Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

4/17/2018
04:20 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Majority of Men Think Women Have Equal Opportunity to Advance in Cybersecurity Career

Not so fast, say women.

Add another data point to the growing body of evidence on the deep gender divide in the high-tech industry.

A new survey by ISACA shows that far more men than women think women have equal career advancement opportunities in cybersecurity.

ISACA surveyed more than 2,300 cybersecurity professionals holding certifications such as Certified Information Security Manager (CISM) and Cybersecurity Nexus Practitioner (CSXP) on a variety of issues related to their jobs and careers.

The survey found 82% of male respondents saying women have the same opportunities as men for career advancement. In contrast, just 51% of female respondents said the same thing.

The startling disparity in perspective between the genders was somewhat smaller in the 51% of organizations in the ISACA survey that had a formal diversity program in place. In these organizations men and women appeared somewhat more aligned in their thinking on the matter compared with organizations without a diversity program. Eighty-seven percent of male respondents and 77% of females believed that men and women had equal career advancement opportunities in cybersecurity.

The sharply differing views on career advancement between men and women reflected in the ISACA study mirror those in other studies that have found similar disparities in other areas as well. Numerous studies, for instance, have shown that male employees in Silicon Valley are routinely paid substantially more for the same work than women in identical roles and with the same experience and qualifications. Men in high tech are also far likelier to advance more quickly in their careers than their female counterparts.

"In practice, cybersecurity jobs should be competency-based," says Susan Snedaker, director of infrastructure and operations at Tucson Medical Center. But in reality, there is a gender gap in all technology fields. "The reasons are many, but part of the problem is that women drop out of tech jobs at a higher rate than men," she says. Driving that statistic is a male-dominated culture at some tech companies and in some cybersecurity training programs. "It’s really difficult working in a job where you are constantly challenged, not because you aren't smart, but because you aren't 'us'," she says.

Given the skills crisis in the industry, it would seem obvious that cybersecurity is a great career for women, "but the hurdles can be daunting," Snedaker says. "Cybersecurity leaders need to do a better job ensuring they build inclusive teams and merit-based rewards."

Rob Clyde, vice-chair of ISACA, points to a PricewaterhouseCoopers report showing men are four times as likely to hold senior cybersecurity positions than females. "Women are underrepresented at every level in cybersecurity, and recruitment and retention programs need to focus on how to change that," Clyde notes.

An effective diversity program that offers employees career development opportunities, mentoring, access, and support are critical, he says. Also vital is inclusive leadership. "IT leaders need to be educated so they can run effective teams, which includes hiring, training, and retaining diverse talent," Clyde says.

"Training programs need to meet the needs of the organization and be gender-neutral," Clyde adds. Training needs to be conducted in a manner where it is equally effective for both men and women, he says.

Another key finding in the ISACA report is just how persistent the skills gap continues to be for organizations across the board.

"Cybersecurity skills shortages have been major headlines for years now, but finding qualified candidates with solid technical skills is still a significant challenge," Clyde says.

The ISACA survey found 25% of the respondents believe it takes six months or more to fill an open cybersecurity position, Clyde says. "Fortunately, since enterprise cybersecurity budgets are increasing at a faster rate than ever, there are more dollars available for training to develop hands-on technical skills," Clyde says.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry's most knowledgeable IT security experts. Check out the Interop ITX 2018 agenda here.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.