Long before the COVID-19 pandemic, the cybersecurity profession faced a talent crisis. Multiple studies show a growing skills gap in the field; while the numbers quantifying unmet demand vary, the message is consistent. There are simply not enough cybersecurity experts in the global market to manage the growing number and range of cyber-risks out there.
It's clear that COVID-19 made these talent problems more acute. The sudden shift to remote work accelerated the expansion of the attack surface through a precipitous rise of Internet of Things (IoT) and connected devices. Meanwhile, cybercriminals redoubled their efforts to lob phishing, ransomware, and other attacks against the newly distributed workforce. This combination of an overwhelming expansion of the attack surface and threat volume increases pressure on already strained security professionals, strengthening the need for reinforcements to help them fight the good fight.
Layered on top are the troubling work-life balance trends that have caused many workers — in IT, cybersecurity, and beyond — to withdraw from the workforce to help children in online learning, care for sick relatives, and tend to other personal matters. Early studies show that the effects of COVID have disproportionately affected women's career and economic wellbeing. This may be the perfect moment to plan a dramatic, strategic shift in how companies attract, recruit, and retain a new and expanded generation of cybersecurity rock stars.
An Opportunity to Reduce Risk
As vaccines come available and the world recovers, the post-COVID era will be an opportunity to recruit more women to cybersecurity careers at all levels. By focusing on reengagement campaigns with women and training female professionals seeking to reenter the workforce, cybersecurity organizations may be able to kick-start momentum in recruiting women into the field. Hopefully, these gains can snowball into more outreach to girls as they progress through school and enter the workforce.
This may enable the cybersecurity industry to solve some of the broader talent problems that have been endemic to the career for a long time. This includes three of the biggest ones hiring managers and team leaders are trying to address.
1. Filling the Talent Gap
There are millions of open positions, and statistically, the only way we'll be able to fill them is by broadening the field of prospective employees. Women have been underrepresented in cybersecurity, which is artificially restricting the pool of candidates. It makes no sense to leave half the population out. The more we encourage and facilitate women to enter the field, the easier it will be to fill the talent gap.
2. Creating a More Resilient Brain Trust
Managers are not only struggling to find enough bodies to fill their teams; they also need a range of creative thinkers who bring different perspectives to the threats they face. Anticipating a range of risks and threats in advance and coming up with expedient ways of dealing with vulnerabilities and incidents as they happen are harder when everyone on the team comes from the same cultural and educational backgrounds. Adding more women to the mix creates a diverse workforce that incorporates different modes of working on a problem, different viewpoints, and different backgrounds. This makes the industry stronger.
3. Tackling a Greater Diversity of Threats
Diversity in perspective could also help the security profession broaden its mission beyond its dogged focus on data breaches to solving difficult and dangerous social issues. For example, using technology to perpetrate gender-based violence is a growing problem, and getting more female representation in cybersecurity may help shift the focus toward addressing these threats. BlackBerry recently sponsored a great event about technology-facilitated gender-based violence by The Centre for International Governance Innovation and Soroptimist International of Kitchener-Waterloo that discussed issues such as deepfake technology used to fabricate sexual images, public disclosure of private information, stalkerware, doxing, online harassment, unauthorized access to information or devices, and other tactics that perpetrate physical, psychological, emotional, and economic harm. To tackle these kinds of serious, gender-based threats, it's important to have a diverse group looking at ways to reduce risk.
What It Will Take to Recruit Women Into Cybersecurity
Bringing women to the field is no simple task. It will take a combination of outreach and educational programs to recruit women at all stages of educational and professional development. It's important to demystify cybersecurity so that women and girls understand it isn't just hackers with hoodies doing mystical things with code. For example, the Digital Defenders program BlackBerry created with the Girl Guides of Canada encourages girls to take a "how stuff works" approach to cybersecurity, giving them a robust and in-depth look at industry-specific topics through play and discovery-based learning. Companies also need to create inclusive environments where all genders thrive.
At BlackBerry, we're using our internal programs and funding external initiatives to boost the diversity of the workforce. I encourage my security peers at other organizations — vendors, consultancies, governments, and enterprises alike — to advocate for investments to bring more women into the cybersecurity fold. I believe this effort can help solve some of the most acute problems the industry faces.