Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

How to Attract More Women Into Cybersecurity Now

A recent survey finds a number of attributes women seek in their careers can be found in a cybersecurity profession - the dots just need to be connected.

With the cybersecurity industry facing a shortfall of 1.8 million professionals by 2022, increased efforts are underway to find and train more infosec pros – especially women who, according to a Global Information Security Workforce Study, comprise only 11% of the cybersecurity workforce.

And although a number of challenges exist in attracting women and young girls to a cybersecurity career, a number of similarities exist between the attributes these women and young girls seek in a career and what the cybersecurity profession can offer, according to a recent survey by Kaspersky Lab and interviews with female cybersecurity pros.

In its global survey of approximately 2,000 females ages 16-to 21 years old, Kaspersky's report, "Beyond 11% - A Study Into Why Women Are Not Entering Cybersecurity," found:

  • 72% want a career they can be passionate about
  • 83% do not believe a cybersecurity career would be dull
  • 23% want a career that can make a difference to society
  • 44% believe cybersecurity is helpful to society
  • 52% want a career that will enable them to earn a good salary

Median annual salary is $100,000 for cybersecurity staff members, according to a Dark Reading 2016 Security Salary Survey.

Career Passion

"Being passionate is important for any job," says Ambareen Siraj, founder of the national Women in Cybersecurity (WiCyS) organization and an associate computer science professor at Tennessee Tech University. "Cybersecurity is a very dynamic field and you are always learning. If you want to be in a field that is always refreshed and you have a big thirst for learning, then you should consider cybersecurity."

As for the 17% of survey respondents who believe a cybersecurity career would be boring, it comes down to a lack of understanding of the various roles in cybersecurity that can range from technical to training to developing policies, says Mari Galloway, director of finance and communications for the Women's Society of Cyberjutsu.

Benefit to Society

A career in cybersecurity can make a difference in society, Galloway says. 

"Take healthcare. So much technology is used to keep people alive. All it takes is one bad hacker to exploit a vulnerability in a hospital system and bring the whole operation down, potentially killing patients," Galloway explains. "It's the cyber professionals' job to ensure things like this don't happen."

Noushin Shabab, senior security researcher with Kaspersky's Global Research & Analysis Team, says she was surprised by the low percentage of women and young girls who noted they wanted to make a difference in society with their career and believed that cybersecurity helped society.

"Despite the [23%] statistic, I feel deep down, a woman wants to make their mark in society," Shabab says. "Hopefully with the hard work and efforts that women around the world are taking in today's world, more women will feel empowered to make a difference in their respective societies. If women believe they can make an impact (big or small) this is already a big start to change how they feel about their careers."

Salary and Job Security

Salaries are a big factor in women's career choices but not the only deciding factor, Siraj says. Cybersecurity not only provides a good salary but, in many cases, infosec professionals are able to work from home and can relocate to a new job with relative ease, since there is virtually no unemployment in the industry, she adds.

Challenging Stereotypes

Despite these similar attributes that can be found in cybersecurity careers, it remains a challenge to attract women and young girls to the field, these cybersecurity professionals say.

"All that women hear about in the media is about the bad guys in cybersecurity. They don't hear about the researchers who made a difference and helped society," Siraj says. "In the movies and TV shows, cybersecurity professionals are portrayed as guys sitting in a dark room alone, surrounded by computers, and as highly intelligent nerds. That is not how most women want to view themselves."

Shabab noted WannaCry, ExPetr and other large-scale cyberattacks may attract more women to the IT security field, rather than chase them away. These attacks proved cybersecurity is essential for every individual, home user, and enterprise – perhaps fueling a desire to pursue a cybersecurity career and protect what matters most to them, she adds.

A range of efforts are underway to dispel of cybersecurity career stereotypes and educate young girls and women about the profession, these women note. Cyberjutsu Girls Academy, Girl Scouts, Black Girls Code, WiCyS, and others are providing information and role models, they add.

"What will bring more women in are seeing women at various levels making decisions, [girls] getting hands-on experience in STEM, cyber at a young age, providing equal opportunities for women to grow, and laying out a roadmap of potential career paths for young women to visualize where they can go," Galloway says.

