Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

// // //
10:00 AM
Sarah Tatsis
Sarah Tatsis
Connect Directly
E-Mail vvv

How Recruiting Women Can Help Solve Security's Biggest Problems

We can solve cybersecurity's longstanding talent gap by bringing more women into the field.

Long before the COVID-19 pandemic, the cybersecurity profession faced a talent crisis. Multiple studies show a growing skills gap in the field; while the numbers quantifying unmet demand vary, the message is consistent. There are simply not enough cybersecurity experts in the global market to manage the growing number and range of cyber-risks out there. 

It's clear that COVID-19 made these talent problems more acute. The sudden shift to remote work accelerated the expansion of the attack surface through a precipitous rise of Internet of Things (IoT) and connected devices. Meanwhile, cybercriminals redoubled their efforts to lob phishing, ransomware, and other attacks against the newly distributed workforce. This combination of an overwhelming expansion of the attack surface and threat volume increases pressure on already strained security professionals, strengthening the need for reinforcements to help them fight the good fight.

Related Content:

The Cybersecurity Skills Gap: It Doesn't Have to Be This Way

Special Report: Understanding Your Cyber Attackers

New From The Edge: FBI Encounters: Reporting and Insider Security Incident to the Feds

Layered on top are the troubling work-life balance trends that have caused many workers — in IT, cybersecurity, and beyond — to withdraw from the workforce to help children in online learning, care for sick relatives, and tend to other personal matters. Early studies show that the effects of COVID have disproportionately affected women's career and economic wellbeing. This may be the perfect moment to plan a dramatic, strategic shift in how companies attract, recruit, and retain a new and expanded generation of cybersecurity rock stars.

An Opportunity to Reduce Risk
As vaccines come available and the world recovers, the post-COVID era will be an opportunity to recruit more women to cybersecurity careers at all levels. By focusing on reengagement campaigns with women and training female professionals seeking to reenter the workforce, cybersecurity organizations may be able to kick-start momentum in recruiting women into the field. Hopefully, these gains can snowball into more outreach to girls as they progress through school and enter the workforce.

This may enable the cybersecurity industry to solve some of the broader talent problems that have been endemic to the career for a long time. This includes three of the biggest ones hiring managers and team leaders are trying to address. 

1. Filling the Talent Gap
There are millions of open positions, and statistically, the only way we'll be able to fill them is by broadening the field of prospective employees. Women have been underrepresented in cybersecurity, which is artificially restricting the pool of candidates. It makes no sense to leave half the population out. The more we encourage and facilitate women to enter the field, the easier it will be to fill the talent gap. 

2. Creating a More Resilient Brain Trust
Managers are not only struggling to find enough bodies to fill their teams; they also need a range of creative thinkers who bring different perspectives to the threats they face. Anticipating a range of risks and threats in advance and coming up with expedient ways of dealing with vulnerabilities and incidents as they happen are harder when everyone on the team comes from the same cultural and educational backgrounds. Adding more women to the mix creates a diverse workforce that incorporates different modes of working on a problem, different viewpoints, and different backgrounds. This makes the industry stronger. 

3. Tackling a Greater Diversity of Threats
Diversity in perspective could also help the security profession broaden its mission beyond its dogged focus on data breaches to solving difficult and dangerous social issues. For example, using technology to perpetrate gender-based violence is a growing problem, and getting more female representation in cybersecurity may help shift the focus toward addressing these threats. BlackBerry recently sponsored a great event about technology-facilitated gender-based violence by The Centre for International Governance Innovation and Soroptimist International of Kitchener-Waterloo that discussed issues such as deepfake technology used to fabricate sexual images, public disclosure of private information, stalkerware, doxing, online harassment, unauthorized access to information or devices, and other tactics that perpetrate physical, psychological, emotional, and economic harm. To tackle these kinds of serious, gender-based threats, it's important to have a diverse group looking at ways to reduce risk. 

What It Will Take to Recruit Women Into Cybersecurity
Bringing women to the field is no simple task. It will take a combination of outreach and educational programs to recruit women at all stages of educational and professional development. It's important to demystify cybersecurity so that women and girls understand it isn't just hackers with hoodies doing mystical things with code. For example, the Digital Defenders program BlackBerry created with the Girl Guides of Canada encourages girls to take a "how stuff works" approach to cybersecurity, giving them a robust and in-depth look at industry-specific topics through play and discovery-based learning. Companies also need to create inclusive environments where all genders thrive.

At BlackBerry, we're using our internal programs and funding external initiatives to boost the diversity of the workforce. I encourage my security peers at other organizations — vendors, consultancies, governments, and enterprises alike — to advocate for investments to bring more women into the cybersecurity fold. I believe this effort can help solve some of the most acute problems the industry faces.

Sarah Tatsis is the VP, Advanced Technology Development Labs at BlackBerry. Sarah and her team of engineers are responsible for taking new technologies from ideation, to incubation, to delivery into BlackBerry products and for helping BlackBerry stay on the cutting edge of ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Moderator
2/6/2021 | 1:10:47 PM
Interest Isnt The Only Problem
Does your daughter have a solid underpinning IT education. With the WW shortage of cybersecurity skills to fill the 3.5m positions I find the lack of response puzzing too. Might I ask where the degree was obtained?

Cybersec is not a silo subject; it needs knowlege of other aspects of IT, such as networks. monitors and some peronal ideas about the analysis of network traffic to sort th good guys form the bad. Alo, I suggest she looks at RINA (Recursive Internet Architecture), bne up and sock it to them; it is 100% faster and more secure that the curent , poorly desinged nternet and the products which support it. Can help here but not in the detal.

User Rank: Apprentice
2/4/2021 | 3:02:27 PM
Interest Isnt The Only Problem
While I agree that there may be limited interest in the field from our young women, this is not the only barrier they face. My daughter obtained a cybersecurity degree with a desire to pursue this line of work a year ago, and has yet to receive a call back for any of the cyber positions that she has applied for. I applaud your efforts at Blackberry, but I am not certain that the rest of the industry is as forward thinking.
User Rank: Moderator
2/3/2021 | 2:05:22 PM
Females in Cybersecurity
I devised a survey for female student aged 14-18 on why they didn't take up compting studies at school. The top reasons were it is boring, needs to much maths and is geekish, a male preserve, The 'computing' in question is computer science (CS) which today bears little resemblance to what the workplace wants. You cannot push females of this persuasion directly into cybersecurity from a standing start. They need a comprehensive, pragmatic underpinning computing knowledge befoe moving to specialisation. The current underpinning (CS) is inadequate and they cannot pick up cybersecurity without this (non-existent) base any more than a medic can become a heart specialist without going through general medical school first.

This approach to specialisation is a huge mistake, made by people who do not understand the current fast moving and evolving computing scenario today. Can demonstrate this if necessary.

Terry Critchley  [email protected] with 50-year notches on my IT gun.
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-01-27
A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file admin/expense_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to initiate the attack r...
PUBLISHED: 2023-01-27
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/add_payment.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely....
PUBLISHED: 2023-01-27
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/approve_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely...
PUBLISHED: 2023-01-27
A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/booking_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to launch the attack remotel...
PUBLISHED: 2023-01-27
A vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/disapprove_user.php. The manipulation of the argument id leads to sql injection. The attack can be launche...