There’s no better time than International Women’s Day to shine a spotlight on the cybersecurity industry’s ongoing struggles to improve gender diversity and the wider issues it’s contributing to. As most in our field are aware, there’s currently a very large, very well publicized skills shortage throughout the industry, with the latest figures suggesting the number of open cybersecurity positions around the world now tops four million. When you correlate the skills shortage with the industry’s gender equality statistics, it starts to become clear what is partially driving the gap – a shocking lack of women working in the sector.
As a female cybersecurity professional with over two-and-a-half decades worth of technology and IT experience, I’ve seen the industry evolve massively in numerous key areas, but the lack of diversity stubbornly continues to prevail. The theme of this year’s International Women’s Day, #ChooseToChallenge, is a call to action to confront gender bias and inequity head on. It’s about time things changed, but how? This article will look at some of the factors that led us to where we are today, before discussing what can be done to encourage more women to choose a career in cybersecurity in the future.
Outdated Industry Stereotypes Keep Women Away
Before going any further, it’s important to point out that things are heading in the right direction. Latest reports suggest the proportion of women in the global cybersecurity workforce has risen from just 11% to roughly 24% in the last few years, which is a significant jump, but there’s still plenty of work to do to achieve greater equality.
The vast majority of cybersecurity’s global workforce is made up of white men with technical backgrounds. This is not to disparage this demographic by any means, but it’s hardly a reflection of the wider global workforce. Furthermore, diversity really does matter, for reasons beyond simple representation. Diverse workforces bring a much broader set of views and experiences to the table, which can often lead to higher levels of productivity and faster, more creative problem solving, amongst other things. This leads to the million dollar question: why aren’t more women choosing a career in cybersecurity?
Longstanding stereotypes of the industry being a bastion for misfits and antisocial introverts still prevail, as does the notion of cybersecurity being a haven for toxic male work culture, where opportunities for women to progress their careers are limited, or even non-existent. Of course, many of these stereotypes are completely outdated and a far cry from the professional and welcoming environments I see every day. However, unless they can be dispelled for good, they will continue to act as a major barrier to entry for women everywhere. Dispelling them requires a concerted effort to make lasting change, not only in how we present ourselves and the opportunities available, but also how and when we engage with potential stars of the future.
“We have to give more of a platform to all the amazing and successful women already working in cybersecurity today”
Building a New, More Inclusive Industry Image
This change has to start at the grassroots level, with more engaging and inclusive out of school clubs, led by inspirational men and women that show young girls how great a career in IT could be. Right now, there are far too few initiatives out there that help to inspire girls at this young age and put them on a path towards a successful cybersecurity career.
Another area that needs attention is the promotion of how varied cybersecurity is and how different skillsets can be just as valuable as each other. Unfortunately, there’s a large number of women out there that wrote off a career in cybersecurity long ago because they didn’t think they had the ‘right’ experience or skills for the task. In reality, there is no one-size-fits-all profile and just because someone doesn’t have a background in programming, it doesn’t mean there’s no place for them in the sector. As mentioned earlier, many of the most effective cybersecurity programs are collaborative efforts between teams of people that all bring a range of different skills to the table, from communication and planning, to strategic thinking, design and more. An easy way to start making a change here is by re-wording/refreshing job descriptions to be less intimidating and more inclusive, as well as using a wider array of channels to publicize open positions, in order to reach more diverse audiences.
Finally, we have to give more of a platform to all the amazing and successful women already working in cybersecurity today. Doing so will help put a friendlier, more relatable face on an industry that, as discussed earlier, is still struggling to shake off its outdated, unwelcoming image. Ways of doing this include having them speak in universities, schools and wider business forums (not just cybersecurity events with largely self-selected crowds), as well as promoting their successes more broadly online. Sometimes seeing really is believing for people unsure about taking a big career leap into the unknown.
As the cybersecurity industry continues to struggle under the weight of its growing skills shortage, it must do more to broaden its appeal to a wider array of candidates, particularly women. In doing so, not only can it help address the gender imbalance that still prevails, it can also tap into a rich vein of future talent with the potential to close the skills gap once and for all. While things are slowly starting to move in the right direction, there’s so much more that could and should be done to help speed the process along. After all, from challenge comes change, so we should all #ChooseToChallenge this International Women’s Day.