Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

11/2/2016
10:00 AM
Todd Thibodeaux
Todd Thibodeaux
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

It's Time To Address The Cybersecurity Gender Gap Before It's Too Late

It will take years to substantively raise the percentage of women in cybersecurity, so the tech industry better start working at it now.

It's well known that women are underrepresented in technology roles. While women make up 47% of the workforce, only 34% of tech industry professionals are women. Within the cybersecurity sector, the numbers are even worse. Only 10% of IT security workers are women, contributing to a projected 1.5 million unfilled positions within the industry by 2020.

While it's unfeasible to completely close the cybersecurity gender gap within three years, this should serve as a wake-up call for educators and employers to more seriously address the dearth of women in cybersecurity and technology more broadly.

Image Source: CompTia 'Make Tech Her Story'
Image Source: CompTia 'Make Tech Her Story'

The Costs of Gender Imbalance
Women's dramatic underrepresentation in the cybersecurity sector isn't just bad optics, it's a shortcoming that will continue to undermine the industry. Data breaches are projected to cost businesses $2.1 trillion by 2019, but organizations will be ill-equipped to manage the aftermath of these incidents if they're unable to recruit and retain the cybersecurity talent they need. With an almost exclusively male workforce, it's evident that the cybersecurity sector needs to seek out new avenues of growth. Increasing women's presence in the cybersecurity industry would largely fill the gap.

Even if women only reached representational parity with the IT industry at large — making up 34% of the cybersecurity workforce without replacing existing professionals — women would more than fill the projected employee deficit. When nearly half the population represents an untapped source of expertise, employers need to reassess how they attract and train cybersecurity professionals.

Break the Tech Stigma Early
The cybersecurity sector faces many of the same challenges as the tech industry at large: women largely self-select out of IT occupations at a young age. Twenty-seven percent of middle-school girls have considered an IT career, but this number drops to only 18% by the time they reach high school, according to a new CompTIA campaign.

While businesses and schools have traditionally addressed this challenge with tech education programs, they're far from a silver bullet. Girls who have taken a tech class are slightly more likely to consider a tech career than girls on average (32% compared to 23%, respectively), but on its own, changing the curriculum isn't enough. 

Knowing someone in the industry is a much more effective predictor of interest in a future career. Only 37% of girls know someone with a job in the tech industry, but 60% of those who do have considered an IT career. Similarly, the most commonly cited reason for not pursuing tech is a lack of information about what these jobs involve (69%), which is easily addressed with access to a guardian or mentor with industry experience.

Industry Ambassadors
Organizations face stiff challenges to attracting women to cybersecurity, but thankfully they already have the resources they need to improve their situation.

Women currently working in the sector can provide valuable guidance, acting as mentors to the next generation of potential cybersecurity workers. Cybersecurity professionals such as Google's Parisa Tabriz and Katie Moussouris (who helped launch Microsoft's bug bounty program) can help promote a healthy image of women thriving in the sector, reshaping public perception of what a security expert looks like.

Of course, it's not enough to focus exclusively on young women. Retraining opportunities allow women already in the workforce the opportunity to transition to a cybersecurity role. Especially as business process evolution and innovation continue to accelerate, employer emphasis is shifting from extended periods of occupation-specific preparation to more agile certification-based training. Businesses should support employees through cybersecurity training and certification programs to ensure that they're attracting women from a variety of educational backgrounds, not just those who specialized in information security in college.

Gender Parity
It will take time before the cybersecurity sector can attract more women to fill its ranks. Moving forward, organizations must more actively recruit women, especially amid security threats of growing severity and cost.

Reaching gender parity will take concerted effort from both businesses and educators, but an approach focusing on mentorship and continual training can help bridge the gap. By committing to a more inclusive workforce, employers can encourage more women to pursue careers as cybersecurity professionals.

Related Content:

Black Hat Europe 2016 is coming to London's Business Design Centre November 1 through 4. Click for information on the briefing schedule and to register.

