Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

12/26/2018
10:30 AM
Renee Tarun
Renee Tarun
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
0%
100%

3 Steps for Cybersecurity Leaders to Bridge the Gender Equality Gap

By encouraging female participation through education and retaining this interest through an inclusive culture and visible role models, we can begin to close the skill and gender gap in cybersecurity.

Security is increasingly being seen as a business enabler. This has created a wealth of jobs in the cybersecurity industry for technical-minded problem solvers. With the threat and IT landscape changing constantly, a diversity of opinions, perspectives, and skills are crucial to stay ahead of the curve in adopting new productivity tools and developing new cybersecurity strategies.

New Perspectives in Cybersecurity
There are three major trends at play in cybersecurity that are creating jobs and driving the need for personnel with a diverse set of skills.

First, cybersecurity is becoming a leadership priority. Organizations finally understand how detrimental a cyberattack can be for business and how likely these attacks are to occur despite current defense strategies. Organizations are realizing that effective cybersecurity must stem from the C-suite and leadership teams rather than only IT.

Next is the rapid pace of digital transformation, which requires amplified security. To achieve this, security must be repositioned as a business enabler. Consequently, security-focused positions, such as the CISO, have evolved beyond security and into the realm of business enablement. CISO responsibilities now include security, compliance, and the integration of innovative digital systems. They also work with business initiatives to ensure objectives can be achieved with minimal risk and zero hindrance from security requirements. The next generation of cybersecurity leaders must not have only technical skills but soft skills as well, such as strategy, communication, and leadership.

Finally, there is the expansion of Internet of Things/operational technology devices in corporate networks that greatly increase the attack surface while introducing new vulnerabilities and risks. The volume of data brought in through the applications on these devices alone can be overwhelming, and this is compounded by the fact that much of it is encrypted, challenging performance even more. Many of these devices are inherently unsecure, requiring additional security measures. Organizations need problem solvers who can enable the use of these devices without creating security bottlenecks.

The Cybersecurity Skills Gap
As security teams aim to fill the positions required by these trends, they face the cybersecurity skills gap. In 2018, 51% of cybersecurity and IT professionals stated their organization had a problematic shortage of cybersecurity skills. This shortage is especially pronounced when it comes to hiring women into the field. Today, women account for just 11% of the cybersecurity workforce and are five times less likely to hold leadership positions than men.

To combat the skills gap, organizations need to focus on promoting the cybersecurity field to underrepresented groups, such as women, who can offer a new perspective on how to solve problems.

As organizations train the next generation of cybersecurity professionals, they have an opportunity to lessen the industry's gender gap by expanding their training offerings, opportunities, and strategies, creating cultures that value women in IT and encouraging women already in the IT field to stay.

There are several steps organizations can take to promote the cybersecurity industry across various demographics and train the next generation of talent.

Engage and teach students: Organizations should support, fund, and offer STEM (science, technology, engineering, and math) training programs to students, starting at a young age, with inclusive language geared to attract both young men and women. Making these programs available in primary and secondary schools, and educating school counselors and advisers on the need for women in this field, can alert female students to STEM opportunities.

These programs and initiatives should continue throughout higher education. Cybersecurity professionals, especially female leaders, should attend career talks and presentations should encourage women to participate in IT. Organizations can also create internship opportunities for students. These opportunities should not just target computer science and IT majors but business majors and other programs where women represent a higher proportion of students. The analytical, strategic, and soft skills they learn in these programs are applicable in the IT and cybersecurity fields.

Professional mentorship: For women already in the IT and business space, organizations should offer mentorships that allow women to work with other women enjoying success in their careers. Major industry conferences must likewise make a concerted effort to include women in panels and keynotes, create opportunities for women to network with male and female executives and industry leaders, and support women-led sessions that provide the examples and advice that help women navigate and succeed in the cybersecurity industry.

Enable career changes: Organizations should also offer opportunities for women looking to switch careers. For example, there are thousands of women who have served in the military, often in technical or leadership roles, who are now looking for new careers as civilians.

Final Thoughts
As organizations set out to train the next generation of security leaders to fill the skills gap and enable digital transformation, they also have the opportunity to tap into a largely under-represented talent pool that already has many of the skills required of today's IT and cybersecurity leaders.

By encouraging female participation through education and retaining this interest through an inclusive culture and visible role models, we can begin to close the skill and gender gap in cybersecurity.

Related Content:

Renee Tarun is the Vice President of Information Security at Fortinet. Previously, she served for nine years as a manager of the National Security Agency (NSA). She received her master's degree in computer/information technology administration and management from the ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3493
PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
CVE-2021-3492
PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
CVE-2020-2509
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 Build 20210202 and later Q...
CVE-2020-36195
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
CVE-2021-29445
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...