Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

4/17/2018
04:20 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Majority of Men Think Women Have Equal Opportunity to Advance in Cybersecurity Career

Not so fast, say women.

Add another data point to the growing body of evidence on the deep gender divide in the high-tech industry.

A new survey by ISACA shows that far more men than women think women have equal career advancement opportunities in cybersecurity.

ISACA surveyed more than 2,300 cybersecurity professionals holding certifications such as Certified Information Security Manager (CISM) and Cybersecurity Nexus Practitioner (CSXP) on a variety of issues related to their jobs and careers.

The survey found 82% of male respondents saying women have the same opportunities as men for career advancement. In contrast, just 51% of female respondents said the same thing.

The startling disparity in perspective between the genders was somewhat smaller in the 51% of organizations in the ISACA survey that had a formal diversity program in place. In these organizations men and women appeared somewhat more aligned in their thinking on the matter compared with organizations without a diversity program. Eighty-seven percent of male respondents and 77% of females believed that men and women had equal career advancement opportunities in cybersecurity.

The sharply differing views on career advancement between men and women reflected in the ISACA study mirror those in other studies that have found similar disparities in other areas as well. Numerous studies, for instance, have shown that male employees in Silicon Valley are routinely paid substantially more for the same work than women in identical roles and with the same experience and qualifications. Men in high tech are also far likelier to advance more quickly in their careers than their female counterparts.

"In practice, cybersecurity jobs should be competency-based," says Susan Snedaker, director of infrastructure and operations at Tucson Medical Center. But in reality, there is a gender gap in all technology fields. "The reasons are many, but part of the problem is that women drop out of tech jobs at a higher rate than men," she says. Driving that statistic is a male-dominated culture at some tech companies and in some cybersecurity training programs. "It’s really difficult working in a job where you are constantly challenged, not because you aren't smart, but because you aren't 'us'," she says.

Given the skills crisis in the industry, it would seem obvious that cybersecurity is a great career for women, "but the hurdles can be daunting," Snedaker says. "Cybersecurity leaders need to do a better job ensuring they build inclusive teams and merit-based rewards."

Rob Clyde, vice-chair of ISACA, points to a PricewaterhouseCoopers report showing men are four times as likely to hold senior cybersecurity positions than females. "Women are underrepresented at every level in cybersecurity, and recruitment and retention programs need to focus on how to change that," Clyde notes.

An effective diversity program that offers employees career development opportunities, mentoring, access, and support are critical, he says. Also vital is inclusive leadership. "IT leaders need to be educated so they can run effective teams, which includes hiring, training, and retaining diverse talent," Clyde says.

"Training programs need to meet the needs of the organization and be gender-neutral," Clyde adds. Training needs to be conducted in a manner where it is equally effective for both men and women, he says.

Another key finding in the ISACA report is just how persistent the skills gap continues to be for organizations across the board.

"Cybersecurity skills shortages have been major headlines for years now, but finding qualified candidates with solid technical skills is still a significant challenge," Clyde says.

The ISACA survey found 25% of the respondents believe it takes six months or more to fill an open cybersecurity position, Clyde says. "Fortunately, since enterprise cybersecurity budgets are increasing at a faster rate than ever, there are more dollars available for training to develop hands-on technical skills," Clyde says.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry's most knowledgeable IT security experts. Check out the Interop ITX 2018 agenda here.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How Security Vendors Can Address the Cybersecurity Talent Shortage
Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet,  5/24/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .