Help wanted: More women in cybersecurity jobs

Industry must create opportunities for women to bridge gender gap, help ease worker shortage

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

As the cyber­se­cu­ri­ty indus­try faces a crit­i­cal short­age of workers—estimated at 1.5 mil­lion by 2020—the num­ber of women in the indus­try is dis­mal. Accord­ing to a recent report by Frost & Sul­li­van, bridg­ing that gen­der dis­par­i­ty gap would lessen the short­fall in work­er demand.

Although the num­ber of women in infor­ma­tion secu­ri­ty has grown, their ratio has remained flat for the past two years, at 10 per­cent, the report found. And their salaries are lag­ging, too—nearly 5 per­cent low­er, on aver­age, than men.

The report, titled “Women in Secu­ri­ty: Wise­ly Posi­tioned for the Future of InfoS­ec,” was spon­sored by the non­prof­it (ISC)2 Foun­da­tion and lead­ing tech­nol­o­gy and strat­e­gy con­sult­ing firm Booz Allen Hamil­ton. It was based on the pre­vi­ous­ly released “The 2015 (ISC)2 Glob­al Infor­ma­tion Secu­ri­ty Work­force Study,” which had near­ly 14,000 respon­ders worldwide.

Info­graph­ic: Secu­ri­ty pros to remain a hot commodity

Angela Mess­er, exec­u­tive vice pres­i­dent at Booz Allen Hamil­ton, says the 2015 work force study con­firmed there’s a nation­al cri­sis, with the num­ber of work­ers unable to meet cur­rent or future demand.

That sup­ply-demand gap is a nation­al secu­ri­ty issue,” says Mess­er, who leads the pre­dic­tive threat intel­li­gence busi­ness at Booz Allen Hamilton’s Strate­gic Inno­va­tion Group. “When you think about it in that con­text, women can be a great solu­tion to close that gap.”

Grow­ing role in gov­er­nance, risk, compliance

Julie Franz, direc­tor of the (ISC)2 Foun­da­tion, says one of the most sur­pris­ing find­ings in the report was women’s grow­ing con­cen­tra­tion in gov­er­nance, risk and com­pli­ance (GRC) roles—one in five women, com­pared to one in eight men.

The two top roles in cyber­se­cu­ri­ty are secu­ri­ty ana­lyst and GRC,” she says. “(That num­ber) is basi­cal­ly say­ing that women are very well posi­tioned on the cut­ting edge of the new def­i­n­i­tion of cybersecurity.”

That new def­i­n­i­tion looks at cyber­se­cu­ri­ty as a busi­ness prob­lem rather than a tech­nol­o­gy prob­lem, accord­ing to Pat­ty Wright, the senior direc­tor of advi­so­ry ser­vices at Cis­co.

Chang­ing the con­ver­sa­tion from tech­nol­o­gy risk to busi­ness risk opens the door for a lot of women,” says Wright, who man­ages a team that gives con­sult­ing advice relat­ed to secu­ri­ty and GRC.

The GRC role pro­vides a much broad­er view of an orga­ni­za­tion, Franz says, and requires skills that women typ­i­cal­ly excel at, such as lead­ing cross-func­tion­al teams, under­stand­ing bar­ri­ers, and bal­anc­ing busi­ness objectives.

Gov­er­nance, risk and com­pli­ance grew out of post-Sept. 11 events, when many com­pa­nies oper­at­ing in the World Trade Cen­ter lost their data, accord­ing to Franz.

It’s a posi­tion where you have to real­ly under­stand the busi­ness that you are secur­ing, not just the indi­vid­ual tech­nol­o­gy,” she says.

Chang­ing the numbers

Franz says the low num­ber of women in the indus­try is a par­i­ty issue. Women com­prise 47 per­cent of the over­all work force and if 47 per­cent of cyber­se­cu­ri­ty work­ers were women, “you would get rid of the gap,” she says.

She points to Booz Allen as an exam­ple of an orga­ni­za­tion that has well-thought-out recruit­ing, hir­ing and men­tor­ing pro­grams to attract women. But, Booz Allen’s Mess­er says, “it takes a vil­lage” to solve the prob­lem, so the indus­try needs to do a bet­ter job at work­ing together.

If we han­dle it in our own silos, I don’t think we’ll be as suc­cess­ful,” she says. “We need to part­ner with each other.”

Relat­ed sto­ry: Cyber­se­cu­ri­ty jobs go unfilled as breach­es boom

The chal­lenges of infor­ma­tion secu­ri­ty are a reflec­tion of the STEM (sci­ence, tech­nol­o­gy, engi­neer­ing, math) sec­tor, in gen­er­al. Many oth­er STEM jobs also are in high demand, but young women are less attract­ed to those fields than men.

The time when girls are being social­ized away from tech­nol­o­gy starts even before ele­men­tary school,” says Michelle Dennedy, the new vice pres­i­dent and chief pri­va­cy offi­cer at Cisco.

And soci­ety as a whole—as well as par­ents and K-12 educators—are start­ing to under­stand that girls need to be encour­aged in math and sci­ences at a young age, Wright says.

It will take a while to change,” she says, “but hope­ful­ly I’ll start see­ing more résumés from women.”

Dennedy recalls the days, 15 years ago, when at the RSA Con­fer­ence, every­one assumed she was in mar­ket­ing because she was a woman. Although women have been mak­ing strides, she believes the work­place cul­ture still needs to change, espe­cial­ly at the lead­er­ship lev­el, because “it’s easy to hire peo­ple who look and think like you.”

The take­away, accord­ing to Mess­er, is that the indus­try has to be proac­tive to cre­ate oppor­tu­ni­ties for women.

There’s no one sil­ver bul­let, but if we’re not proac­tive and come up with inno­v­a­tive solu­tions togeth­er, we will not have progress,” she says. “I’m con­fi­dent we can.”