Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

4/17/2018
04:20 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Majority of Men Think Women Have Equal Opportunity to Advance in Cybersecurity Career

Not so fast, say women.

Add another data point to the growing body of evidence on the deep gender divide in the high-tech industry.

A new survey by ISACA shows that far more men than women think women have equal career advancement opportunities in cybersecurity.

ISACA surveyed more than 2,300 cybersecurity professionals holding certifications such as Certified Information Security Manager (CISM) and Cybersecurity Nexus Practitioner (CSXP) on a variety of issues related to their jobs and careers.

The survey found 82% of male respondents saying women have the same opportunities as men for career advancement. In contrast, just 51% of female respondents said the same thing.

The startling disparity in perspective between the genders was somewhat smaller in the 51% of organizations in the ISACA survey that had a formal diversity program in place. In these organizations men and women appeared somewhat more aligned in their thinking on the matter compared with organizations without a diversity program. Eighty-seven percent of male respondents and 77% of females believed that men and women had equal career advancement opportunities in cybersecurity.

The sharply differing views on career advancement between men and women reflected in the ISACA study mirror those in other studies that have found similar disparities in other areas as well. Numerous studies, for instance, have shown that male employees in Silicon Valley are routinely paid substantially more for the same work than women in identical roles and with the same experience and qualifications. Men in high tech are also far likelier to advance more quickly in their careers than their female counterparts.

"In practice, cybersecurity jobs should be competency-based," says Susan Snedaker, director of infrastructure and operations at Tucson Medical Center. But in reality, there is a gender gap in all technology fields. "The reasons are many, but part of the problem is that women drop out of tech jobs at a higher rate than men," she says. Driving that statistic is a male-dominated culture at some tech companies and in some cybersecurity training programs. "It’s really difficult working in a job where you are constantly challenged, not because you aren't smart, but because you aren't 'us'," she says.

Given the skills crisis in the industry, it would seem obvious that cybersecurity is a great career for women, "but the hurdles can be daunting," Snedaker says. "Cybersecurity leaders need to do a better job ensuring they build inclusive teams and merit-based rewards."

Rob Clyde, vice-chair of ISACA, points to a PricewaterhouseCoopers report showing men are four times as likely to hold senior cybersecurity positions than females. "Women are underrepresented at every level in cybersecurity, and recruitment and retention programs need to focus on how to change that," Clyde notes.

An effective diversity program that offers employees career development opportunities, mentoring, access, and support are critical, he says. Also vital is inclusive leadership. "IT leaders need to be educated so they can run effective teams, which includes hiring, training, and retaining diverse talent," Clyde says.

"Training programs need to meet the needs of the organization and be gender-neutral," Clyde adds. Training needs to be conducted in a manner where it is equally effective for both men and women, he says.

Another key finding in the ISACA report is just how persistent the skills gap continues to be for organizations across the board.

"Cybersecurity skills shortages have been major headlines for years now, but finding qualified candidates with solid technical skills is still a significant challenge," Clyde says.

The ISACA survey found 25% of the respondents believe it takes six months or more to fill an open cybersecurity position, Clyde says. "Fortunately, since enterprise cybersecurity budgets are increasing at a faster rate than ever, there are more dollars available for training to develop hands-on technical skills," Clyde says.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry's most knowledgeable IT security experts. Check out the Interop ITX 2018 agenda here.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Google Cloud Debuts Threat-Detection Service
Robert Lemos, Contributing Writer,  9/23/2020
Shopify's Employee Data Theft Underscores Risk of Rogue Insiders
Kelly Sheridan, Staff Editor, Dark Reading,  9/23/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26120
PUBLISHED: 2020-09-27
XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even witho...
CVE-2020-26121
PUBLISHED: 2020-09-27
An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an uploa...
CVE-2020-25812
PUBLISHED: 2020-09-27
An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML.
CVE-2020-25813
PUBLISHED: 2020-09-27
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users.
CVE-2020-25814
PUBLISHED: 2020-09-27
In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> ...