We Desperately Need Women in Cybersecurity
On 8th March, events all over the world will be held to celebrate the social, economic, cultural and political achievements of women. Gender equality isn’t here yet, though, and a large part of this year’s International Women’s Day will focus on the need for a gender-balanced world and workplace.
There is no sector where this is more needed than the fast-expanding world of cybersecurity. While the number of women working in cybersecurity is gradually increasing, they still hold just 20% of the total positions.
Since the New York Times reported that, in 2018, “an estimated 3.5 million cybersecurity jobs will be available by unfilled by 2021″, the need for qualified people of any gender is obvious and, addressing this shortfall can be done only if the industry aims to employ “50 percent of women in cyber over the next decade”.
Female and fancy a career change? Keep reading.
Skills Shortfall Sees Cybersecurity Jobs Going Begging
Cybersecurity is a booming industry and statistics indicate that the sector enjoys a much faster growth rate than almost any other, with the current rate estimated to be “37% from 2012-2022”. The House of Research and Technology Chair, Haley Stevens, said: “many of the half-million cybersecurity job openings are going begging because college computer science graduates often lack the needed skills and hands-on experience”.
So why aren’t women rushing off to gain those qualifications and address the gender imbalance in cybersecurity? The answer, predictably, is money. “Aggrieved women of color in cybersecurity jobs make on average $10,000 less than their male counterparts”, making it more difficult to recruit and retain both women and minorities.
Addressing the salary inequality is one way to boost the number of women working in the cybersecurity industry while tackling the current job requirements could attract more “nontraditional candidates with diverse backgrounds and skillsets”.
IBM started dealing with the latter issue back in 2018 when it launched its New Collar initiative. By partnering with community colleges, IBM is developing different channels for training and qualification. The positions they’re looking for don’t fail into the normal white-collar or blue-collar categories and don’t require a traditional college education or bachelor’s degree. Instead, these jobs need people with specific capabilities and skills rather than academic qualifications. Many of these jobs are in cybersecurity, as well as other related fields like cognitive business, cloud computing, and digital design.
The Program Executive of IBM’s Innovation and Growth Initiatives, David Leasor, explained the motivation behind the New Collar initiative back in December 2018, saying “There are literally over half-a-million technology jobs that need to be filled in the United States right now, but our universities are only producing one-tenth of that number of computer science graduates”.
Currently, job applicants need a four-year degree to enter the cybersecurity sector, although shorter education programs are available. The problem is, according to Sonya Miller, director of IBM’s Security and Enterprise and Technology Human Resources, “Under existing law, students who need short-term programs of 150 to 600 hours length… are required to sign up for longer education programs or forgo federal financial assistance”.
Miller appealed to Congress, asking them to relax the regulations surrounding federal Pell grants to allow recipients “to use the money for shorter education programs that lead to certifications”.
Why We Need Women in Cybersecurity
Cybercrime doesn’t care if you’re male, female, gender-neutral, transgender, or gender fluid – it hits where it hurts, regardless. Malware infections, identity theft, and data breaches affect everyone, making cybersecurity everyone’s problem, so “why isn’t a greater cross-section of society solving it?”
Former IBM employee, entrepreneur, author and rocket scientist, Sylvia Acevedo asked this question in the foreword to Cybersecurity Ventures’ 2019 publication, Women Know Cyber: 100 Fascinating Females Fighting Cybercrime.
Acevedo also asserted, “if we have half of the population that is largely left out of the national fight against hacks, identity theft, malware, data breaches, and other cybersecurity battlegrounds, imagine the strategic and tactical blind spots we allow to take root”.
Acevedo argues that women and minority groups are vital to the ongoing war against cybercrime, providing a different perspective and eliminating blind spots. “The safety and security of our country depend upon more women raising their hand and engaging in this fight,” she writes.
Women in Cybersecurity: The Changing Tide
When it comes to cybersecurity’s struggle for gender balance, the tide is already changing. The fact that women now make up 20% of the cybersecurity workforce, up from 11% in 2013, is indicative of the sector’s efforts to address its historical gender inequality.
A couple of years ago, TechCrunch reported that “15% of newly established cybersecurity teams in 2017 had a female founder, an increase from 5% the previous year”. Similarly, India’s National Association of Software and Services Companies noted a “rising trend among women to take up the cybersecurity domain for their profession”.
The same trend is visible in some US companies as well. Take cybersecurity firm, Fortalice Solutions, for instance, which boasts a workforce of 42 staff, of which 40% are women. According to the CEO, Theresa Payton, things are on the up for women in cybersecurity, noting that “fraud prevention and cybersecurity are now converging”. A lot of women who previously held paper-based fraud prevention positions are now shifting to digital roles, and being welcomed in the cybersecurity sector as a result.
The world’s largest cybersecurity event is the RSA Conference which takes place each year. In 2019, the conference saw over 42,000 attendees and 740 speakers, of which 32% were women, as were 46% of the keynote speakers.
Cybersecurity Opportunities for Women
One interesting statistic revealed by the 2017 Women in Cybersecurity survey was that the majority of women in cybersecurity came to the sector viable unconventional routes and meandering career paths that took them via sales, psychology, and even art.
This is at odds with many people’s view of the cybersecurity industry which they see dominated by computer geeks and software developers who spent years locked in a dark room with only a blue screen for company. Conversely, cybersecurity offers a wealth of challenging positions including “project managers, technical writers, trainers, instructional designers, [and] social media managers”.
The opportunities are not only challenging but working in the cybersecurity sector also means you’ll get the following benefits:
Job security – with demand consistently outpacing supply, and the fact that “cyberattacks aren’t going away anytime in the foreseeable future, job security in this sector is strong”.
High salary – leaving aside the issue of unequal pay for a moment, women can earn anywhere between around $30,000 up to over $200,000 per year depending on their cybersecurity role. Those with a master’s degree, for example, could secure a healthy $233k annual income as a lead software engineer.
Job Satisfaction – both male and female cybersecurity workers enjoy a higher than average sense of job satisfaction. As men and women working in cybersecurity seem to share the same priorities, values, and aspirations, many enjoy “the opportunity to be surrounded by professionals that demonstrate a strong sense of ethics as well as trustworthiness”.
Women in Cybersecurity: Role Models and Case Studies
From the technical to the psychological, women are spearheading some of the most important developments in cybersecurity. With many eager to point out the many of the opportunities in cybersecurity are not technical positions but rather in areas such as analytics, compliance, marketing, project management, and risk, people like Diedre Diamond are blazing a trail for young women to follow.
Case Study One: Diedre Diamond
Diedre Diamond started in cybersecurity with one of the leading providers of analytics solutions for IT operations and cybersecurity challenges, Rapid7, and is now the founder of the not-for-profit leadership platform, Brainbabe, and CEO of CyberSN, a national company providing staffing solutions to the cybersecurity industry.
Armed with a liberal arts degree, Diamond started at the bottom, teaching employees about cybersecurity vulnerabilities. She then became Rapid7’s first vice president of sales and is now one of the leading cybersecurity professionals working to develop more opportunities for women in cybersecurity.
According to Diamond, more women should consider a job in cybersecurity, which she describes as a “sophisticated business” that can offer women the kind of challenges they thrive on. “Cybersecurity careers are the cutting edge. It’s the heart of the economy, of national security, of social behaviors,” she says.
Case Study Two: Dr. Alissa Johnson
The former Deputy Chief Information Officer for the White House and incumbent senior vice president and deputy chief security officer of Mastercard started her career as a cryptologic engineer.
Working for the US Department of Defense, Dr. Alissa Johnson served as “a mathematician, electrical engineer, and project manager for a myriad of cryptographic systems”. As the White House deputy CIO, Johnson “helped to modernize the Executive Office of the President’s IT systems, with cloud services and virtualization”.
