Careers & People

12/26/2018
10:30 AM
Renee Tarun
Renee Tarun
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
0%
100%

3 Steps for Cybersecurity Leaders to Bridge the Gender Equality Gap

By encouraging female participation through education and retaining this interest through an inclusive culture and visible role models, we can begin to close the skill and gender gap in cybersecurity.

Security is increasingly being seen as a business enabler. This has created a wealth of jobs in the cybersecurity industry for technical-minded problem solvers. With the threat and IT landscape changing constantly, a diversity of opinions, perspectives, and skills are crucial to stay ahead of the curve in adopting new productivity tools and developing new cybersecurity strategies.

New Perspectives in Cybersecurity
There are three major trends at play in cybersecurity that are creating jobs and driving the need for personnel with a diverse set of skills.

First, cybersecurity is becoming a leadership priority. Organizations finally understand how detrimental a cyberattack can be for business and how likely these attacks are to occur despite current defense strategies. Organizations are realizing that effective cybersecurity must stem from the C-suite and leadership teams rather than only IT.

Next is the rapid pace of digital transformation, which requires amplified security. To achieve this, security must be repositioned as a business enabler. Consequently, security-focused positions, such as the CISO, have evolved beyond security and into the realm of business enablement. CISO responsibilities now include security, compliance, and the integration of innovative digital systems. They also work with business initiatives to ensure objectives can be achieved with minimal risk and zero hindrance from security requirements. The next generation of cybersecurity leaders must not have only technical skills but soft skills as well, such as strategy, communication, and leadership.

Finally, there is the expansion of Internet of Things/operational technology devices in corporate networks that greatly increase the attack surface while introducing new vulnerabilities and risks. The volume of data brought in through the applications on these devices alone can be overwhelming, and this is compounded by the fact that much of it is encrypted, challenging performance even more. Many of these devices are inherently unsecure, requiring additional security measures. Organizations need problem solvers who can enable the use of these devices without creating security bottlenecks.

The Cybersecurity Skills Gap
As security teams aim to fill the positions required by these trends, they face the cybersecurity skills gap. In 2018, 51% of cybersecurity and IT professionals stated their organization had a problematic shortage of cybersecurity skills. This shortage is especially pronounced when it comes to hiring women into the field. Today, women account for just 11% of the cybersecurity workforce and are five times less likely to hold leadership positions than men.

To combat the skills gap, organizations need to focus on promoting the cybersecurity field to underrepresented groups, such as women, who can offer a new perspective on how to solve problems.

As organizations train the next generation of cybersecurity professionals, they have an opportunity to lessen the industry's gender gap by expanding their training offerings, opportunities, and strategies, creating cultures that value women in IT and encouraging women already in the IT field to stay.

There are several steps organizations can take to promote the cybersecurity industry across various demographics and train the next generation of talent.

Engage and teach students: Organizations should support, fund, and offer STEM (science, technology, engineering, and math) training programs to students, starting at a young age, with inclusive language geared to attract both young men and women. Making these programs available in primary and secondary schools, and educating school counselors and advisers on the need for women in this field, can alert female students to STEM opportunities.

These programs and initiatives should continue throughout higher education. Cybersecurity professionals, especially female leaders, should attend career talks and presentations should encourage women to participate in IT. Organizations can also create internship opportunities for students. These opportunities should not just target computer science and IT majors but business majors and other programs where women represent a higher proportion of students. The analytical, strategic, and soft skills they learn in these programs are applicable in the IT and cybersecurity fields.

Professional mentorship: For women already in the IT and business space, organizations should offer mentorships that allow women to work with other women enjoying success in their careers. Major industry conferences must likewise make a concerted effort to include women in panels and keynotes, create opportunities for women to network with male and female executives and industry leaders, and support women-led sessions that provide the examples and advice that help women navigate and succeed in the cybersecurity industry.

Enable career changes: Organizations should also offer opportunities for women looking to switch careers. For example, there are thousands of women who have served in the military, often in technical or leadership roles, who are now looking for new careers as civilians.

Final Thoughts
As organizations set out to train the next generation of security leaders to fill the skills gap and enable digital transformation, they also have the opportunity to tap into a largely under-represented talent pool that already has many of the skills required of today's IT and cybersecurity leaders.

By encouraging female participation through education and retaining this interest through an inclusive culture and visible role models, we can begin to close the skill and gender gap in cybersecurity.

Related Content:

Renee Tarun is the Vice President of Information Security at Fortinet. Previously, she served for nine years as a manager of the National Security Agency (NSA). She received her master's degree in computer/information technology administration and management from the ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Insider Threat Prevention activated!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7238
PUBLISHED: 2019-03-21
Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control.
CVE-2017-16253
PUBLISHED: 2019-03-21
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriti...
CVE-2017-16254
PUBLISHED: 2019-03-21
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP re...
CVE-2017-16255
PUBLISHED: 2019-03-21
An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP re...
CVE-2018-3968
PUBLISHED: 2019-03-21
An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy i...