, for example, as it needs to be understood that men have children too, and women are not always the number one caregiver. Having a diverse workforce allows for a balance of input, more creativity, new perspectives and fresh ideas. From different learning paths, to ways of approaching problems, and bringing in wider viewpoints, women bring an array of different skills, attributes and experience to cyber security roles. 

Working in an industry like cyber security, where everyone is impacted and everyone is a target, we need everyone to be involved in developing solutions which work to solve the problem. This is not just limited to gender, but also includes age, culture, race and religion. To truly mitigate the risk of cyber crime, we need a solution relevant to all the people impacted by the problem.

Taking Action

To begin with, whether this is from a younger age during school studies or university courses, offering varied entry pathways into the industry, or making it easier to return after a break, women must be encouraged into the field of cyber security. These hurdles into the sector have to be addressed.

Every business has a part to play when it comes to ensuring that their organisation meets the requirements of all of their employees. From remote or hybrid working, reduced hours or adequate maternity and paternity support, working hours should be more flexible to suit the needs of the employee.

  • A “return to work scheme” would greatly benefit women if companies were to implement them. This can help those who have had a break from the industry get back into work, and this doesn’t necessarily mean limiting them to roles such as customer support, sales and marketing. 
  • HR teams must also do better when it comes to job descriptions, ensuring they appeal to a wider audience, offer flexibility and that the recruitment pool is as diverse as can be. 

The UK government has started taking action by setting up a Cyber Security Skills Strategy. Businesses themselves have also started to enforce programmes to support those with gaps in their CV’s and are eager to return to their careers, such as Ziff Davis’s Restart Programme.  This programme is committed to those who have a gap in their experience and are keen to return to their careers, providing them with an employment opportunity which emphasises growth and training, helping professionals return to the workforce. When businesses step up and take matters into their own hands, it provides more available paths into the industry for everyone.

There is more of a need than ever before for more diverse teams, as cyber security threats become more varied. Becoming part of a gender-balanced cyber workforce is an efficient way to avoid unconscious bias and build a range of solutions to complex problems. 

Whilst the latest government initiatives and courses to attract diverse talent, and better the UK’s security and technology sectors is a great start, the only way to progress is more investment and emphasis on STEM as a career path. This will encourage both males and females, who are treated equally and can see themselves reflected in their senior management teams.

What the industry needs to look at is that the representation of women in computer science and in engineering is very similar to the percentage of women who graduated in these fields. 

According to Pew Research, women earned 53% of STEM college degrees in 2018, but formed just 22% of engineering graduates and 19% of computer science graduates. In contrast, 85% of the bachelor’s degrees in health-related fields were earned by women. As far as leadership roles are concerned, the 17% share of women in Fortune 500 CISO positions sounds incredible when compared to the representation of women in leadership roles in the tech industry as a whole. 

According to data collated by the Women Business Collaborative (WBC), women make up only 8.2% of Fortune 500 CEOs, 7.3% of Fortune 1000 CEOs, 5.6% of Russell 3000 CEOs, and 7.4% of CEOs at private companies with revenue over $1 billion. “While the numbers for women in leadership are moving in the right direction, with the Fortune 500 up to 8.2% from 6.6% in 2019, progress is still too slow and not reflective of the nation. Women of color hold only one percent of CEO positions across the Fortune 1000,” the report said.

  • Black and Hispanic workers remain underrepresented in the science, technology, engineering and math (STEM) workforce compared with their share of all workers, including in computing jobs, which have seen considerable growth in recent years. 
  • The representation of women varies widely across STEM occupations. Women make up a large majority of all workers in health-related jobs, but remain underrepresented in other job clusters, such as the physical sciences, computing and engineering.

The cyber security industry remains an attractive and lucrative career path, but more should be done to direct female students in the right way to pursue a job role within STEM and to support those who are returning to work.

References

Information-Age:    Cyber Security Ventures:    Toolbox:      Pew Reserach:      Microfocus:    Cisco:    

The Software Report:      UKTech:    Gartner:      Guardian:     (ISC)2:     Gov.UK:    Gov.UK:   

TechBeacon:    Sydney Morning Herald:     Ziff Davis:     University of Northunbria:  

You Might Also Read:  

Diversity In Cyber Security:

 

« SIM Swapping Attacks Caused T-Mobile Breach
Ukraine Government Hit By Massive Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cloud Security Alliance (CSA)

Cloud Security Alliance (CSA)

The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing

Quotium

Quotium

Quotium provides automated testing technologies to make business software applications secure and robust.

AppRiver

AppRiver

AppRiver is a global provider of cloud-based email and web security solutions that protect businesses worldwide from today's ever-changing online threats.

NetLib Security

NetLib Security

NetLib Security’s powerful, patented data security platform helps companies control data loss prevention (DLP) by managing what data can be transferred outside of their network.

Data61

Data61

Data61 is Australia’s leading digital research network offering the research capabilities, IP and collaboration programs to unleash the country’s digital & data-driven potential.

NSIT

NSIT

NSIT SAS is a consulting, advisory and service provider in IT systems. Solution areas include networking & infrastructure, IT management & administration, and cyber security.

Vesta

Vesta

Vesta Corporation is a global provider of a scalable suite of fraud and payment solutions for online commerce.

Redbelt Security

Redbelt Security

Redbelt is a cyber security consultancy. We integrate people, systems, services and products to transform how your information security is delivered.

Ingenio Global

Ingenio Global

Ingenio is a specialist recruitment business for SaaS companies. Our purpose is to source exceptional talent in areas including cyber security for leading SaaS companies in the UK and Ireland.

Zero Networks

Zero Networks

With Zero Network, you can achieve affordable, airtight network access security at scale.

Dashlane

Dashlane

Dashlane puts all your passwords, payments, and personal info in one place that only you control. So you can use them instantly. Securely. Exactly when you need them.

Kape Technologies

Kape Technologies

Kape Technologies is a cybersecurity company focused on helping consumers around the world have a better digital experience with greater privacy and protection.

UK Cyber Security Association (UKCSA)

UK Cyber Security Association (UKCSA)

The UK Cyber Security Association (UKCSA) is a membership organisation for individuals and organisations who actively work in the cyber security industry.

ViewQwest

ViewQwest

ViewQwest is a regional telecommunications & information technology services company. We specialize in providing Connectivity, Managed Network, Managed SD-WAN, and Managed Security solutions.

Seraphic Security

Seraphic Security

Seraphic Security provides attack protection to enable safe browsing for employees or contractors, as well as advanced governance controls to enforce enterprise policies across devices.

CampusGuard

CampusGuard

CampusGuard focuses on the cybersecurity and compliance needs of campus-based organizations including higher education, healthcare, and state and local government.