Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

7/25/2017
10:30 AM
Jodie Nel
Jodie Nel
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

How Women Can Raise Their Profile within the Cybersecurity Industry

Closing the cybersecurity gender gap won't happen overnight, but women can take can take steps to begin leveling the playing field.

As most organizations race to close the gender gap, the cybersecurity industry lags behind. A recent study found women make up only 11% of the global information security workforce, and the majority of women are underpaid compared with their male counterparts and likely to experience some form of discrimination at work.

The gender disparity is particularly disappointing given the projected workforce gap: 1.8 million cybersecurity roles are expected to go unfilled by 2022. From unconscious bias to poor recruiting tactics, female professionals looking to enter the cybersecurity space find themselves face-to-face with a number of barriers to entry.

Cybersecurity's gender discrimination problem is leaving its mark on the industry — demand for skilled security experts is quickly outstripping supply. Unless action is taken to attract, retain, and develop female professionals, the number of vacant positions will continue to grow.

Why Women Are Invisible in Security Ranks
Although some in the industry herald cybersecurity as one of the most progressive fields in which to work, it remains stuck in the past when it comes to diversifying the workforce. The security industry as a whole is commonly viewed as maintaining an old boy's club mentality, one that discourages women from even considering a career in the field. Women who make it into the industry often have to go to greater lengths to prove their ability. Female professionals in cybersecurity were found to be more educated than their male counterparts, with 51% of women entering the profession holding a master's degree or higher.

Visibility (or the lack of it) largely contributes to the low number of women in technology. Security is often considered a masculine area of expertise, deterring female job seekers from pursuing a career in such a male-dominated industry. Women already in the security industry are often left out of high-priority projects that could raise their profile both inside and outside an organization. This persistent trend of suppressing female professionals creates a number of obstacles that exclude women and challenge those seeking upward mobility.

Similarly, invisibility keeps women from attending and speaking at industry-specific conferences. While many cybersecurity events are in need of female guest speakers, they also demand high-level professionals who are established figureheads in the industry. Event organizers don't want to hire a female speaker for the sake of diversifying a conference panel — inviting just any woman isn't enough, and can even appear condescending or a form of tokenism.

To catapult more female professionals into the spotlight and make their presence felt in the industry, several changes need to occur from within security organizations.

Raising Awareness in a Field Dominated by Men
Resolving the cybersecurity gender gap won't happen overnight, but women can take take several steps to begin leveling the playing field. For a female security professional, holding office hours and providing mentorship can help younger women carve out their own path in the industry. Women should also work with their company's PR or marketing teams to get in front of the media whenever possible, proactively becoming thought leaders on subject matter they know inside and out.

In addition to boosting visibility, women can debunk existing stereotypes about who is "allowed" to work in the security field to usher more women into the industry. Public perception suggests only men with technological backgrounds can work in cybersecurity, though this is far from the case. Part of this confusion is because most job seekers don't know what types of nontechnical careers fall under cybersecurity. Jobs like social engineer and security architect don't necessarily require prior technology or security experience but are valuable roles in the cybersecurity industry. By partnering with educators to reach girls at younger ages, organizations can contribute to the growth of women in tech by dispelling common cybersecurity myths.

Achieving gender equality in the cybersecurity industry starts with raising awareness of the female professionals currently contributing to its success. From dispelling tech stereotypes to seeking out public speaking gigs, women have the ability to diversify the industry and satisfy the demand for much-needed talent.

Related Content:

Jodie Nel is the event organizer for the Cyber Security Event series hosted by Imago Techmedia. Nel is responsible for providing tech industry decision-makers with access to world-class conferences and events. Prior to working on the Cyber Security Event series, Nel served as ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
7/31/2017 | 5:51:41 PM
Profile Raiser: Hack and Publish
Another way to raise that profile is to hit the bug bounties hard, shooting for the higher profile ones.  Discover, write up and publish exploits and get noticed through regular quality work.  Take these anecdotes and exploits to conferences and speak often.  Joanna Rutkowska, Sherri Sparks, Parisa Tabriz and Raven Alder come to mind.  Regardless of gender I know I connect quickly with people based on what they can do.  If you do something cool and you're enthusiastic when demoing it and talking about how you got from concept to execution, I'm in.  I think that respect factor is huge and just keeping at it publicly and proving your chops every day is a solid way to help get you there.  Do what you do, do it well.  Nobody's saying it will be easy, but keep at it and love every moment of it.
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4031
PUBLISHED: 2019-10-16
IBM Workload Scheduler Distributed 9.2, 9.3, 9.4, and 9.5 contains a vulnerability that could allow a local user to write files as root in the file system, which could allow the attacker to gain root privileges. IBM X-Force ID: 155997.
CVE-2019-17626
PUBLISHED: 2019-10-16
ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color="' followed by arbitrary Python code.
CVE-2019-17627
PUBLISHED: 2019-10-16
The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the authentication key via simple computations on the hex digits of a valid authentication request. This a...
CVE-2019-17625
PUBLISHED: 2019-10-16
There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such...
CVE-2019-17624
PUBLISHED: 2019-10-16
In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact.