With the cybersecurity industry facing a shortfall of 1.8 million professionals by 2022, increased efforts are underway to find and train more infosec pros – especially women who, according to a Global Information Security Workforce Study, comprise only 11% of the cybersecurity workforce.
And although a number of challenges exist in attracting women and young girls to a cybersecurity career, a number of similarities exist between the attributes these women and young girls seek in a career and what the cybersecurity profession can offer, according to a recent survey by Kaspersky Lab and interviews with female cybersecurity pros.
In its global survey of approximately 2,000 females ages 16-to 21 years old, Kaspersky's report, "Beyond 11% - A Study Into Why Women Are Not Entering Cybersecurity," found:
- 72% want a career they can be passionate about
- 83% do not believe a cybersecurity career would be dull
- 23% want a career that can make a difference to society
- 44% believe cybersecurity is helpful to society
- 52% want a career that will enable them to earn a good salary
Median annual salary is $100,000 for cybersecurity staff members, according to a Dark Reading 2016 Security Salary Survey.
"Being passionate is important for any job," says Ambareen Siraj, founder of the national Women in Cybersecurity (WiCyS) organization and an associate computer science professor at Tennessee Tech University. "Cybersecurity is a very dynamic field and you are always learning. If you want to be in a field that is always refreshed and you have a big thirst for learning, then you should consider cybersecurity."
As for the 17% of survey respondents who believe a cybersecurity career would be boring, it comes down to a lack of understanding of the various roles in cybersecurity that can range from technical to training to developing policies, says Mari Galloway, director of finance and communications for the Women's Society of Cyberjutsu.
Benefit to Society
A career in cybersecurity can make a difference in society, Galloway says.
"Take healthcare. So much technology is used to keep people alive. All it takes is one bad hacker to exploit a vulnerability in a hospital system and bring the whole operation down, potentially killing patients," Galloway explains. "It's the cyber professionals' job to ensure things like this don't happen."
Noushin Shabab, senior security researcher with Kaspersky's Global Research & Analysis Team, says she was surprised by the low percentage of women and young girls who noted they wanted to make a difference in society with their career and believed that cybersecurity helped society.
"Despite the [23%] statistic, I feel deep down, a woman wants to make their mark in society," Shabab says. "Hopefully with the hard work and efforts that women around the world are taking in today's world, more women will feel empowered to make a difference in their respective societies. If women believe they can make an impact (big or small) this is already a big start to change how they feel about their careers."
Salary and Job Security
Salaries are a big factor in women's career choices but not the only deciding factor, Siraj says. Cybersecurity not only provides a good salary but, in many cases, infosec professionals are able to work from home and can relocate to a new job with relative ease, since there is virtually no unemployment in the industry, she adds.
Despite these similar attributes that can be found in cybersecurity careers, it remains a challenge to attract women and young girls to the field, these cybersecurity professionals say.
"All that women hear about in the media is about the bad guys in cybersecurity. They don't hear about the researchers who made a difference and helped society," Siraj says. "In the movies and TV shows, cybersecurity professionals are portrayed as guys sitting in a dark room alone, surrounded by computers, and as highly intelligent nerds. That is not how most women want to view themselves."
Shabab noted WannaCry, ExPetr and other large-scale cyberattacks may attract more women to the IT security field, rather than chase them away. These attacks proved cybersecurity is essential for every individual, home user, and enterprise – perhaps fueling a desire to pursue a cybersecurity career and protect what matters most to them, she adds.
A range of efforts are underway to dispel of cybersecurity career stereotypes and educate young girls and women about the profession, these women note. Cyberjutsu Girls Academy, Girl Scouts, Black Girls Code, WiCyS, and others are providing information and role models, they add.
"What will bring more women in are seeing women at various levels making decisions, [girls] getting hands-on experience in STEM, cyber at a young age, providing equal opportunities for women to grow, and laying out a roadmap of potential career paths for young women to visualize where they can go," Galloway says.
- Cybersecurity Faces 1.8 Million Worker Shortfall By 2022
- How to Build a Path Toward Diversity in Information Security
- Making Infosec Meetings More Inclusive