Headhunted by the NSA after graduating from Savanna State University with a degree in mathematics, Johnson hasn’t had an easy ride, however, and admits she’s become “desensitized “ to being the only women in a meeting and says, “It’s not as scary as people may think it is”.
From the small agricultural town of Albany, Georgia, Johnson says she brings both a female and minority viewpoint to cybersecurity, saying, “I’m bringing a cultural diversity in thought perspective”.
How to Attract Women to Cybersecurity
Diedre Diamond believes a three-pronged approach to cybersecurity could solve the industry’s recruitment problems and bring more women to the sector.
The first step is to redefine what it means to work in cybersecurity and get away from the belief that all cybersecurity roles require technical experience. By moving away from the emphasis on high-tech positions and highlighting the need for business and communications skills, Diamond believes “we can attract the college graduates who think they wouldn’t be a good fit for cybersecurity jobs because they ‘aren’t technical’”.
More training could also address the current deficit in skilled applicants and give entry-level people appropriate training and “fully thought-out roles and responsibilities that people can work hard at to move up the ladder”.
Placing a greater emphasis on soft skills like communication, social intelligence, and people skills would, Diamond believes, “allow for greater retention of employees (both women and men), more revenue and happier work environments”.
Current Trends in Cybersecurity Employment
Although cybersecurity continues to grow at an alarming rate, offering employees more opportunities to develop and advance, job satisfaction within the sector has declined over the past couple of years. While a 2018 Exabeam poll indicated that 83% of cybersecurity professionals were satisfied with their jobs, last year, that had dropped to 71%.
The slump appears to be related to stress in the workplace and the ongoing battle to establish a good work-life balance. This shouldn’t put you off, however, as the answer to this problem is more people. In other words, by exploring a career in cybersecurity, you could be part of the solution. As security intelligence threat researcher, Charity Wright, says, “If we had more people, our workload wouldn’t be so heavy”.
Another issue affecting job satisfaction in cybersecurity is, again, money, with 40% of respondents saying, “they’re not satisfied with their current earnings”. “Qualifications matter in cybersecurity” with 71% of cybersecurity professionals having the minimum of a bachelor’s degree. Those with only a high school education struggle to secure a comparative salary, and “system and security administrators make the least ($50,000 to $75,000) … while security consultants and chief inspectors make as much as $175,000”.
Times are changing, however, and “recruiting security professionals who hold degrees exclusively won’t be enough to keep up with emerging cybersecurity threats”. Instead, cybersecurity companies in the US and Australia are looking for people with “less traditional styles of learning” to fill the gap.
Furthermore, cybersecurity offers such a wide range of jobs and specializations, “considering candidates that lack formal qualifications but possess the right skills” could prove the most effective way to fill those empty positions… with women, hopefully.
With over half a million cybersecurity jobs going begging, the need to increase the number of women entering the field is bordering on desperate. Not only can women bring a host of important skills and qualifications to the industry, but they can also provide a new perspective on cyberthreats and cybersecurity vulnerabilities, eliminating blind spots and adding some much-needed muscle to the war on cybercrime.
While many perceive the cybersecurity industry as one dominated by high-tech roles that you need a degree in computer science to apply for, the reality is there is a wide range of opportunities available, including those that prioritize soft skills over academic qualifications. By changing the perspective people have of cybersecurity, so the industry hopes more women will consider a career in cybersecurity.
Whether you’ve got a technical background or a degree in art, there are opportunities for you that offer job security, job satisfaction, and command a respectable salary. While the industry hopes changes to the current rules surrounding Pell grants will boost recruitment figures, others, like Diedre Diamond believe a redefinition of what a career in cybersecurity really means could increase the percentage of women working in this sphere.
In-house training and certificate programs could also help more women acquire the skills needed for a cybersecurity role and improve retention rates across the sector.
Cybercrime isn’t going anywhere so, if you’re job hunting and have an appropriate skillset, cybersecurity could offer you a career that keeps on giving.