Women working in cybersecurity right now make up only 24% of the workforce, according to a report from the International Information System Security Certification Consortium (ISC)². While that number is growing, it’s still not enough. With the low percentage of women cybersecurity professionals, there are even less of them in leadership roles. Only 7% of women are reaching positions such as chief technology officer, 18% are in IT director roles and 19% reach vice president of IT positions, the (ISC)² report shows. “I think it’s pretty easy for the cybersecurity industry to acknowledge there’s a lack of diversity at this point; it’s no longer the elephant in the room that it once was,” Kathleen Hyde, chair of cybersecurity programs at Champlain College, told Lifewire in an email interview. “Early on, the lack of diversity was rooted in the fact that many of the people who were working in careers that now are impacted by cyber or fall within its domains were men.”
Why There is a Lack Of Women Working in Cybersecurity
The notable reasons for the lack of diversity in the cybersecurity sector include access to opportunities, education, and a larger value for diversity. All of these causes are rooted in the lack of STEM programs at the grade-school levels, said Victoria Mosby, federal sales engineer at Lookout, in an email interview. Oftentimes, young girls don’t even know they are capable of pursuing careers in cybersecurity, because they weren’t exposed to the opportunities. “If you don’t have access to the same tools, programs and resources as your peers, especially during junior high and high school, then you might not even know what kind of job opportunities are really out there,” Mosby said. “For those already in college or the workforce, there is just a huge hurdle to getting into the space, overall. Everyone wants all these certifications or a minimum of a bachelor’s just to get an entry-level position.” Mosby said she was able to achieve a career in STEM and cybersecurity because she was fortunate to go to great schools growing up, including her high school, which was a technical vocational school. Mosby was introduced to a programming and electronics program during her sophomore year, and decided to pursue this path more seriously the rest of her high school tenure. She went on to pursue a career in video programming before shifting to cybersecurity in 2011. Getting that first introduction to programming in high school is something Mosby hopes more young girls can experience. “Not a lot of schools have those kinds of programs, which is why introducing STEM at an early age is necessary,” Mosby said. While Mosby values her education background, she doesn’t think it’s the only way to land on a tech career path. “I fully support needing an education and background knowledge to fill a job, but I also know brilliant people in the field who started as something else before switching into cybersecurity,” Mosby said. “I think it should be a bit more open and receptive to those starting out in the field." Hyde can attest to this since she said she stumbled upon a cybersecurity career by accident, yet was given an opportunity. After earning a degree in visual communication, she became involved in a family IT consulting business, first as an administrative clerk, then venturing into the tech side of the company. Hyde didn’t obtain her advanced degrees until after she already was working in the cybersecurity field. “Like many who were technicians first and then became systems and network administrators, I ended up making the jump to security because it was part of the natural progression,” she said. “Systems and networks were falling prey to malware and attacks. They needed security. I embedded that in my solutions for my clients. Then I found a way to marry my talents with education, first as an adjunct and then in my current role.” While Mosby chose a STEM career path from grade school and Hyde stumbled upon an opportunity she couldn’t pass up, both women agree that the lack of educational programs and opportunities are the top reasons for the lack of women working in the cybersecurity sector.
How the Cybersecurity Sector Can Attract More Women
Hyde said that there are not enough qualified applications for the thousands of open positions and projected openings in the cybersecurity sector, so attracting more women to cybersecurity roles is more important now than ever before. With the increase of women cybersecurity professionals, there will be more role models and mentors for young girls interested in STEM careers. “We must move beyond encouragement and develop pathways for girls and women to be educated, trained, and hired for cybersecurity positions,” Hyde said. “We need to put in place support mechanisms for female college students, i.e., mentorships and internships, so that when they are the only, or one of a few, women in a program, they don’t become frustrated or opt for a different career. We also need the women who are in cybersecurity to continue to lift up other women.” To attract more women, the cybersecurity industry needs to normalize the perception of women in the field, sponsor more boot camps and STEM programs and host more conferences like Day of Shecurity, Mosby shared. This can start with how cybersecurity roles are advertised. “Usually when you see an ad or a promotional video for a cybersecurity role on TV or in the movies, you see a guy with a laptop,” Mosby said. “Have more women in the main role or in those commercials.” This problem in the cybersecurity sector is deeper than a lack of diversity; the lack of women cybersecurity professionals is a part of the sector’s culture, Hyde said. Culture is a hard thing to change, but Hyde thinks the cybersecurity industry needs to start focusing on changing its culture at the corporate level. “We need to move away from stereotypes, and we can start doing that with messaging,” she said. “I think companies need to say: we need you, we want you, and we will value what you have to offer.”
Offering Better Options for Cybersecurity
Beyond that, cybersecurity companies need to offer better pathways into cybersecurity positions. This includes being more honest and realistic with the educational and skill-level qualifications required for certain roles. “I think, and this is especially true based on my conversations with female students, that many tend to pass by employment opportunities because they feel they don’t have ‘enough’ experience to be able to prove themselves,” Hyde said. Mosby also suggests that companies start sponsoring and attending women-focused conferences, and getting more involved with high school-level STEM programs. All in all, women have a lot to bring to the table, and while women could be doing more to enter the cybersecurity sector, they also need the support from the industry and companies to succeed. While problems can be solved without diversity, Mosby said those solutions may be one-sided, tone deaf, or just missing mark in general. “Cybersecurity is everyone’s problem, and a truly diverse team can offer more perspectives and viewpoints for tackling a given problem,” Mosby said. “The women that I know in this field are absolutely brilliant. They are threat intelligence researchers, policymakers, CISOs, CIO, and CEOs of their own cybersecurity firms. I don’t think they are inherently better because they are women, I think they fought, earned and flourished in those roles because they had the chance to do so.”