Todd Thibodeaux is the president and chief executive officer of the Computing Technology Industry Association, the leading trade association representing the business interests of the global information technology industry. He is responsible for leading strategy, development ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
lorraine89
50%
50%
lorraine89,
User Rank: Ninja
11/9/2016 | 9:09:46 AM
Cyber security
Cyber security is something so important and yet it has been totally ignored and neglected by the millennials and all. It is important to start securing our IP addresses from possible data hacks or IP tracking services. I use PureVPN US server to anonymize my IP address and to securely browse the web without anyone snooping me around. 

https://www.purevpn.com 
lorraine89
50%
50%
lorraine89,
User Rank: Ninja
11/9/2016 | 9:09:21 AM
Cyber security
Cyber security is something so important and yet it has been totally ignored and neglected by the millennials and all. It is important to start securing our IP addresses from possible data hacks or IP tracking services. I use PureVPN US server to anonymize my IP address and to securely browse the web without anyone snooping me around. 

https://www.purevpn.com 
misty0219
0%
100%
misty0219,
User Rank: Apprentice
11/8/2016 | 12:34:31 PM
Re: Edit requested
I couldn't agree more. I'm currently in the process of focusing much more on cybersecurity and it's not a walk in the park without guidance. Luckily, I'm used to the struggle of being a woman in the field so it's tolerable. Finding a female mentor is challenging and, while I hate to say it, I've had more support from the males throughout my whole career. The very simple fact of the matter is, the women that are in the roles to offer guidance usually don't. Change starts with other women in the field and nobody else. 
BrooklynNellie2
50%
50%
BrooklynNellie2,
User Rank: Strategist
11/4/2016 | 9:34:17 AM
Are Women Smarter?
As evidenced by their avoidance of this boring and thankless job, I have to conclude that the answer is "yes".
rstoney
100%
0%
rstoney,
User Rank: Strategist
11/3/2016 | 9:26:15 AM
Qualified people > Gender Gap
My work in the IT Security field is more focused on the technical aspects.  As such I tend to care not a bit about your gender.  As a co-worker - I care about the quality of your work and your knowledge.

If you are better than I - I will learn from you

If you are about equal - we can learn from each other

If I am better than you - I will teach you.

I don't care if you are male/female.  It won't matter to me if you color your hair chartreuse. (although I will tease you about it) I don't care about your age.  

 

This "gender gap" worry is inane.  I am dramatically more concerned with "skilled people"   As should you be.
DavidA833
67%
33%
DavidA833,
User Rank: Apprentice
11/3/2016 | 7:46:56 AM
Re: Gebder Bias
Is this even a serious post?  We have barely a soul in the cybersecurity inductry, and the person is screaming gender biased?  Give the industry a chance to even start before you start decrying its failures.

You must have al daughters - or your wife is mad at you.
banasidhe
50%
50%
banasidhe,
User Rank: Apprentice
11/3/2016 | 2:05:15 AM
Edit requested
FTFY

 

Women currently working in the sector can provide valuable guidance, acting as mentors to the next generation of potential cybersecurity workers. Cybersecurity professionals such as Google's Parisa Tabriz and Katie Moussouris (who helped launched Microsoft's bug bounty program) can help promote a healthy image of women thriving in the sector, reshaping public perception of what a security expert looks like.
<<   <   Page 2 / 2
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19012
PUBLISHED: 2019-11-17
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or ...
CVE-2019-19022
PUBLISHED: 2019-11-17
iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git r...
CVE-2019-19035
PUBLISHED: 2019-11-17
jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.
CVE-2019-19011
PUBLISHED: 2019-11-17
MiniUPnP ngiflib 0.4 has a NULL pointer dereference in GifIndexToTrueColor in ngiflib.c via a file that lacks a palette.
CVE-2019-19010
PUBLISHED: 2019-11-16
Eval injection in the Math plugin of Limnoria (before 2019.11.09) and Supybot (through 2018-05-09) allows remote unprivileged attackers to disclose information or possibly have unspecified other impact via the calc and icalc IRC commands.