How to support women in cybersecurity
Cybersecurity is required to be a dynamic industry because cybercriminals don’t take days off. Cybersecurity professionals must be innovative, creative, and attentive to keep gaining the upper hand on cybercriminals. Unfortunately, there are millions of unfilled cybersecurity job openings around the globe.
The gender divide
The problem of not enough cybersecurity professionals is exacerbated by a lack of diversity in the sector. There is a disproportionately low ratio of women to men within the entire technology industry. In the science, technology, engineering and math (STEM) industries, women make up only 24% of the workforce, and while this has increased from just 11% in 2017, there is clearly still a sizeable disparity.
The cybersecurity industry is performing only marginally better than STEM, with women making up roughly 24% of cybersecurity jobs globally, according to (ISC)².
There is also a parallel trend here: women have superior qualifications in cybersecurity than their male counterparts. Over half of women – 52% – have postgraduate degrees, compared to just 44% of men. More importantly, 28% of women have cybersecurity-related qualifications, while only 20% of men do. This raises one important point, which is that women feel that they must be more qualified than men to compete for and hold the same cybersecurity roles. The industry is, therefore, losing a significant pool of talent because of this perception. Untapped talent means less innovation and dynamism in the products and services businesses offer.
Unfortunately, the challenges for women do not appear to stop once they enter the cybersecurity workforce. Pay disparity continues to blight the industry. Women reported being on smaller salaries at a higher proportion than men. 17% of women reported earning between $50,000 and $99,000 compared to 29% of men. However, there are signs that this disparity in pay is closing. For those in cybersecurity who earned over $100,000, the difference in percentage between men and women was much closer. This is encouraging and shows that once women are in the industry, they can enjoy as much success as men.
Nevertheless, reaching these higher levels of the cybersecurity industry is far from straightforward for women at present. It is an unavoidable fact that women still struggle to progress as easily compared to male counterparts. A key reason for this is cultural: women are disinclined to shout about their achievements, as such they regularly go unnoticed when promotions and other opportunities come round.
The cybersecurity industry is starting to embrace diversity in the workforce, but there is a long way to go before women are as valued in cybersecurity as men. With the current skills deficit hampering the growth of cybersecurity providers, this is a perfect opportunity for the industry and individual providers to break the bias and turn to women to speed up innovation and improve defense against cybercriminals.
Why women are essential for success
As well as the moral argument for including and empowering women in the workplace, there is a concrete business case for pursuing such a policy.
Having individuals with diverse backgrounds, experiences and talents translate into a far broader range of unique perspectives, ideas and perceptions. Problem-solving, decision making, and creativity are just some areas where unique perspectives can make an immediate difference.
Cybersecurity as an industry is missing out on new and fresh ideas on tackling cybercriminals and protecting the businesses they serve, simply by underutilizing half of the population.
Recent research by the House of Commons Library discovered that businesses with more women in senior leadership positions are far more successful than those without. Fresh perspectives are crucial to continual innovation, growth, and long-term business success. This shouldn’t shock anyone who has had a successful career in business. The easy step is to acknowledge the truth that embracing and including women generates immense value for an organization. The hardest part for businesses appears to be how to do it.
What can businesses do to aid and develop women in the cybersecurity sphere?
Awareness is a key first step. There needs to be more concerted effort from our sector to show underrepresented groups what a career in cybersecurity has to offer. This means we need to get into schools early and offer mentoring schemes to talented and interested children.
We need to run programs in universities to allow young women to visualize a career in cybersecurity. Parents and careers advisors can play a massive part in this by being educated and informed on the benefits of working in cybersecurity. It is also important to remember that not all jobs in this industry require deep technical knowledge. For roles in compliance, for example, other skills are needed.
One of the measures that we have implemented at Defense.com is recognizing the need for a flexible working environment. Women are more likely to be in part-time employment in the UK, so flexibility is essential. It allows women to balance work and care responsibilities and other priorities, creating a more inclusive culture that is more attractive and supportive for all employees.
Mentoring schemes (even with a mentor from outside the company) are a powerful additional tool here to support the long-term career development of women in the business.
Businesses can make a conscious decision to hire more women – a step taken by about a third of cybersecurity firms. One step to achieve this to introduce non-gendered language in recruitment adverts. Reports have found that job adverts with masculine language discourage many women and make the role appear unappealing.
A job advert’s wording profoundly impacts who applies and who doesn’t. This applies beyond exclusively gendered language as well. We need to move away from outdated frameworks like required skills lists in job adverts. Women are significantly less likely than men to apply if they do not match all the required skills.
Offering competitive salaries, training and development, and internal opportunities for career progression are well-established principles for a successful and thriving business. However, many cybersecurity companies are failing in this regard; as shown above, women’s salaries are not at the same level as those of men. This fundamental obstacle must be addressed if the perception of cybersecurity as a boy’s club can be overcome. Women don’t want special treatment, just the same career development and progression opportunities as men.
By building a culture where everyone can thrive, organizations can be on their way to construct an equitable workplace where female colleagues can flourish and prosper, as well as the men. We are improving as an industry, however, there is still a long way to go.