Careers & People

7/25/2017
10:30 AM
Jodie Nel
Jodie Nel
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

How Women Can Raise Their Profile within the Cybersecurity Industry

Closing the cybersecurity gender gap won't happen overnight, but women can take can take steps to begin leveling the playing field.

As most organizations race to close the gender gap, the cybersecurity industry lags behind. A recent study found women make up only 11% of the global information security workforce, and the majority of women are underpaid compared with their male counterparts and likely to experience some form of discrimination at work.

The gender disparity is particularly disappointing given the projected workforce gap: 1.8 million cybersecurity roles are expected to go unfilled by 2022. From unconscious bias to poor recruiting tactics, female professionals looking to enter the cybersecurity space find themselves face-to-face with a number of barriers to entry.

Cybersecurity's gender discrimination problem is leaving its mark on the industry — demand for skilled security experts is quickly outstripping supply. Unless action is taken to attract, retain, and develop female professionals, the number of vacant positions will continue to grow.

Why Women Are Invisible in Security Ranks
Although some in the industry herald cybersecurity as one of the most progressive fields in which to work, it remains stuck in the past when it comes to diversifying the workforce. The security industry as a whole is commonly viewed as maintaining an old boy's club mentality, one that discourages women from even considering a career in the field. Women who make it into the industry often have to go to greater lengths to prove their ability. Female professionals in cybersecurity were found to be more educated than their male counterparts, with 51% of women entering the profession holding a master's degree or higher.

Visibility (or the lack of it) largely contributes to the low number of women in technology. Security is often considered a masculine area of expertise, deterring female job seekers from pursuing a career in such a male-dominated industry. Women already in the security industry are often left out of high-priority projects that could raise their profile both inside and outside an organization. This persistent trend of suppressing female professionals creates a number of obstacles that exclude women and challenge those seeking upward mobility.

Similarly, invisibility keeps women from attending and speaking at industry-specific conferences. While many cybersecurity events are in need of female guest speakers, they also demand high-level professionals who are established figureheads in the industry. Event organizers don't want to hire a female speaker for the sake of diversifying a conference panel — inviting just any woman isn't enough, and can even appear condescending or a form of tokenism.

To catapult more female professionals into the spotlight and make their presence felt in the industry, several changes need to occur from within security organizations.

Raising Awareness in a Field Dominated by Men
Resolving the cybersecurity gender gap won't happen overnight, but women can take take several steps to begin leveling the playing field. For a female security professional, holding office hours and providing mentorship can help younger women carve out their own path in the industry. Women should also work with their company's PR or marketing teams to get in front of the media whenever possible, proactively becoming thought leaders on subject matter they know inside and out.

In addition to boosting visibility, women can debunk existing stereotypes about who is "allowed" to work in the security field to usher more women into the industry. Public perception suggests only men with technological backgrounds can work in cybersecurity, though this is far from the case. Part of this confusion is because most job seekers don't know what types of nontechnical careers fall under cybersecurity. Jobs like social engineer and security architect don't necessarily require prior technology or security experience but are valuable roles in the cybersecurity industry. By partnering with educators to reach girls at younger ages, organizations can contribute to the growth of women in tech by dispelling common cybersecurity myths.

Achieving gender equality in the cybersecurity industry starts with raising awareness of the female professionals currently contributing to its success. From dispelling tech stereotypes to seeking out public speaking gigs, women have the ability to diversify the industry and satisfy the demand for much-needed talent.

Related Content:

Jodie Nel is the event organizer for the Cyber Security Event series hosted by Imago Techmedia. Nel is responsible for providing tech industry decision-makers with access to world-class conferences and events. Prior to working on the Cyber Security Event series, Nel served as ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
No SOPA
50%
50%
No SOPA,
User Rank: Ninja
7/31/2017 | 5:51:41 PM
Profile Raiser: Hack and Publish
Another way to raise that profile is to hit the bug bounties hard, shooting for the higher profile ones.  Discover, write up and publish exploits and get noticed through regular quality work.  Take these anecdotes and exploits to conferences and speak often.  Joanna Rutkowska, Sherri Sparks, Parisa Tabriz and Raven Alder come to mind.  Regardless of gender I know I connect quickly with people based on what they can do.  If you do something cool and you're enthusiastic when demoing it and talking about how you got from concept to execution, I'm in.  I think that respect factor is huge and just keeping at it publicly and proving your chops every day is a solid way to help get you there.  Do what you do, do it well.  Nobody's saying it will be easy, but keep at it and love every moment of it.
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: White Privelege Day
Current Issue
Flash Poll
Surviving the IT Security Skills Shortage
Surviving the IT Security Skills Shortage
Cybersecurity professionals are in high demand -- and short supply. Find out what Dark Reading discovered during their 2017 Security Staffing Survey and get some strategies for getting through the drought. Download the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6504
PUBLISHED: 2018-09-20
A potential Cross-Site Request Forgery (CSRF) vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Cross-Site Request Forgery (CSRF).
CVE-2018-6505
PUBLISHED: 2018-09-20
A potential Unauthenticated File Download vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Unauthenticated File Downloads.
CVE-2018-14796
PUBLISHED: 2018-09-20
Tec4Data SmartCooler, all versions prior to firmware 180806, the device responds to a remote unauthenticated reboot command that may be used to perform a denial of service attack.
CVE-2018-14821
PUBLISHED: 2018-09-20
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing the RSLinx Classic application to terminate. The user will need to manually restart the software to r...
CVE-2018-14827
PUBLISHED: 2018-09-20
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. A remote, unauthenticated threat actor may intentionally send specially crafted Ethernet/IP packets to Port 44818, causing the software application to stop responding and crash. The user must restart the software to regain functionality.