Help wanted: More women in cybersecurity jobs
Industry must create opportunities for women to bridge gender gap, help ease worker shortage
By Rodika Tollefson, ThirdCertainty
As the cybersecurity industry faces a critical shortage of workers—estimated at 1.5 million by 2020—the number of women in the industry is dismal. According to a recent report by Frost & Sullivan, bridging that gender disparity gap would lessen the shortfall in worker demand.
Although the number of women in information security has grown, their ratio has remained flat for the past two years, at 10 percent, the report found. And their salaries are lagging, too—nearly 5 percent lower, on average, than men.
The report, titled “Women in Security: Wisely Positioned for the Future of InfoSec,” was sponsored by the nonprofit (ISC)2 Foundation and leading technology and strategy consulting firm Booz Allen Hamilton. It was based on the previously released “The 2015 (ISC)2 Global Information Security Workforce Study,” which had nearly 14,000 responders worldwide.
Infographic: Security pros to remain a hot commodity
Angela Messer, executive vice president at Booz Allen Hamilton, says the 2015 work force study confirmed there’s a national crisis, with the number of workers unable to meet current or future demand.
“That supply-demand gap is a national security issue,” says Messer, who leads the predictive threat intelligence business at Booz Allen Hamilton’s Strategic Innovation Group. “When you think about it in that context, women can be a great solution to close that gap.”
Growing role in governance, risk, compliance
Julie Franz, director of the (ISC)2 Foundation, says one of the most surprising findings in the report was women’s growing concentration in governance, risk and compliance (GRC) roles—one in five women, compared to one in eight men.
“The two top roles in cybersecurity are security analyst and GRC,” she says. “(That number) is basically saying that women are very well positioned on the cutting edge of the new definition of cybersecurity.”
That new definition looks at cybersecurity as a business problem rather than a technology problem, according to Patty Wright, the senior director of advisory services at Cisco.
“Changing the conversation from technology risk to business risk opens the door for a lot of women,” says Wright, who manages a team that gives consulting advice related to security and GRC.
The GRC role provides a much broader view of an organization, Franz says, and requires skills that women typically excel at, such as leading cross-functional teams, understanding barriers, and balancing business objectives.
Governance, risk and compliance grew out of post-Sept. 11 events, when many companies operating in the World Trade Center lost their data, according to Franz.
“It’s a position where you have to really understand the business that you are securing, not just the individual technology,” she says.
Changing the numbers
Franz says the low number of women in the industry is a parity issue. Women comprise 47 percent of the overall work force and if 47 percent of cybersecurity workers were women, “you would get rid of the gap,” she says.
She points to Booz Allen as an example of an organization that has well-thought-out recruiting, hiring and mentoring programs to attract women. But, Booz Allen’s Messer says, “it takes a village” to solve the problem, so the industry needs to do a better job at working together.
“If we handle it in our own silos, I don’t think we’ll be as successful,” she says. “We need to partner with each other.”
Related story: Cybersecurity jobs go unfilled as breaches boom
The challenges of information security are a reflection of the STEM (science, technology, engineering, math) sector, in general. Many other STEM jobs also are in high demand, but young women are less attracted to those fields than men.
“The time when girls are being socialized away from technology starts even before elementary school,” says Michelle Dennedy, the new vice president and chief privacy officer at Cisco.
And society as a whole—as well as parents and K-12 educators—are starting to understand that girls need to be encouraged in math and sciences at a young age, Wright says.
“It will take a while to change,” she says, “but hopefully I’ll start seeing more résumés from women.”
Dennedy recalls the days, 15 years ago, when at the RSA Conference, everyone assumed she was in marketing because she was a woman. Although women have been making strides, she believes the workplace culture still needs to change, especially at the leadership level, because “it’s easy to hire people who look and think like you.”
The takeaway, according to Messer, is that the industry has to be proactive to create opportunities for women.
“There’s no one silver bullet, but if we’re not proactive and come up with innovative solutions together, we will not have progress,” she says. “I’m confident we can.”