There remains a lack of gender diversity in the information security workforce, despite a cyber-landscape that is growing and changing in complexity of threats. Only 10% of information security professionals are women.
“The information security field is expected to see a deficit of 1.5 million professionals by 2020 if we don’t take proactive measures to close the gap,” said (ISC)² CEO David Shearer. “Knowing this, it is rather frustrating to realize that we do not have more women working in the industry. Through collaboration, research and partnerships, (ISC)² is committed to empowering underrepresented minority groups in the industry, such as women, who bring skill sets that are critical to this industry’s future growth.”
The encouraging news is that analysis from the last two (ISC)² information security workforce surveys shows that women are quickly gaining on men in terms of academic focus, computer science and engineering, and, as a gender, have a higher concentration of advanced degrees. The percentage of women with either a Master’s or Doctorate degree are strong, with 58% of women having advanced degrees versus 47% of men.
“What the numbers say is that the industry needs more talent,” said Allison Miller, product manager at Google and member of the (ISC)² board of directors. “Great! Yes! Let's foster more talent and innovation, everywhere in information security. That means taking more risks and including more voices. Having hard data gives us the ability to assess industry gaps and shortages—and individual career objectives and expectations—in a more thoughtful and systematic way.”
The research revealed that women in information security are making their largest impact in governance, risk and compliance (GRC)—which the study identified as a growing role in information assurance and cybersecurity—as one out of five women identified GRC as their primary functional responsibility compared to one out of eight men holding similar positions.
In the GRC subgroup of respondents, women’s average annual salary was 4.7% less than men. Interesting to point out is the difference men and women place on the importance of monetary compensation. Men value monetary compensation slightly over women, who look for other incentives from their employers (i.e. flexible schedules).
“I find the results of the research heartening, in the sense that we are starting to see a full career progression for information security professionals,” Miller said. “We've moved past the stage where people say ‘you do what for a living?’ and have matured into an industry that needs and demands more diverse skillsets, and more sophisticated differentiation of roles.”
Women were also found to be more progressive in their views on training methods. Offering increased accessibility and wider diversity of information security training opportunities may prove to be increasingly valuable in retention and in elevating professionals’ readiness to succeed in new roles.
“The Internet of Things brings great opportunity and connectivity, but it also adds to the complexity of the cyber-threat,” said Angela Messer, the executive vice president leading predictive intelligence business for the strategic innovation group at study sponsor Booz Allen. “The adaptive nature of cyber-threats demands a talent management strategy that will broaden the skillsets and knowledge of the information security profession. We must demonstrate to young women thinking about entering the industry the many opportunities that await them and reinforce for those currently working in cybersecurity that they have bright futures ahead.”