Cybersecurity needs people badly. In the US, there is twice as many cybersecurity jobs as there are people qualified to fill them. The number and severity of cyberattacks continue to grow, so does the skills shortage: employers won’t fill an estimated 3.5 million cybersecurity positions worldwide in 2021.
But with a closer look, the talent gap is unsurprising. Cyber, even more than tech more broadly, is largely a man’s world.
“When you leave women out of the process and conversation, you’re leaving a host of incredible security solutions on the table,” says Fareedah Shaheed, founder and CEO of the security and safety trainers Sekuva.
“Diversity of thought is so important,” says Mollie Chard, cybersecurity manager at tech consultants, Capgemini UK. “When you’re problem-solving, if you’ve got people from minority groups present, or people from another gender, you can attack a situation from angles you might not have thought of.”
I interviewed five women from different backgrounds with successful careers in cybersecurity. I asked for their insights into why women are still the exception rather than the rule in this lucrative and interesting field.
They all agreed things are starting to shift for women in cybersecurity. But the urgent need and shortage of people demand even more pace. Cyber needs an influx of workers as never before, and we need it now.
Women can help release the sector from the talent trap, but the industry must change. It must make meaningful, even revolutionary changes in its attitudes, culture and practices.
Women excel in the skills cybersecurity says it needs
In 2017, women made up only 14 percent of the US cyber workforce. Globally, the numbers are even more dismal: In Asia-Pacific, Latin America and Europe, it’s 10 percent or less.
Travel up the power ladder, and the disparities only grow. Only 11 percent of security managers at the US Fortune 100 companies are women, and just one percent of women in cybersecurity are in top leadership positions.
Business leaders keep saying they appreciate so-called “soft skills,” and cybersecurity is no different. According to PwC 2020 survey, top business and social skills that managers want for new cybersecurity hires are analytical skills (47 percent), communication (43 percent) and critical thinking (42 percent.) Technical skills are easier to learn than soft skills, and even though studies show women are generally better at using soft skills, the shortage of people with them didn’t help women in cybersecurity.
Even seven years ago, a study co-sponsored by Symantec showed that women have more “desired skills” than men. The survey places a great emphasis on training employees in cybersecurity awareness.
Why cybersecurity needs diverse perspectives
It’s always beneficial to have people on cybersecurity teams with different backgrounds because threat actors also have various backgrounds and experiences.
Dr. Fauzia Idrees Abro, CEO at Cynosure Technologies
While leaders consider soft skills as the most-wanted attributes in cyber hires, some girls still shy away from tech-related fields, having become persuaded that boys are better at science and math. “This perception is reinforced when women who pursue tech careers turn out to be the only one in the room,” Abro says. “In almost every engineering team I’ve been a part of, there has been only one or two women.”
Many groups and educators are working to change the perception that science, technology, engineering and math (STEM) are for boys. Cybersecurity packs an added punch: The term, like the field, hails from the military. The sector is rife with borrowed military jargon and aggressive, adversarial language – potentially off-putting to many women, Abro points out.
However, women in the industry claim they are often misunderstood. “People don’t know what we do,” Mollie Chard says.
“Most people don’t even know this field exists,” says Shaheed, who learned about cybersecurity careers from her father. “We don’t explain cybersecurity in a way that lets people understand there’s more to it than programming or even hacking.”
Assumptions about what’s needed to get a job in the field can be intimidating, says Noureen Njoroge, cybersecurity threat intelligence engineer at Cisco Systems and president of North Carolina Women in Cybersecurity. Common misunderstandings she’s heard include that one has to have many certifications to enter the field, has to know how to code and has to have many years of experience to get a foot in the door.
What's coming next?
Be first to find out what’s happening in tech, leadership and cybersecurity.
Chard has a Bachelor of Arts in English language and a Master’s in philosophy. She doesn’t know how to code. “You need a passion for technology and to understand the technology a bit,” she says. But for many cyber jobs, “you don’t need to be a developer. You don’t need to be a coder.” Education is the best way to change these misperceptions, but cybersecurity often isn’t mentioned as a career choice in schools, Shaheed points out.
Discrimination is a real problem
While changing perceptions of the field may help close the gender gap, changing perceptions in the field could do more. Women face barriers “from recruitment to career development and performance management, culminating in their leaving the industry,” Abro says.
Those I interviewed cite a long list of obstacles, including inflexible long-hours culture, lack of role models and the traditional “glass ceiling” – finding they cannot progress into more senior roles in their organization.
Abro tells the story of a female friend who arrived at an interview for a government cybersecurity job to find half the all-male panel had left. Her interview was a mere formality. The man who got the job was less qualified than her.
Women who do get hired often find their problems are just starting. “Many leave the industry due to burnout, lack of career progression and toxic work culture,” says Lisa Ventura, CEO and founder of the UK Cyber Security Association and author of Rise of the Cyber Women. “Women are still paid less and promoted less, and deal with discrimination and harassment, which leads them to pursue other career paths away from cybersecurity,” she says. In a 2019 study, international cybersecurity professional membership association (ISC)2 found that globally, women in cybersecurity earn 21 percent less than male counterparts.
Getting ahead can be tougher for women too, because of the lack of women in the upper echelons of cybersecurity firms. For career advancement, having a mentor is key. Many women don’t even realize that they need one. For those who do, finding one can be hard.
Women can be part of making change
Every woman I interviewed was optimistic that more women will enter cybersecurity in future. The aforementioned (ISC) study found more millennial women entering the field and more women rising to top management positions.
One reason may be more networking and educational organizations aimed at helping women. Each of my interviewees is a volunteer with a women-in-cyber organization. They all see education and mentoring as vital for improving equality in the profession.
“To create change, one of the best roles we can play as women is to mentor other women and be publicly visible, so we’re not hiding in the shadows,” Shaheed says.
Abro says, “To bring equality to the cybersecurity profession, women should not be intimidated, shouldn’t shy away from assuming responsibility and should take advantage of their opportunities.
“Women should network and look out for mentors who can encourage them to pursue and progress in their careers. Women should have confidence in their capabilities and get out of imposter syndrome. They should embrace learning and gaining skills without fear of failures.”
“Do your research,” Chard advises. “Talk to people, even within your company, and find out what they do. Decide what your goals are and go for it.” Chard recognizes the imposter syndrome Abro mentions too, and knows how to overcome it: “When you don’t feel confident, fake it until you make it.”
With rising numbers of women in cybersecurity and greater awareness of the value of diversity in organizations, the future looks bright. Nevertheless, cybersecurity has a dire skills shortage today. The number of women coming into the career is still not enough, and they’re not being promoted fast enough. While the industry as a whole should address the many barriers women report, such as discrimination, long-hours culture and harassment, women can also take action to give themselves the best chance to get a foot in the door and get the promotions they deserve. Invest in your skills and knowledge with education, get yourself a mentor and realize you’re no imposter.