Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

12/26/2018
10:30 AM
Renee Tarun
Renee Tarun
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
0%
100%

3 Steps for Cybersecurity Leaders to Bridge the Gender Equality Gap

By encouraging female participation through education and retaining this interest through an inclusive culture and visible role models, we can begin to close the skill and gender gap in cybersecurity.

Security is increasingly being seen as a business enabler. This has created a wealth of jobs in the cybersecurity industry for technical-minded problem solvers. With the threat and IT landscape changing constantly, a diversity of opinions, perspectives, and skills are crucial to stay ahead of the curve in adopting new productivity tools and developing new cybersecurity strategies.

New Perspectives in Cybersecurity
There are three major trends at play in cybersecurity that are creating jobs and driving the need for personnel with a diverse set of skills.

First, cybersecurity is becoming a leadership priority. Organizations finally understand how detrimental a cyberattack can be for business and how likely these attacks are to occur despite current defense strategies. Organizations are realizing that effective cybersecurity must stem from the C-suite and leadership teams rather than only IT.

Next is the rapid pace of digital transformation, which requires amplified security. To achieve this, security must be repositioned as a business enabler. Consequently, security-focused positions, such as the CISO, have evolved beyond security and into the realm of business enablement. CISO responsibilities now include security, compliance, and the integration of innovative digital systems. They also work with business initiatives to ensure objectives can be achieved with minimal risk and zero hindrance from security requirements. The next generation of cybersecurity leaders must not have only technical skills but soft skills as well, such as strategy, communication, and leadership.

Finally, there is the expansion of Internet of Things/operational technology devices in corporate networks that greatly increase the attack surface while introducing new vulnerabilities and risks. The volume of data brought in through the applications on these devices alone can be overwhelming, and this is compounded by the fact that much of it is encrypted, challenging performance even more. Many of these devices are inherently unsecure, requiring additional security measures. Organizations need problem solvers who can enable the use of these devices without creating security bottlenecks.

The Cybersecurity Skills Gap
As security teams aim to fill the positions required by these trends, they face the cybersecurity skills gap. In 2018, 51% of cybersecurity and IT professionals stated their organization had a problematic shortage of cybersecurity skills. This shortage is especially pronounced when it comes to hiring women into the field. Today, women account for just 11% of the cybersecurity workforce and are five times less likely to hold leadership positions than men.

To combat the skills gap, organizations need to focus on promoting the cybersecurity field to underrepresented groups, such as women, who can offer a new perspective on how to solve problems.

As organizations train the next generation of cybersecurity professionals, they have an opportunity to lessen the industry's gender gap by expanding their training offerings, opportunities, and strategies, creating cultures that value women in IT and encouraging women already in the IT field to stay.

There are several steps organizations can take to promote the cybersecurity industry across various demographics and train the next generation of talent.

Engage and teach students: Organizations should support, fund, and offer STEM (science, technology, engineering, and math) training programs to students, starting at a young age, with inclusive language geared to attract both young men and women. Making these programs available in primary and secondary schools, and educating school counselors and advisers on the need for women in this field, can alert female students to STEM opportunities.

These programs and initiatives should continue throughout higher education. Cybersecurity professionals, especially female leaders, should attend career talks and presentations should encourage women to participate in IT. Organizations can also create internship opportunities for students. These opportunities should not just target computer science and IT majors but business majors and other programs where women represent a higher proportion of students. The analytical, strategic, and soft skills they learn in these programs are applicable in the IT and cybersecurity fields.

Professional mentorship: For women already in the IT and business space, organizations should offer mentorships that allow women to work with other women enjoying success in their careers. Major industry conferences must likewise make a concerted effort to include women in panels and keynotes, create opportunities for women to network with male and female executives and industry leaders, and support women-led sessions that provide the examples and advice that help women navigate and succeed in the cybersecurity industry.

Enable career changes: Organizations should also offer opportunities for women looking to switch careers. For example, there are thousands of women who have served in the military, often in technical or leadership roles, who are now looking for new careers as civilians.

Final Thoughts
As organizations set out to train the next generation of security leaders to fill the skills gap and enable digital transformation, they also have the opportunity to tap into a largely under-represented talent pool that already has many of the skills required of today's IT and cybersecurity leaders.

By encouraging female participation through education and retaining this interest through an inclusive culture and visible role models, we can begin to close the skill and gender gap in cybersecurity.

Related Content:

Renee Tarun is the Vice President of Information Security at Fortinet. Previously, she served for nine years as a manager of the National Security Agency (NSA). She received her master's degree in computer/information technology administration and management from the ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.