Operations

11/2/2016
10:00 AM
Todd Thibodeaux
Todd Thibodeaux
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

It's Time To Address The Cybersecurity Gender Gap Before It's Too Late

It will take years to substantively raise the percentage of women in cybersecurity, so the tech industry better start working at it now.

It's well known that women are underrepresented in technology roles. While women make up 47% of the workforce, only 34% of tech industry professionals are women. Within the cybersecurity sector, the numbers are even worse. Only 10% of IT security workers are women, contributing to a projected 1.5 million unfilled positions within the industry by 2020.

While it's unfeasible to completely close the cybersecurity gender gap within three years, this should serve as a wake-up call for educators and employers to more seriously address the dearth of women in cybersecurity and technology more broadly.

Image Source: CompTia 'Make Tech Her Story'
Image Source: CompTia 'Make Tech Her Story'

The Costs of Gender Imbalance
Women's dramatic underrepresentation in the cybersecurity sector isn't just bad optics, it's a shortcoming that will continue to undermine the industry. Data breaches are projected to cost businesses $2.1 trillion by 2019, but organizations will be ill-equipped to manage the aftermath of these incidents if they're unable to recruit and retain the cybersecurity talent they need. With an almost exclusively male workforce, it's evident that the cybersecurity sector needs to seek out new avenues of growth. Increasing women's presence in the cybersecurity industry would largely fill the gap.

Even if women only reached representational parity with the IT industry at large — making up 34% of the cybersecurity workforce without replacing existing professionals — women would more than fill the projected employee deficit. When nearly half the population represents an untapped source of expertise, employers need to reassess how they attract and train cybersecurity professionals.

Break the Tech Stigma Early
The cybersecurity sector faces many of the same challenges as the tech industry at large: women largely self-select out of IT occupations at a young age. Twenty-seven percent of middle-school girls have considered an IT career, but this number drops to only 18% by the time they reach high school, according to a new CompTIA campaign.

While businesses and schools have traditionally addressed this challenge with tech education programs, they're far from a silver bullet. Girls who have taken a tech class are slightly more likely to consider a tech career than girls on average (32% compared to 23%, respectively), but on its own, changing the curriculum isn't enough. 

Knowing someone in the industry is a much more effective predictor of interest in a future career. Only 37% of girls know someone with a job in the tech industry, but 60% of those who do have considered an IT career. Similarly, the most commonly cited reason for not pursuing tech is a lack of information about what these jobs involve (69%), which is easily addressed with access to a guardian or mentor with industry experience.

Industry Ambassadors
Organizations face stiff challenges to attracting women to cybersecurity, but thankfully they already have the resources they need to improve their situation.

Women currently working in the sector can provide valuable guidance, acting as mentors to the next generation of potential cybersecurity workers. Cybersecurity professionals such as Google's Parisa Tabriz and Katie Moussouris (who helped launch Microsoft's bug bounty program) can help promote a healthy image of women thriving in the sector, reshaping public perception of what a security expert looks like.

Of course, it's not enough to focus exclusively on young women. Retraining opportunities allow women already in the workforce the opportunity to transition to a cybersecurity role. Especially as business process evolution and innovation continue to accelerate, employer emphasis is shifting from extended periods of occupation-specific preparation to more agile certification-based training. Businesses should support employees through cybersecurity training and certification programs to ensure that they're attracting women from a variety of educational backgrounds, not just those who specialized in information security in college.

Gender Parity
It will take time before the cybersecurity sector can attract more women to fill its ranks. Moving forward, organizations must more actively recruit women, especially amid security threats of growing severity and cost.

Reaching gender parity will take concerted effort from both businesses and educators, but an approach focusing on mentorship and continual training can help bridge the gap. By committing to a more inclusive workforce, employers can encourage more women to pursue careers as cybersecurity professionals.

Related Content:

Black Hat Europe 2016 is coming to London's Business Design Centre November 1 through 4. Click for information on the briefing schedule and to register.

