Careers & People

7/25/2017
10:30 AM
Jodie Nel
Jodie Nel
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

How Women Can Raise Their Profile within the Cybersecurity Industry

Closing the cybersecurity gender gap won't happen overnight, but women can take can take steps to begin leveling the playing field.

As most organizations race to close the gender gap, the cybersecurity industry lags behind. A recent study found women make up only 11% of the global information security workforce, and the majority of women are underpaid compared with their male counterparts and likely to experience some form of discrimination at work.

The gender disparity is particularly disappointing given the projected workforce gap: 1.8 million cybersecurity roles are expected to go unfilled by 2022. From unconscious bias to poor recruiting tactics, female professionals looking to enter the cybersecurity space find themselves face-to-face with a number of barriers to entry.

Cybersecurity's gender discrimination problem is leaving its mark on the industry — demand for skilled security experts is quickly outstripping supply. Unless action is taken to attract, retain, and develop female professionals, the number of vacant positions will continue to grow.

Why Women Are Invisible in Security Ranks
Although some in the industry herald cybersecurity as one of the most progressive fields in which to work, it remains stuck in the past when it comes to diversifying the workforce. The security industry as a whole is commonly viewed as maintaining an old boy's club mentality, one that discourages women from even considering a career in the field. Women who make it into the industry often have to go to greater lengths to prove their ability. Female professionals in cybersecurity were found to be more educated than their male counterparts, with 51% of women entering the profession holding a master's degree or higher.

Visibility (or the lack of it) largely contributes to the low number of women in technology. Security is often considered a masculine area of expertise, deterring female job seekers from pursuing a career in such a male-dominated industry. Women already in the security industry are often left out of high-priority projects that could raise their profile both inside and outside an organization. This persistent trend of suppressing female professionals creates a number of obstacles that exclude women and challenge those seeking upward mobility.

Similarly, invisibility keeps women from attending and speaking at industry-specific conferences. While many cybersecurity events are in need of female guest speakers, they also demand high-level professionals who are established figureheads in the industry. Event organizers don't want to hire a female speaker for the sake of diversifying a conference panel — inviting just any woman isn't enough, and can even appear condescending or a form of tokenism.

To catapult more female professionals into the spotlight and make their presence felt in the industry, several changes need to occur from within security organizations.

Raising Awareness in a Field Dominated by Men
Resolving the cybersecurity gender gap won't happen overnight, but women can take take several steps to begin leveling the playing field. For a female security professional, holding office hours and providing mentorship can help younger women carve out their own path in the industry. Women should also work with their company's PR or marketing teams to get in front of the media whenever possible, proactively becoming thought leaders on subject matter they know inside and out.

In addition to boosting visibility, women can debunk existing stereotypes about who is "allowed" to work in the security field to usher more women into the industry. Public perception suggests only men with technological backgrounds can work in cybersecurity, though this is far from the case. Part of this confusion is because most job seekers don't know what types of nontechnical careers fall under cybersecurity. Jobs like social engineer and security architect don't necessarily require prior technology or security experience but are valuable roles in the cybersecurity industry. By partnering with educators to reach girls at younger ages, organizations can contribute to the growth of women in tech by dispelling common cybersecurity myths.

Achieving gender equality in the cybersecurity industry starts with raising awareness of the female professionals currently contributing to its success. From dispelling tech stereotypes to seeking out public speaking gigs, women have the ability to diversify the industry and satisfy the demand for much-needed talent.

Related Content:

Jodie Nel is the event organizer for the Cyber Security Event series hosted by Imago Techmedia. Nel is responsible for providing tech industry decision-makers with access to world-class conferences and events. Prior to working on the Cyber Security Event series, Nel served as ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
No SOPA
50%
50%
No SOPA,
User Rank: Ninja
7/31/2017 | 5:51:41 PM
Profile Raiser: Hack and Publish
Another way to raise that profile is to hit the bug bounties hard, shooting for the higher profile ones.  Discover, write up and publish exploits and get noticed through regular quality work.  Take these anecdotes and exploits to conferences and speak often.  Joanna Rutkowska, Sherri Sparks, Parisa Tabriz and Raven Alder come to mind.  Regardless of gender I know I connect quickly with people based on what they can do.  If you do something cool and you're enthusiastic when demoing it and talking about how you got from concept to execution, I'm in.  I think that respect factor is huge and just keeping at it publicly and proving your chops every day is a solid way to help get you there.  Do what you do, do it well.  Nobody's saying it will be easy, but keep at it and love every moment of it.
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CVE-2018-20154
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
CVE-2018-20155
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.