The disparity between men and women employed in information security is striking: just 11% of the security workforce comprises women. This compares to near parity in both the general workforce and in other professional and managerial roles for most of the developed world.
To gain an insight into both the causes and effects of this disparity, Frost & Sullivan, sponsored by (ISC)2 and Symantec, surveyed 5,814 security professionals (3,466 'leaders' and 2,348 'doers').
One area examined closely by the survey looks at and compares the background skill sets of both men and women in security leadership roles. It found that more men than women have a computer science background (45% to 33%); but more women than men have a business background (21% to 13%). As a group, concludes the report, women in security "have a more diverse academic background than men, and a collective background with slightly greater emphasis on social sciences and significantly less emphasis on the majors traditionally associated with the security workforce (i.e., computer and information sciences, and engineering)."
This could be important. It is increasingly recognized that security should not be an IT silo solution, but an all-inclusive business-aligned process. This requires taking security awareness out of the IT department and ensuring that all staff are included – but it is women rather than men that are the strongest proponents of widespread security education within the general workforce.
In particular, women leaders are stronger advocates of web- or internet-based training rather than face-to-face or classroom training. Given the increasing need for training in budget-constrained conditions, "online is the logical choice and women are ahead of men in their advocacy of online training and education", notes the report.
Overall, what the report suggests is that women are ideally suited through both their academic and commercial backgrounds, together with a natural inclination to be inclusive, to drive forwards the evolving role of security from an IT-centric to a business-centric issue.
"It is evident today that women in the information security profession are greatly under-represented", comments Julie Talbot-Hubbard, vice president and chief security officer at Symantec. "We need to recognize the strengths that women bring, such as their diverse academic backgrounds and differentiated skill sets, and make training more widely accessible to encourage more women to pursue this career path."
"The practice of information security is transforming to a more comprehensive, risk-based, business orientation", concludes the report. But effective transformation will take more than functional understanding and operational expertise – it will, in short, benefit from those very same skills that are frequently found in women. "Enterprises should," it says, "consider the steps that they can make to encourage more women to pursue the information security profession and, for those in the profession, to stay... Technical skills, while still important, must be increasingly supplemented with the multi-disciplinary skills and perspective necessary to make subtle but impactful risk management decisions."