Related Content:


Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
1/18/2018 | 1:28:13 PM
Re: Women think BETTER than men
* troll warning! * straight from Hawaii Civil Defense!  ;)
User Rank: Ninja
1/18/2018 | 12:07:38 PM
Women think BETTER than men
I'll toss a little bomb of a comment here - in my experience, women think and analyze cyber-security issues FAR better than men ever do.  There are a ton of reasons for this, to much for one page really but calll male ego the curse of all men.  Women can conceptualize better, solve puzzles better (which is what cyber security really is at the base) and come to different, more correct, conclusions!!!   In many ways, men are generally IDIOTS!!
User Rank: Strategist
1/13/2018 | 5:51:45 PM
Forget women - where are African Americans of either sex?
Teaching Computer Science I have lots of female students, but almost no African Americans.  I have some Haitians and folks from Africa, but I can't remember the last time I had a black American in one of my classes.  Up to my recent departure from the software industry, it was much the case there, too.  Maybe it's a Boston thing, but this is a much bigger "problem" in my eyes than underrepresentation of women.
User Rank: Apprentice
1/13/2018 | 3:46:30 PM
Re: MORE FEMINIST SEXISM!: How to Attract More Women Into Cybersecurity Now
I find this post extremely sexist making it seem like it is wrong that there are not enough women in Cybersecurity like it is a sickness that "nerdy men" are in the field and that is a turn-off for women to get in the field unless there are men that look like "Ken dolls."  No one writes articles about female dominated fields such as nursing and education, asking this same question on how we can attract more men to these female dominated fields.  Yet many universities will give free tuition for women to go into STEM and still have a difficulty getting women or keeping women to finish the programs.  As far as I know these same universities will not offer free scholarships or tuition for men in female dominated industries when universities now are females dominated on average 68% female/male ratio except for the STEM fields because the classes are more difficult and challenging.  The 100 and 200 level undergraduate classes have more women than men usually.  Many women will start off working towards a science degree because they hear about the more money they can earn and take the free scholarship money, then later switch to an arts degree.  As an instructor, I get asked to water down requirements and make it easier for women; but you have to ask in a cybersecurity scenario will the attackers make it easier because women are protecting that guarded system?

We are all supposed to be equal right.  Why do we have to go out of our way having to change things to make it more attractive to women to want to be in Cybersecurity?  In the nursing field, regulations are created in the name of patient safety and comfort that are purposely created to diminish the role of male nurses such as requiring a female nurse present in the room or a female supervisor on duty if the patient is female.  This tells employers that male nurses are a liability and will cost them more since a male nurse is more restricted than a female nurse in performing duties.  If I as the patient request a male nurse, they will say they do not have one so deal with it.  If this was told to a female, lawsuits and the media will be all over it asking why no female nurses are available. 

I am tired of how people think there is something wrong with Cybersecurity if there is a lack of females.  It makes me think that women are more equal than men and get special treatment because they are women.  Whereas men have to prove they possess the skills in order to get hired and do a job.  I have had many female students demand an "A" when they have incomplete assignments and average test scores.  Women should be treated the same as men are treated nothing more.  It is not a sickness because men have an interest and many women could care less about Cybersecurity but women really care about makeup and celebrity gossip. 

The author is just promoting a female supremacist agenda that men are bad and women are always good.  Cybersecurity is still a developing field.  It is difficult getting many "C" level executives to spend money in Cybersecurity or hire Cybersecurity teams to adequate staffing levels even though this is needed, they will accept the risk and leave Cybersecurity positions unfilled.  To waste resources on chasing non-interested women into Cybersecurity or entice them by starting their base pay higher than male recruits is completely ludacris!
Bhumi joshi
Bhumi joshi,
User Rank: Apprentice
1/13/2018 | 8:20:23 AM
Women into cybersecurity
Hello, my self Bhumi Joshi, and I am from India. I want to go in cybersecurity field, I am passionate about it, I had also done the course of CEH still I did not get any job.everybody (every company) needs an experience, they don't think, once they will give a job then and then my experience will build. So, I thought after reading this article, (really this thing can happen???) Give me some suggestions!!
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-09-15
In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.
PUBLISHED: 2019-09-15
Cobham Sea Tel v170 224521 through v194 225444 devices allow attackers to obtain potentially sensitive information, such as a vessel's latitude and longitude, via the public SNMP community.
PUBLISHED: 2019-09-15
ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO.
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can trigger execution of a .phar file via a phar:// URL in a filename parameter, because PHAR uploads are not blocked and are reachable within the phar://../../../../../../../../var/www/html/web/var/assets/ directory, a different vulnerabi...
PUBLISHED: 2019-09-14
In Pimcore before 5.7.1, an attacker with limited privileges can bypass file-extension restrictions via a 256-character filename, as demonstrated by the failure of automatic renaming of .php to .php.txt for long filenames, a different vulnerability than CVE-2019-10867 and CVE-2019-16317.