More Women Needed to Close the Cybersecurity Workforce Gap: Picks of the Week
The 2017 Global Information Security Workforce Study: Women in Cybersecurity | Center for Cyber Safety and Education, (ISC)2, and the Executive Women’s Forum
No Woman’s Land: Cybersecurity Industry Suffers from Gender Imbalance, Discrimination | Law.com
Women May be the Key to Unlocking Cybersecurity Workforce Deficit Puzzle | Bloomberg
Information security demand is far outpacing the supply of knowledgeable and experienced cybersecurity professionals capable of addressing the numerous cyber threats that the modern world is faced with. The widening gap between the burgeoning demand for cybersecurity talent and the supply of a professional workforce has been a common theme throughout my studies in the past few years. As I wrote before, the shortage of a highly trained cybersecurity workforce can be felt across all sectors, from the federal government to Fortune 500 companies, with potentially negative consequences for national security and the global economy. Over 209,000 cybersecurity jobs are currently estimated to be vacant in the United States alone, with the number predicted to rise to 1.8 million globally by 2022.
The tech and cybersecurity industries are among the most in-demand, profitable, and critical fields in modern history. But, although cybersecurity professionals are in great demand and can command impressive salaries, there is still a critical shortage of talent worldwide and, in particular, of women – who represent an astonishingly low number of current professionals in the field and who face a much harder path to reach the upper echelons of the corporate world.
According to a new report, while women represent 43% of the global workforce, they only fill 11% of cybersecurity positions. The newly released Women in Cybersecurity workforce study, published by the Executive Women’s Forum on Information Security, Risk Management and Privacy (EWF), and the Center for Cyber Safety and Education, sheds light on the persistent challenges that women face when entering this growing field due to wage gaps, missed or delayed promotions, and discrimination. The study surveyed over 19,000 information security professionals from 170 nations.
As the Lynn Terwoerds, EWF Executive Director, said in a press release: “the under-representation and under-utilization of female talent is both a critical business issue and a hindrance to the development of world-class cybersecurity organizations and resilient companies, as well as the overall safety and protection of our country.” The new report found also that women in cybersecurity earn less money than men at every level, are four times less likely to hold executive positions, and are nine times less likely to hold managerial roles, despite having higher levels of education and certification than men (half of the women surveyed held a master’s degree or higher, compared to 45% of men).
The shortage of cybersecurity professionals, and especially women, is often exacerbated by a lack of objectivity and consistency in competency models and measurements to ensure men and women are entering and moving up in the industry equally, and by unconscious and conscious biases present all the way through the recruiting and hiring performance evaluations. These endemic aspects are compounded by a lack of clarity in job descriptions, competing professional certifications, and multiple different training and education standards, which in turn make it harder for organizations to properly identify, recruit, place, and manage the cybersecurity workforce they need.
Solving complex problems, such as preventing, responding to, and mitigating sophisticated cyber threats, requires diverse experiences, different talents and backgrounds, and many ways of thinking. We cannot expect to close the widening gap between supply and demand of cybersecurity professionals without including more women and minorities, so diversity has to be part of the solution.
While no single panacea exists to attract more women to this growing field and to close the workforce gap to equilibrium, organizations in both the public and private sector can start by focusing on developing programs to further educate and retain their existing workforce. This include: ensuring that all staff is regularly trained and tested so that they understand and fully appreciate their role in maintaining a strong cybersecurity posture; providing employees with opportunities to connect with mentors within and outside of the organization to help navigate some of the perceived or actual barriers and to further develop their skills; offering other incentives such as flexible work hours and paid maternity leaves; and addressing the wage disparity issues by establishing clear pay structures based on merit and movement through the profession. Leadership, sponsorship, and skill development programs can also help build the pipeline, since women who’ve completed these programs report feeling more valued in their organizations, according to the study. Other effective mechanisms that can help organizations identify, recruit, manage, and retain cybersecurity professionals, including women and minorities, include: taking a proactive role in promoting gender diversity in the cybersecurity field; looking at the universities that have higher percentages of women and minorities participating in cybersecurity or related programs and recruiting from these institutions; joining other recruiting alliances that promote workforce diversity; placing increased value on real-world experience (versus solely qualifications); and establishing an employee referral program to recruit talented and trusted cybersecurity professionals from employees’ personal networks (e.g. universities, professional associations).
Addressing the critical pipeline issue of women in the cybersecurity workforce, however, has to start at the leadership level. Senior leaders need to commit to reversing this trend — from our universities to our board rooms — and working to create a workforce with a diversity of thoughts, genders, and backgrounds before the issue becomes irreversible. – Senior Fellow Francesca Spidalieri