When it comes to the oft-discussed gender gap in cybersecurity, men tend to think women have equal career advancement, while women say that’s not the case.
In fact, according to ISACA’s annual State of Cybersecurity 2018 report, a 31-point perception gap exists between male and female respondents, with 82% of male respondents saying men and women are offered the same opportunities for career advancement in cybersecurity, compared to just 51% of female respondents.
Of those surveyed, about half (51%) of respondents report having diversity programs in place to support women cybersecurity professionals.
The report also found that while gender disparity exists, it can be mitigated through effective diversity programs. In organizations that have one, men and women are much more likely to agree that men and women have the same career advancement opportunities. A full 87% of men say they have the same opportunities, as compared to 77% of women.
Thus, while a perception gap remains, it is significantly smaller than the 37-point gap among men and women in organizations without diversity programs (73% of men in organizations without diversity programs say advancement opportunities are equal, compared to 36% of women).
Aside from the gender stats, the report also found that the worldwide cybersecurity skills gap continues to present a significant challenge, with 59% of information security professionals reporting unfilled cyber/information security positions within their organization.
Further, 54% said it takes at least three months to fill open positions. Individual contributors with strong technical skills continue to be in high demand and short supply; more than 70% of respondents say their organizations are seeking this kind of candidate.
Time to fill open cybersecurity positions has decreased slightly, however, down from last year’s 62% saying it takes three months or more. Also, security managers are seeing a slight improvement in the number of qualified candidates: Last year, 37% of security professionals said fewer than 25% of candidates for security positions were sufficiently qualified. This year, the number of respondents dropped to 30%.
“This research suggests that the persistent cybersecurity staffing problem is not a financial one. Even though enterprises have more budget than ever to hire, the available workforce lacks the skills organizations critically need,” said ISACA CEO Matt Loeb. “More of those dollars will need to be invested in technical cybersecurity training, along with effective retention programs. Practitioners who acquire and demonstrate hands-on technical cybersecurity skills will find themselves in significant demand.”