Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

Remote Work Could Help Cybersecurity’s Diversity Problem – But Will It?

Job market data from the second quarter suggests there are increasing opportunities for women and minorities in the world of remote work, but long-standing biases may provide resistance.

A rise in remote cybersecurity job openings could give businesses the opportunity to diversify their workforces with more security-savvy women and people of color, industry groups report, but the change will not happen if employers don't think hard about their long-term strategies.

This week CyberVista and the International Consortium of Minority Cybersecurity Professionals (ICMCP) released a joint report on the cybersecurity job market in Q2 that the organizations say bodes well for these underrepresented groups.

According to the report, while the world and workforce reel from the coronavirus pandemic, cybersecurity jobs are on the rise: with 348,082 open positions in June 2020 compared to 261,545 in April (as per LinkedIn job postings).

The rebound is most significant in healthcare and financial services, with 120,000 and 115,000 respective openings since June 18th, followed by information technology and services (114,000+), retail (85,000+), and computer software (77,800+). The uptick isn’t purely for cybersecurity roles but for a variety of IT roles that require security expertise.

"Everyone is working remotely. Everyone is connecting to corporate networks," says Simone Petrella, CEO of cybersecurity training firm CyberVista, in an interview with Dark Reading. Since those home connections need to be securely set up and maintained, there's a bigger demand for IT professionals with security know-how. 

That's welcome news for IT/security pros in a dismal job market just on its own. But the report also points to a more-remote workforce as an opportunity for companies to hire more women and minorities who may not live in the high-tech, high-cost cities where such opportunities are usually based.

"Organizations no longer have to limit themselves to hiring new talent within a limited physical proximity. This physical proximity component has created an inability for companies to always hire the most diverse talent for the position," states the joint report.

"Therefore, this helps increase the likelihood that organizations can more aggressively pursue diversity and inclusion initiatives given that people of color, women, or other underrepresented groups may not have previously had access to cities with the highest cost of living in the country."

The report also points to open positions in smaller cities, including Tucson, AZ (2,210 open positions), Colorado Springs, CO (1,883), Dayton, OH (1,599) and Albuquerque, NM (1,306) as further signs of broadening opportunities. 

Of course, while borderless hiring opens the door a bit more for underrepresented individuals to stick their foot in, that only really works if organizations make some fundamental changes.

A Call to Action for Employers

"My stance is that employers need to proactively step up and invest, and that means time, money, and resources in a mid- to long-term strategy," says Petrella. "They have to identify candidates that they can mold and grow into these cyber roles."

"HR has really got to change the lens with how they look at people," says Larry Whiteside Jr., president of ICMCP. "They've created this mechanism by which they grade people for roles and salaries that's antiquated to where we are today."

It also matters for what roles these women are being hired. Pam Nigro, ISACA board director, and vice president of information technology and security officer at Home Access Health Corporation, points out that there is still a gender divide in technical vs. non-technical positions.

"I have seen many women hired for governance, risk, and compliance roles writing policies, standards, processes, and controls, as well as hired to do risk or security assessments, or cybersecurity awareness and training campaigns," she says. "These roles are extremely important and valuable to any cybersecurity team; however, the misconception continues even to this day that women are not 'technical' enough. I have personally experienced this firsthand and have been typecast in the past."

Indeed, while "any increase in the diversity of the cybersecurity workforce is positive," says Maxine Holt, senior research director of cybersecurity at Omdia, the lack of diversity has been "frankly, embarrassing" for far too long, and there is much more to be done. 

"The gap continues to be wide because the systemic biases that exist in cybersecurity (and elsewhere) cannot be fixed overnight," she says.

"Organizations are making positive steps to change bias and improve cybersecurity opportunities for women and other minority groups, but this is a journey that will never end, because even when we get to a truly representative diverse cybersecurity workforce, we need to work hard to maintain that diversity."

Nigro is not optimistic: "While this could be an opportunity to expand the search for security talent to include more women and other underrepresented groups, I have not been seeing hiring practices change — many postings are still asking for five or more years of experience, which often exclude many women and minorities new to the profession from joining cybersecurity teams," she says.

Where Change Must Begin

If things are to change internally, Omdia's Holt says organizations must first deal with unconscious bias. "We must also challenge attitudes of 'I just want someone who can do the job.' Why must we challenge this? It's because cybersecurity is full of men 'who can do the job' – because women and other minority groups haven't had the same opportunities," she says.

"We need to give these minority groups in cybersecurity the same opportunities as men, and recognize that we can build talent as well as buy it in."

The importance of doing so goes well beyond good PR and repairing long-standing inequities in hiring. 

"Diversity of thought based on background and experiences is important. In cybersecurity, we’re literally trying to solve a new problem every day," says ICMCP's Whiteside. "It's outside-the-box thinking brought to the table by all these different people, having different trains of thought based on who they are, where they're from, their experiences over time... A lot of people don't realize how these things matter."

Efforts to improve cybersecurity's diversity have shown results. The (ISC)² 2019 Cybersecurity Workforce Study indicates the gender gap is winnowing, with more women assuming those roles and more women than men who intend to work in IT security starting from college.

The association polled 3,237 individuals responsible for securing critical assets at their organization. Respondents included those spending at least 25% of their time on cybersecurity activities at work and hail from North America, Europe, Latin America, and Asia-Pacific. From that survey, (ISC)² gleaned that women accounted for 30% of overall respondents, up from 24% the year before.

Also notable was that 63% of women working in cybersecurity said they planned to follow that career path as early as college, compared to 54% of their male counterparts.

(ISC)² suggests this could be thanks to recent years’ initiatives drawing girls to computer sciences.

"As women succeed in the profession, they serve as role models for other women wanting to join the cybersecurity workforce,” said the (ISC)2 Research Team in an email interview with Dark Reading. “This will make the workforce more diverse, and as a result more innovative and better able to solve problems, and help address the cybersecurity skills gap." 

Still, despite these gains, the data also shows that women continue to be paid less than men, with female cybersecurity professionals in North America earning just under $80,000 on average, compared to $96,500 for men. In addition, 22% of women cited discrimination as a career obstacle, compared to 13% of men.

Related Content:

 

 

Register now for this year's fully virtual Black Hat USA, scheduled to take place August 1–6, and get more information about the event on the Black Hat website. Click for details on conference information and to register.

Nicole Ferraro is a freelance writer, editor and storyteller based in New York City. She has worked across b2b and consumer tech media for over a decade, formerly as editor-in-chief of Internet Evolution and UBM's Future Cities; and as editorial director at The Webby Awards. ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AdamB200
50%
50%
AdamB200,
User Rank: Author
7/28/2020 | 4:26:05 PM
Agreed!
No time like the present to do something about the diversity issue. Employers still need skilled security professionals and there are new training opportunities out there. Great perspective!
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Average Cost of a Data Breach: $3.86 Million
Jai Vijayan, Contributing Writer,  7/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internet—and What Your Organization Can Do About It
The Threat from the Internet—and What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-18112
PUBLISHED: 2020-08-05
Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. The affected versions are before version 4.8.3.
CVE-2020-15109
PUBLISHED: 2020-08-04
In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. This vulnerability allows a malicious customer to craft request data with parameters that allow changing the address of the current order without changing the shipm...
CVE-2020-16847
PUBLISHED: 2020-08-04
Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887.
CVE-2020-15135
PUBLISHED: 2020-08-04
save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). The fix introduced in version version 1.05 unintentionally breaks uploading so version v1.0.7 is the fixed version. This is patched by implementing Double submit. The CSRF...
CVE-2020-13522
PUBLISHED: 2020-08-04
An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability.