Securing the Role of Women in Cybersecurity

The gender imbalance in the tech industry is striking — and troubling. The dramatic disparity in compensation and leadership roles has created conditions for abuse across numerous industries, but the problem is potentially no more pronounced than in technology.

In 2015, a group of female tech investors and executives conducted a survey of 200 senior-level women in Silicon Valley. Titled “The Elephant in the Valley,” the study demonstrates how interconnected — and how prevalent — this kind of discrimination is. According to the survey, 84 percent of respondents reported that they had been told they were “too aggressive” in the office, 66 percent said that they had been excluded from important events because of their gender and 60 percent divulged unwanted sexual advances in the workplace.

Despite initiatives to grow the presence of women in tech, progress in gender parity has been slow. Women are not entering the industry in droves, but instead, they are trickling in at a sluggish rate. Only about 20 percent of Google’s engineers are women, for example — a statistic more or less matched across many of the largest technology companies.

Making matters worse, despite its undeniable and constantly evolving importance, the cybersecurity industry is projecting a staffing shortage of 1.8 million unfilled jobs globally by 2022. Meanwhile, according to data from the 2017 Global Information Security Workforce Study (GISWS), women comprise just 11 percent of the information security workforce — a number that hasn’t grown since 2013. Compounding the issue is the reality that before the age of 16, most young women in the U.S., Europe, and Israel have already decided against a career in cybersecurity, and 78 percent of young females have never considered a career in cybersecurity.

Additional takeaways from the GISWS: Women in Cybersecurity report include:

  • Women have higher levels of education than men, with 51 percent holding a master’s degree or higher, compared to 45 percent of men.
  • Fewer women hold positions of authority (director level or above) compared to men.
  • Women working in cybersecurity have a more varied educational background than men, contributing to the diverse set of skills they can potentially bring to the industry.
  • On average, women in the information security industry earn a lower annual salary than their male counterparts.
  • 51 percent of women in the cybersecurity industry in North America, Latin America, and the U.K. have experienced some form of discrimination, compared to only 15 percent of men.

Needless to say, the findings revealed by recent reports and studies looking at the role of women in cybersecurity are not encouraging. Consequently, the question being asked is, is there an underlying biological explanation for why so few women opt to work in an industry that prides itself on its progressive ideals?

There are several possible reasons for the dearth of women in cybersecurity, including gender stereotypes, lack of a talent pool and questionable hiring practices.

From an early age, instilling the notion that boys are “better” at math and science can curb a girl’s interest in math and science, discouraging them from going on to study STEM subjects (science, technology, engineering, math). Gender stereotypes like these can be dangerous as they ensure more males consider STEM careers than females, widening the gender gap.

With fewer females studying STEM subjects and going on to careers in cybersecurity, the pool of talented women ready to work in the cybersecurity industry is shrinking. This ensures employers are already picking from a gender-biased talent pool.

Perhaps worst of all, a study in the American Sociological Review revealed that hiring managers tend to recruit prospects who are culturally similar to them in respect to the same tastes, hobbies, and experiences. With males dominating the entire tech industry, it’s easy to see how females are often overlooked when a group of males work together to hire new employees.

Combined, these reasons contribute to the lack of opportunity women have to enter the cybersecurity field. Whether it’s a lack of early encouragement, curricula that appeal more to boys than girls or a negative stereotype about girls' technical abilities, the gender gap in cybersecurity is growing, and the hiring practices in place are not ameliorating the issue.

While gender diversity is a crucial initiative, it cannot be strictly viewed as an isolated initiative that happens parallel to traditional methods or is overlaid at the end of projects to make sure everything looks kosher to outsiders. It must be woven into a company’s fabric.

Talent is equally distributed between the sexes, so when there’s an under-representation of females in your cybersecurity business or across the industry as a whole, a significant amount of talent is being overlooked. The cybersecurity industry faces a number of dangerous and evolving challenges and needs talent to address those problems. Gender diversity also facilitates the representation of different worldviews and different experiences.

Gender diversity contributes to better outcomes and a broader variety of knowledge and perspectives, which encourages innovation. Women and men think and work differently. When men and women have increased opportunities to collaborate together in more equal numbers, security teams become better at analysis, strategy, and tactics and are more able to secure the environments they’re protecting.

In fact, studies invariably show that gender-diverse teams are more productive, innovative and able to stay on schedule and within budget, compared to homogenous teams. Best of all, gender diversity breeds more diversity. From a representation point of view, the more diversity seen in the industry, the more that encourages others that they, too, can help secure the world. Being able to see one’s self in role models or mentors can go a long way toward constructing the robust and talented workforce cybersecurity needs to survive.

Unfortunately, there simply aren’t enough people being properly trained to meet the demand for cybersecurity, and while some of the gap could certainly be filled by persuading more men to enter the field, finding ways to encourage women to search for these jobs can go a long way toward ensuring critical gaps in talent are closed.

If chief information security officers (CISOs) hope to address their staff and skill shortage, they will need to actively recruit, retain and promote women. Look at your policies, procedures and your current culture to determine the unconscious and direct biases that are maintaining a toxic environment.

Cybersecurity should be seen as a tempting employment opportunity for men and women alike. Demand for cybersecurity professionals is on the rise, and salaries are projected to significantly rise. In order to fill the jobs the sector will inevitably demand, attracting women will prove to be an essential endeavor.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.