SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Women in cybersecurity: Slowly but surely, change is coming
Mon, 24th Apr 2017
FYI, this story is more than a year old

Many industries are working hard to even-up gender disparity within their fields – and with good reason. Not only do companies with a more diverse workforce offer a more obvious level playing field for new recruits; studies have found that diverse workplaces are more profitable, productive and have greater levels customer satisfaction.

These findings make it all the more concerning for the information security industry, in which only 11% of positions in the global cybersecurity workforce are occupied by women.

In an industry that is also facing a recruitment crisis, with 40,000 of the 128,000 positions opening in the US annually remaining unfilled, it is clear that more needs to be done to address the cybersecurity gender gap as well as increase industry recruitment levels in general.

An image problem

Despite being by definition a forward-thinking industry, it remains a male-dominated profession. And, as highlighted by the Center for Cyber Safety and Education's (ISC) Biennial Women in Cybersecurity Report, the workforce gap is “expected to reach 1.8 million by 2022”.

This is no small problem, as Lysa Myers, a security researcher at ESET, noted in 2015. Speaking to WeLiveSecurity, she expressed her concern that “there are still just a handful of women in the industry,” a fact she attributes partly to an image problem within the technical industry.

“I think there is an unfortunate stereotype about technical jobs where people are spending all day and night in a dark basement,” she said.

“But that isn't reality at all.

Information gap

One of the other reasons behind the gender gap – and recruitment in general – is a lack of understanding about the different roles available under the umbrella of information security.

This lack of understanding of the profession and the possible career paths open to both men and women was also highlighted in a recent report by Raytheon and NCSA cited in a 2015 article by Myers, “which found that the majority of both male and female students are not being exposed to the possibility of jobs in this industry.

Redressing the balance

Fortunately, several organizations and initiatives have been set up with the aim of redressing the balance. One of these initiatives is ESET's own Women in Cybersecurity Scholarship, which awards a $5,000 scholarship to a woman pursuing a college level degree and aspiring towards a career in cybersecurity.

Last year's winner, Chelsie Power, is now working as an information security analyst, as well as studying for her Master's Degree in Cybersecurity at Cal State University, San Marcos.

She says: “The award was incredibly helpful in that it paid for my books, additional training materials, and some tuition. It more than validated my career choice, giving me the confidence to keep honing my skills as an information security analyst.

“I think any field benefits from a diverse workforce to leverage broader perspectives, especially in cybersecurity, where cyberthreats and attack vectors are increasingly creative and sophisticated.

Other organisations aiming to redress the balance and improve recruitment rates include the US-based National Center for Women in Information Technology, and Girls Who Code, which aims to educate and inspire high school girls to pursue careers in computing.

Routes in

While the perception may be that those wishing to pursue a career in cybersecurity need to have a technological background, this is not necessarily the case – Myers herself started her career as a florist, moving on to a receptionist's role, before gaining experience in her company's virus lab.

A 2015 report written by Myers on Women in Federal Cybersecurity also revealed that several high-profile female cybersecurity experts started their careers in different fields. Nothing is impossible.

Sign of change?

While the percentage of women in cybersecurity security jobs remains low, there are some signs that interest in cybersecurity as a career is beginning to increase.

ESET's Cyber Boot Camp – a program in which students from San Diego receive five days of intense education in the art of computer system defence – has seen the percentage of girls in attendance rising from 0% to 40% in three years.

Myers also believes that interest in the sector is growing. Speaking in 2015, she said: “More people are realising what a solid, secure and interesting career choice it is, and as more companies are realising how crucial computer security is to their bottom line, there are a lot of different types of people dealing with a lot of different aspects of technology.