Todd Thibodeaux is the president and chief executive officer of the Computing Technology Industry Association, the leading trade association representing the business interests of the global information technology industry. He is responsible for leading strategy, development ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
kasstri
50%
50%
kasstri,
User Rank: Strategist
11/29/2016 | 12:23:18 PM
Re: keydown
Is this even a serious post?  We have barely a soul in the cybersecurity inductry, and the person is screaming gender biased?  Give the industry a chance to even start before you start decrying its failures.
Benefiter
50%
50%
Benefiter,
User Rank: Apprentice
11/28/2016 | 10:02:40 AM
dodatkowy zarobek praca w niemczech
Thank you, I've been seeking for info about this subject matter for ages and yours is the best I have discovered so far.
syntax_attack
50%
50%
syntax_attack,
User Rank: Strategist
11/14/2016 | 9:48:25 AM
This is nonsense
Oh no, there isn't an exact demographic representation in an industry?!?!  RACISM!! SEXISM!!

 

This is nonsense, pure and simple.  I just want the most qualified individuals for the position, and those who are going to enjoy working in the field.  I don't care if this means 90% of nurses are women or 90% of IT professionals are men.  The truth of the matter is men and women are different, we generally enjoy different things.  Men are on average more drawn towards STEM fields, and women are more drawn to fields with personal interaction.  There is nothing wrong with this and trying to force parity when it wouldn't naturally arise is just a recipe for pushing less competent people into positions they will probably be unhappy in.  Furthermore, until people are pushing for gender parity in the dangerous, dirty, labor-intensive and generally less-coveted jobs that men currently dominate these cries for "gender parity" will seem as disingenuous as they are when the hypocrisy is laid bare.
Benefiter
50%
50%
Benefiter,
User Rank: Apprentice
11/12/2016 | 10:14:23 AM
Re: dodatkowy zarobek
It's actually a cool and useful piece of information. I am glad that you shared this helpful information with us. Please keep us informed like this. Thank you for sharing.
Benefiter
50%
50%
Benefiter,
User Rank: Apprentice
11/12/2016 | 10:09:28 AM
Re:
It is difficult to say exactly what the author tried to say, but i liked it. Good post! But if u want more information read another one
Lily652
50%
50%
Lily652,
User Rank: Moderator
11/12/2016 | 5:07:51 AM
prayer times

Thank you for this incredible information. It was very useful for me, I ll be looking forward your new posts. 

Lily652
50%
50%
Lily652,
User Rank: Moderator
11/12/2016 | 5:07:33 AM
prayer times

Thank you for this incredible information. It was very useful for me, I ll be looking forward your new posts. 

Lily652
50%
50%
Lily652,
User Rank: Moderator
11/12/2016 | 5:07:04 AM
prayer times

Thank you for this incredible information. It was very useful for me, I ll be looking forward your new posts. 

Benefiter
50%
50%
Benefiter,
User Rank: Apprentice
11/11/2016 | 12:00:49 PM
dodatkowy zarobek
Thank you, I've been seeking for info about this subject matter for ages and yours is the best I have discovered so far.
kasstri
0%
100%
kasstri,
User Rank: Strategist
11/10/2016 | 7:24:03 AM
Thanks
Good post! Your site raising my mood every time! Thanks
Page 1 / 2   >   >>
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc.,  8/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
The State of IT and Cybersecurity
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15607
PUBLISHED: 2018-08-21
In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and memory resources are consumed until ultimately an attempted large memory allocation fails. Remote atta...
CVE-2018-14795
PUBLISHED: 2018-08-21
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files.
CVE-2018-6692
PUBLISHED: 2018-08-21
Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet.
CVE-2018-14793
PUBLISHED: 2018-08-21
DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable to a buffer overflow exploit through an open communication port to allow arbitrary code execution.
CVE-2017-17305
PUBLISHED: 2018-08-21
Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher R...