Where Are the Women? Making Cybersecurity More Inclusive

The cybersecurity threat continues to rage, and much has already been said about the need for concerted, coordinated, and cohesive steps to combat the menace. A cybersecurity policy is necessary for all institutions, whether big or small, to ensure the entire organization moves in the right direction. This policy, in turn, needs cybersecurity professionals who envisage a strategy to keep the organizations' needs, strengths, and weaknesses in sight. It's no surprise to hear, therefore, that there is a shortage of such professionals. One of the quickest solutions to this 3.4 million shortage is to tap into the underrepresented demographic, women.

According to the International Information System Security Certification Consortium (PDF), women are only 24% of the workforce for cybersecurity professionals. However, the numbers go down to 5% for the Middle East and Africa. This disparity is ironic as it is women who face disproportional levels of online harassment and can contribute invaluable insights for the counteroffensive for many cybersecurity spaces. Consequently, there is a clear need to identify the pain points and decide on actionable measures to close the gender gap.

Overcoming the Gender Gap

Understanding the reasons for this gender gap is an excellent place to start. Some of the identified factors are "industry perception and culture, societal and family constraints, barriers to entry due to limited digital and cyber literacy, wage gaps, lower earning potential at every level, missed or delayed promotions, and a much harder path to reach the upper echelons of the corporate world." A glance at these factors reveals that they mirror the shackles faced by women a couple of decades ago for the regular workforce. As a result, learning from earlier successes can be a viable solution.

The first step should focus on building awareness for the industry as a whole and at a micro level so that the organization can understand the gap and take steps to address it. For example, Atos, an informational technology service, has created a strategy to rebalance its gender equity by improving shortlisting of women candidates by 20%, having 40% more women hires, and initiating 400% more mentorship programs for them. The latter is an important point, as mere hiring does not address the above-mentioned factors; women must be retained and allowed to grow into their roles.

Another factor hindering women in cybersecurity and general tech roles is the fear that they do not allow a good work-life balance. The Global Cybersecurity Forum is working to counteract such concerns by engaging girls with STEM. However, this engagement will remain an empty promise unless the industry reciprocates with better work-life balance policies and support for women professionals.

Mentoring is another technique for aiding women's retention in cybersecurity jobs. For example, the International Telecommunication Union has designed a learning program revolving around mentorship in cybersecurity to encourage more women to assume leadership roles in this sector. The program uses examples of existing leaders to set role models that can help create identification and aspiration in young women. Further, opportunities to network are also extended, which can be a gold mine of insights, support, and the formation of an industrywide offensive against online miscreants.

These measures are by no means the only actionable steps that can be devised to encourage and sustain more women in this industry. However, they do offer a starting point for tapping into this resource.

Gender Equality Benefits

As the drive to engage with women is initiated, it is equally essential to establish excellent reasons for this initiative among men. The advantages of bringing in gender equality extend beyond the need for finding more professionals to combat the cybersecurity threat. Research has shown that gender diversity supports better decision-making, with inclusive teams making better decisions 87% of the time. At a time when cybercriminals are growing bolder, using creativity to break down defenses, and demanding increasing amounts of ransomware, there has never been a greater need to come up with innovative solutions. A variety of perspectives can aid in holistic, better-designed solutions. With such benefits, it is natural to wonder what can be done by the state and the industry to encourage women into the fold.

Apart from assessing and recruiting women to balance the skewed ratio of men and women in cybersecurity roles, the industry can work toward building policies allowing women to take career breaks if they want. Initiatives like IBM's "returnship" program can support women to brush up on their skills and rejoin their career path after a pause. Mentoring has already been cited as an initiative already operationalized by industrial forums. Mentoring should be combined with a precise mapping of career paths for professionals. It can be further supported with events like hackathons for women, training programs focusing on skill gaps, and workshops leading conversations and discussions on the subject.

The US government can help with some of these events. It is already considering the benefits of encouraging female veterans into cybersecurity roles as they possess the skills and basic training to fit the bill. However, there is a long path in front of the state as the US government statistics show a lower-than-average presence of women in American cybersecurity professional roles. For the US government, the first steps need to be initiated closer home before they contemplate their role in building a foundation for catapulting women into the cybersecurity industry.