Raising the profile of women in information security
Clearly, women are not a homogeneous group when it comes to professions which require astonishing female talent. Global concerns have been raised recently on women’s underrepresentation in the fields of science, technology, engineering and mathematics (STEM) where success is believed to require their brilliance. Therefore, many programs have been introduced to raise the profile of women in STEM fields globally. According to 2017 Global Information Security Workforce Study, global women professional representation and utilisation in the field of cybersecurity remains stagnant at 11% year over year, much lower than the female representation in the overall global workforce. As we know, it is impossible to develop a good and healthy society without female talent. The vital role of women realising their full potential will sustain the growth of society. Modern women are intelligent, enterprising, passionate, fearless and able to identify their priorities just as well as their male counterparts. However, women choosing a career in cybersecurity and remaining in the field, has seen slower growth, despite that demand for cybersecurity talent is expected to rise as cybercriminals become smarter and more sophisticated.
The diverse skills and talent that women bring to cybersecurity is invaluable. Yet a very small percentage of women advance to cybersecurity managerial roles in organisations. Similarly, to any other industry, the field of cybersecurity has gender inequalities, skills/ resource shortages, diversity gap and lack of confidence in female talent to attract new candidates. Although there are gender inequalities in the cybersecurity workforce, overall we see an improvement in women’s education towards information security. It is evident that women entering into cybersecurity hold higher education levels than men. The findings of research which was conducted by Frost & Sullivan, indicates that 51% of women in the profession have a Master’s Degree or higher, compared to 45% of men. Research indicates that female cybersecurity professionals have a more varied educational background compared to men in the industry. These diverse skills can be well complimented to the varied set of skills they can possibly bring to the cybersecurity industry. Attracting more women into cybersecurity Based on technological innovations and ever-increasing cyber threats that have been projected, studies estimate that the cybersecurity industry will face a shortfall of 1.8 million cybersecurity professionals by 2022 globally. A range of efforts are underway to find, train and retain information security professionals in the field, especially female talent beyond the current 11%. Let’s look at why women hesitate to make their career in cybersecurity. Often cybersecurity professionals are depicted as men sitting in a dark office surrounded by computers and portrayed as extremely intelligent technical geeks. This stereotypical perception towards cybersecurity has a negative impact on women entering the field. Women expect to be valued in their areas of work. They look for a career they can be passionate about, a career that will enable them to earn a good salary and a career that can provide job security. They often look for female role models within the industry before they choose to enter. A study found that men dominate all the senior positions in the cybersecurity workforce, including directors, executive management and the C-suite. In the global cybersecurity workforce, women are four times less likely to be in C-level or executive managerial positions and nine times less likely to be in managerial positions. Low female participation in the field has contributed to widen this gap year by year and it can only be reduced with a collective effort. What can organisations do? Some organisations today have clearly identified and considered working on some of these attributes to attract more female talent. All companies must proactively determine if their company culture welcomes, values, encourages and ensures women can succeed in a cybersecurity profession. Further, identifying and sponsoring high potential female employees and enrolling them in training, mentoring and leadership programs will increase their job satisfaction and engagement, as well as providing them with a sense of being valued. Sponsorship, mentorship and leadership development programs are the main elements associated with success and satisfaction for female worker retention. Companies need to make a shift from traditional recruitment processes to unconventional cybersecurity savvy strategies to fill the worker gap. Most cybersecurity related jobs allow employees to work from home, which indeed is another positive attribute for women to consider being employed in this field. Industry should provide opportunities for mentoring women at all levels of the organisation to overcome the hurdles in recruiting women into roles at all levels of cybersecurity. Certainly, there is great potential for women in this field. Projecting a positive and passionate message could change the negative perception and encourage more women to be cybersecurity leaders. Lastly, organisations must adopt modern recruitment policies, career development programs, mentorships, support networks and flexible work arrangements to retain women cybersecurity professionals. These efforts can help to reduce underrepresentation of female talent and overall cybersecurity labour shortage.
(The writer is Program Director, SHe CISO Foundation UK and Sri Lanka.)