Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

3/15/2017
05:00 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

Women Still Only 11% Of Global InfoSec Workforce

Career development and mentorship programs make women in cybersecurity feel more valued, increase women's success.

The global cybersecurity workforce remains stagnant at just 11 percent, according to the 2017 Women in Cybersecurity Report, co-authored by The Executive Women’s Forum on Information Security, Risk Management and Privacy (EWF) and the Center for Cyber Safety and Education, which partnered with (ISC)2. The report is based on survey responses from over 19,000 information security professionals in 170 countries.

Report co-author and EWF founder Joyce Brocaglia says the most important finding of the report is that "it isn't just one thing" causing the persistent shortage of women in information security, but rather a "confluence of events."

The findings, says Brocaglia, show that women are underrepresented, are paid less than their male colleagues, feel undervalued, and feel discriminated against. "That's what's leading to this stagnation." 

The shortage is severe in North America, with only 14 percent of the infosec workforce composed of women, but even more striking elsewhere; women only claim 7 percent of the workforce in Europe, 8 percent in Asia, and 5 percent in the Middle East, according to the report.  

"Common sense should tell you we should be doing more about this," says co-author and EWF executive director Lynn Terwoerds, noting that in order to solve the cybersecurity skills shortage, the industry must do a better engaging the female population.

In general, the underrepresentation extends to cybersecurity management, but women were beginning to fare better when it comes to obtaining positions at the very top: while men are nine times more likely to hold managerial positions, they are only four times more likely to hold C-level or executive positions. 

However, those high-level positions for women come at a price; the survey found that the higher a woman rises in an organization, the more discrimination she experiences in the workplace, rising from 35% at entry-level to 67% at C-level.( This could also be a result of respondents providing answers that reflect experiences accrued over the entirety of longer careers, as opposed to only answering about experiences of the past year.) 

Overall, 51 percent of female respondents reported at least one type of discrimination, as compared to 15 percent of male respondents. Of these women, 87% reported unconscious discrimination, 19% overt discrimination, 22% tokenism, 53% unexplained delay or denial of career advancement, and 22% exaggerated highlighting of mistakes. 

The wage gap also persisted, with women earning less than men at every level - $5,000 less at non-managerial positions, $4,630 less for managers, and $4,530 for executive management. Over the past two years, the gap has narrowed for senior positions, but widened for non-managerial positions.

"You look at all of these statistics," says Brocaglia, "and say 'well maybe that's why'" the number of women in infosecurity has not increased.  

The study also unearthed ways to better retain and encourage women in infosec. The report showed that women respondents who underwent leadership training, executive coaching, mentorship, or had "sponsors" who recommended them for high-profile projects, recommended them for promotions, or introduced them to people in their professional networks felt far more valued in their careers.  

"There's a huge issue of developing and advancing these women so they don't opt out," says Brocaglia. "We have to stop losing them mid-career."  

The report also found that while more millenial women are pursuing degrees in computer science and engineering fields, older women are highly educated, but in a wider range of fields. Brocaglia advises employers to remember that there are many, many influential roles in cybersecurity that don't require technical degrees.

Will the women in infosec needle not move upward, however, simply because women are not interested in the job?

"It's a very dubious comment to make," says Terwoerds, noting that throughout history women have "embraced and excelled in" other fields they were presumed to be uninterested in before. "I would consider that Exhibit A of an unconscious bias." 

Related Content:

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Ludivina
50%
50%
Ludivina,
User Rank: Strategist
3/20/2017 | 8:21:28 PM
Re: But?
True and false. The women are just a pure beauty. We should know and make comparasion at places where it can actually be properly done.
li'l ciso
67%
33%
li'l ciso,
User Rank: Strategist
3/18/2017 | 2:01:01 PM
But?
Did you know that less then 1% of miners are women? Less then 2% of garbagemen are women! This is unacceptable. Something has to be done about this because, well, it just does. #MoreWomenMinors
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
3/17/2017 | 11:57:57 AM
Wages/Salary
Worth noting, too, that historically, many women have been less comfortable with negotiating their salary than their male counterparts.  Studies suggest that this is the primary culprit for salary differences: Men ask and negotiate for higher salaries/compensation packages far more often than women do.

This, of course, goes to deeper sociocultural issues than workplace factors -- and such factors probably contribute to a great deal of other gender-gap issues.
JulietteRizkallah
67%
33%
JulietteRizkallah,
User Rank: Ninja
3/16/2017 | 5:04:35 PM
STEM and role models can help this complex issue
Before discussing the retention of women in cybersecurity, we need to look at the numbers of women entering the workforce in cybersecurity.  Without having specific data, i would guess the numbers also are low.  Programs promoting STEM with young girls cannot do enough to gear young girls and women in our industry direction.  We also need to start promoting Women in Cybersecurity as role models in our teaching and in the case studies around. The more success we can demonstrate among women in cybersecurity, the more women will venture in our industry. And then we will need to make it worth for them...
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4588
PUBLISHED: 2020-10-30
IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579.
CVE-2020-4584
PUBLISHED: 2020-10-30
IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184574.
CVE-2020-7759
PUBLISHED: 2020-10-30
The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://v...
CVE-2020-7760
PUBLISHED: 2020-10-30
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vu...
CVE-2020-27014
PUBLISHED: 2020-10-30
Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash. An attacker must first obtain the ability to execute high-privileged code on the targ...