Working environments designed to empower only men are putting women off pursuing cybersecurity careers.
Cybersecurity professionals speaking at the (ISC)² Security Congress held in Florida this week revealed that talented women are taking their skills elsewhere because cybersecurity made them feel unwelcome.
Deidre Diamond, founder and CEO of recruitment company CyberSN, said: "We’ve heard for years now that women feel they have to work twice as hard and prove themselves to be technical on a regular basis.
"I’m seeing women leaving the more technical roles and going into the risk and law and privacy roles, where there’s more women already and they don’t have to continually prove themselves."
Diamond, who founded BrainBabe to promote diversity in cybersecurity, said women are being passed over for promotion, talked over in meetings, and asked about childcare arrangements in interviews. Another big problem is men taking credit for work that was actually completed by women.
"Who doesn’t want to work somewhere where it’s comfortable and they feel respected? If that’s not happening, then that’s just tragic, particularly in this day and age, in these jobs, in the United States of America. We don’t have inclusive cultures at the mass level," said Diamond.
Crystal Williams, information security certification and accreditation manager at Women's Society of Cyberjutsu, said: "A lot of the women I have worked with have left the cybersecurity field because of the male domination, but their self-esteem and their confidence level in themselves was very low. And there are men out there that see that they have that insecurity who will play on it.
"A lot of those women leave the field and never come back, and they could have been phenomenal programmers or analysts."
According to Sarah Lee, founder of K12 computer science and cybersecurity outreach program Bulldog Bytes, the key to making women confident in their technical abilities is to teach them essential skills at a young age in a single-sex environment.
Lee said: "We mostly provide gender-specific workshops as there's a lot of literature that says we need to keep the girls in a separate group. When we are engaging them with technology, the boys tend to take over and tell them what to do."
Agreeing with this approach, Williams said: "One of the reasons for separating the girls out is they need to build their confidence level and their self-esteem before we introduce them into an environment where they already feel like they don't belong.
"Once they develop that confidence level then you don't have to worry about them being able to function in a workforce that is male-dominated because with their skillset they know 'I can do this.'"
Achieving gender equality in cybersecurity requires work on both sides, according to Diamond.
"It’s not that there’s something wrong with men or with women, it’s about showing the problem. If 90% of the marketplace are men, then men are going to be the ones to make the change. They have to be the ones to empower women. There are plenty of them who care and yet never saw the problem, but awareness is better now thanks to #MeToo."
Describing what women can do to improve the situation for themselves, Diamond said: "Women need to support each other more and play the game of capitalism. They need to show up prepared to be taken seriously and understand what that means in whatever environment they are in. There are a lot of things that we can do with our language and our approach that will help us."