Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

// // //
10:00 AM
Sarah Tatsis
Sarah Tatsis
Connect Directly
E-Mail vvv

How Recruiting Women Can Help Solve Security's Biggest Problems

We can solve cybersecurity's longstanding talent gap by bringing more women into the field.

Long before the COVID-19 pandemic, the cybersecurity profession faced a talent crisis. Multiple studies show a growing skills gap in the field; while the numbers quantifying unmet demand vary, the message is consistent. There are simply not enough cybersecurity experts in the global market to manage the growing number and range of cyber-risks out there. 

It's clear that COVID-19 made these talent problems more acute. The sudden shift to remote work accelerated the expansion of the attack surface through a precipitous rise of Internet of Things (IoT) and connected devices. Meanwhile, cybercriminals redoubled their efforts to lob phishing, ransomware, and other attacks against the newly distributed workforce. This combination of an overwhelming expansion of the attack surface and threat volume increases pressure on already strained security professionals, strengthening the need for reinforcements to help them fight the good fight.

Related Content:

The Cybersecurity Skills Gap: It Doesn't Have to Be This Way

Special Report: Understanding Your Cyber Attackers

New From The Edge: FBI Encounters: Reporting and Insider Security Incident to the Feds

Layered on top are the troubling work-life balance trends that have caused many workers — in IT, cybersecurity, and beyond — to withdraw from the workforce to help children in online learning, care for sick relatives, and tend to other personal matters. Early studies show that the effects of COVID have disproportionately affected women's career and economic wellbeing. This may be the perfect moment to plan a dramatic, strategic shift in how companies attract, recruit, and retain a new and expanded generation of cybersecurity rock stars.

An Opportunity to Reduce Risk
As vaccines come available and the world recovers, the post-COVID era will be an opportunity to recruit more women to cybersecurity careers at all levels. By focusing on reengagement campaigns with women and training female professionals seeking to reenter the workforce, cybersecurity organizations may be able to kick-start momentum in recruiting women into the field. Hopefully, these gains can snowball into more outreach to girls as they progress through school and enter the workforce.

This may enable the cybersecurity industry to solve some of the broader talent problems that have been endemic to the career for a long time. This includes three of the biggest ones hiring managers and team leaders are trying to address. 

1. Filling the Talent Gap
There are millions of open positions, and statistically, the only way we'll be able to fill them is by broadening the field of prospective employees. Women have been underrepresented in cybersecurity, which is artificially restricting the pool of candidates. It makes no sense to leave half the population out. The more we encourage and facilitate women to enter the field, the easier it will be to fill the talent gap. 

2. Creating a More Resilient Brain Trust
Managers are not only struggling to find enough bodies to fill their teams; they also need a range of creative thinkers who bring different perspectives to the threats they face. Anticipating a range of risks and threats in advance and coming up with expedient ways of dealing with vulnerabilities and incidents as they happen are harder when everyone on the team comes from the same cultural and educational backgrounds. Adding more women to the mix creates a diverse workforce that incorporates different modes of working on a problem, different viewpoints, and different backgrounds. This makes the industry stronger. 

3. Tackling a Greater Diversity of Threats
Diversity in perspective could also help the security profession broaden its mission beyond its dogged focus on data breaches to solving difficult and dangerous social issues. For example, using technology to perpetrate gender-based violence is a growing problem, and getting more female representation in cybersecurity may help shift the focus toward addressing these threats. BlackBerry recently sponsored a great event about technology-facilitated gender-based violence by The Centre for International Governance Innovation and Soroptimist International of Kitchener-Waterloo that discussed issues such as deepfake technology used to fabricate sexual images, public disclosure of private information, stalkerware, doxing, online harassment, unauthorized access to information or devices, and other tactics that perpetrate physical, psychological, emotional, and economic harm. To tackle these kinds of serious, gender-based threats, it's important to have a diverse group looking at ways to reduce risk. 

What It Will Take to Recruit Women Into Cybersecurity
Bringing women to the field is no simple task. It will take a combination of outreach and educational programs to recruit women at all stages of educational and professional development. It's important to demystify cybersecurity so that women and girls understand it isn't just hackers with hoodies doing mystical things with code. For example, the Digital Defenders program BlackBerry created with the Girl Guides of Canada encourages girls to take a "how stuff works" approach to cybersecurity, giving them a robust and in-depth look at industry-specific topics through play and discovery-based learning. Companies also need to create inclusive environments where all genders thrive.

At BlackBerry, we're using our internal programs and funding external initiatives to boost the diversity of the workforce. I encourage my security peers at other organizations — vendors, consultancies, governments, and enterprises alike — to advocate for investments to bring more women into the cybersecurity fold. I believe this effort can help solve some of the most acute problems the industry faces.

Sarah Tatsis is the VP, Advanced Technology Development Labs at BlackBerry. Sarah and her team of engineers are responsible for taking new technologies from ideation, to incubation, to delivery into BlackBerry products and for helping BlackBerry stay on the cutting edge of ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Moderator
2/6/2021 | 1:10:47 PM
Interest Isnt The Only Problem
Does your daughter have a solid underpinning IT education. With the WW shortage of cybersecurity skills to fill the 3.5m positions I find the lack of response puzzing too. Might I ask where the degree was obtained?

Cybersec is not a silo subject; it needs knowlege of other aspects of IT, such as networks. monitors and some peronal ideas about the analysis of network traffic to sort th good guys form the bad. Alo, I suggest she looks at RINA (Recursive Internet Architecture), bne up and sock it to them; it is 100% faster and more secure that the curent , poorly desinged nternet and the products which support it. Can help here but not in the detal.

User Rank: Apprentice
2/4/2021 | 3:02:27 PM
Interest Isnt The Only Problem
While I agree that there may be limited interest in the field from our young women, this is not the only barrier they face. My daughter obtained a cybersecurity degree with a desire to pursue this line of work a year ago, and has yet to receive a call back for any of the cyber positions that she has applied for. I applaud your efforts at Blackberry, but I am not certain that the rest of the industry is as forward thinking.
User Rank: Moderator
2/3/2021 | 2:05:22 PM
Females in Cybersecurity
I devised a survey for female student aged 14-18 on why they didn't take up compting studies at school. The top reasons were it is boring, needs to much maths and is geekish, a male preserve, The 'computing' in question is computer science (CS) which today bears little resemblance to what the workplace wants. You cannot push females of this persuasion directly into cybersecurity from a standing start. They need a comprehensive, pragmatic underpinning computing knowledge befoe moving to specialisation. The current underpinning (CS) is inadequate and they cannot pick up cybersecurity without this (non-existent) base any more than a medic can become a heart specialist without going through general medical school first.

This approach to specialisation is a huge mistake, made by people who do not understand the current fast moving and evolving computing scenario today. Can demonstrate this if necessary.

Terry Critchley  [email protected] with 50-year notches on my IT gun.
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file