March is Women's History Month, so it's fitting to mention the fact that I'm a woman who works in cybersecurity. I call this out because women still only make up less than a quarter of the cybersecurity workforce. They continue to earn less, too. Let that sink in.
Don't get me wrong — the industry has improved, but there is still a long way to go. Cybersecurity can be an incredibly intimidating field for women and young girls to enter. At the age of 21, in my home country of Albania, I worked as a developer for one of the largest marketing and distribution companies in the country. I was the only woman on the team. Eager to broaden my skill set and establish myself in the industry, I earned my master's degree in mathematics and informatics engineering. By 23, I was balancing three jobs, lecturing at two of the top universities in Albania, and working as a data analyst — but I rarely met other women working in technology. It was a tough road to travel. At times, I felt simultaneously supported and judged.
I'm not alone in this experience. When I mentor women starting out in the field, I hear the same story. It's a journey filled with challenges — from a lack of support to little flexibility given at home. It leaves women discouraged to continue or even try at all. All of this results in a greater gender gap in the field.
However, the need for skills continues to grow. For the fifth year in a row, industry experts say the skills crisis is rising — there aren't enough people to do the work. The profession remains "systemically undervalued," and more than three-quarters (76%) of organizations admit that recruiting and hiring cybersecurity staff is difficult. Hiring a warm body is the priority, and businesses don't even have time to think about gender. But they should. The divide will only get greater, and as organizations focus on diversity, it needs to be a priority.
The diversity gap that exists is a cultural issue. Cybersecurity is still considered a man's job and is perceived as a purely computer science discipline. Because of that, there is a stigma surrounding women who want to begin a career in this field. But there doesn't need to be.
How Do We Get More Women Involved in Cybersecurity?
Here are three steps that vendors, schools, and associations can take to inspire more women to get involved in technology and, subsequently, cybersecurity professions:
- Encourage online training, and start this early. All the resources about how to defend against modern threats can be accessed online. Many women feel intimidated by a male-dominated industry and don't feel comfortable in an in-person environment where they are the minority. If attending courses at a physical place of learning is not an option, online training is a safe and inclusive alternative to acquiring the skills it takes to join the industry. It's also a way to advance skill sets, both traditional and untraditional. In 2020, I completed 16 certificates in Databricks, Udemy, and DataCamp, and many of these programs offer free courses for eager learners.
- Create more internships, apprenticeships, and benefits packages that appeal exclusively to women. Cybersecurity companies should focus on creating opportunities for women. But it doesn't stop there. Mentoring is severely lacking in the industry, and so is female leadership. Companies need to make a significant investment not just to recruit but to retain and grow female talent into future leaders. They need to look at career paths within their organizations and ensure that benefits packages are robust and appealing. When businesses take a formal stance to create programs that are designed to overcome gender bias, it sends a strong message to future recruits. Outstanding organizations, such as WomenTech and Women in Cybersecurity (WiCyS), are making great strides to promote the advancement of women in the field. There are opportunities for companies to get involved in programs like this and encourage talent.
- Support amazing talent and share their achievements. To change the status quo, the best thing cybersecurity companies can do to encourage more women to break into the industry is to call out the talented women already in the field. Empowering strong female role models and showcasing their impact on the industry will demonstrate that cybersecurity is not an old boys' club but an industry that anyone with a passion and desire to learn can join. Businesses must share the wins of their female employees at all levels of their organizations by providing platforms to speak at recruiting or industry events, telling their stories on social media to aid with recruiting, and sharing achievements of female employees externally. This activity ensures much-needed female representation is incorporated in the technology industry while helping to chip away at the stigmas and demonstrate progress.
Without diversity, there can't be innovation. A business that surrounds itself with the same kind of people who work on the same projects will not generate new or original ideas. Introducing more women into the cybersecurity industry is critical for future idea generation and thwarting the competition. The industry needs to fill the pipeline up with future talent; otherwise, it will dry up, and the talent crisis will continue. As Shirley Chisolm, the first Black woman to serve in the US Congress, said, "You make progress by implementing ideas."