Careers & People

4/17/2018
04:20 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Majority of Men Think Women Have Equal Opportunity to Advance in Cybersecurity Career

Not so fast, say women.

Add another data point to the growing body of evidence on the deep gender divide in the high-tech industry.

A new survey by ISACA shows that far more men than women think women have equal career advancement opportunities in cybersecurity.

ISACA surveyed more than 2,300 cybersecurity professionals holding certifications such as Certified Information Security Manager (CISM) and Cybersecurity Nexus Practitioner (CSXP) on a variety of issues related to their jobs and careers.

The survey found 82% of male respondents saying women have the same opportunities as men for career advancement. In contrast, just 51% of female respondents said the same thing.

The startling disparity in perspective between the genders was somewhat smaller in the 51% of organizations in the ISACA survey that had a formal diversity program in place. In these organizations men and women appeared somewhat more aligned in their thinking on the matter compared with organizations without a diversity program. Eighty-seven percent of male respondents and 77% of females believed that men and women had equal career advancement opportunities in cybersecurity.

The sharply differing views on career advancement between men and women reflected in the ISACA study mirror those in other studies that have found similar disparities in other areas as well. Numerous studies, for instance, have shown that male employees in Silicon Valley are routinely paid substantially more for the same work than women in identical roles and with the same experience and qualifications. Men in high tech are also far likelier to advance more quickly in their careers than their female counterparts.

"In practice, cybersecurity jobs should be competency-based," says Susan Snedaker, director of infrastructure and operations at Tucson Medical Center. But in reality, there is a gender gap in all technology fields. "The reasons are many, but part of the problem is that women drop out of tech jobs at a higher rate than men," she says. Driving that statistic is a male-dominated culture at some tech companies and in some cybersecurity training programs. "It’s really difficult working in a job where you are constantly challenged, not because you aren't smart, but because you aren't 'us'," she says.

Given the skills crisis in the industry, it would seem obvious that cybersecurity is a great career for women, "but the hurdles can be daunting," Snedaker says. "Cybersecurity leaders need to do a better job ensuring they build inclusive teams and merit-based rewards."

Rob Clyde, vice-chair of ISACA, points to a PricewaterhouseCoopers report showing men are four times as likely to hold senior cybersecurity positions than females. "Women are underrepresented at every level in cybersecurity, and recruitment and retention programs need to focus on how to change that," Clyde notes.

An effective diversity program that offers employees career development opportunities, mentoring, access, and support are critical, he says. Also vital is inclusive leadership. "IT leaders need to be educated so they can run effective teams, which includes hiring, training, and retaining diverse talent," Clyde says.

"Training programs need to meet the needs of the organization and be gender-neutral," Clyde adds. Training needs to be conducted in a manner where it is equally effective for both men and women, he says.

Another key finding in the ISACA report is just how persistent the skills gap continues to be for organizations across the board.

"Cybersecurity skills shortages have been major headlines for years now, but finding qualified candidates with solid technical skills is still a significant challenge," Clyde says.

The ISACA survey found 25% of the respondents believe it takes six months or more to fill an open cybersecurity position, Clyde says. "Fortunately, since enterprise cybersecurity budgets are increasing at a faster rate than ever, there are more dollars available for training to develop hands-on technical skills," Clyde says.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry's most knowledgeable IT security experts. Check out the Interop ITX 2018 agenda here.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Lessons from My Strange Journey into InfoSec
Lysa Myers, Security Researcher, ESET,  7/12/2018
What's Cooking With Caleb Sima
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Surviving the IT Security Skills Shortage
Surviving the IT Security Skills Shortage
Cybersecurity professionals are in high demand -- and short supply. Find out what Dark Reading discovered during their 2017 Security Staffing Survey and get some strategies for getting through the drought. Download the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-9574
PUBLISHED: 2018-07-19
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.
CVE-2017-2673
PUBLISHED: 2018-07-19
An authorization-check flaw was discovered in federation configurations of the OpenStack Identity service (keystone). An authenticated federated user could request permissions to a project and unintentionally be granted all related roles including administrative roles.
CVE-2017-7481
PUBLISHED: 2018-07-19
Ansible before versions 2.3.1.0 and 2.4.0.0 fails to properly mark lookup-plugin results as unsafe. If an attacker could control the results of lookup() calls, they could inject Unicode strings to be parsed by the jinja2 templating system, resulting in code execution. By default, the jinja2 templati...
CVE-2018-12911
PUBLISHED: 2018-07-19
WebKitGTK+ 2.20.3 has an off-by-one error, with a resultant out-of-bounds write, in the get_simple_globs functions in ThirdParty/xdgmime/src/xdgmimecache.c and ThirdParty/xdgmime/src/xdgmimeglob.c.
CVE-2018-14404
PUBLISHED: 2018-07-19
A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulne...