Closing the Gender Gap in Cybersecurity: Its Time to Back Ourselves as an Industry

Written by

Whilst I spent most of my maternity leave in coffee shops and parks, I did manage to engage my brain for long enough to write a few industry reports, one on the reformation of the computer science GCSE, and one on closing the gender gap in cybersecurity. The lack of women in the industry is something that has always perplexed me, but this research allowed me to truly indulge my curiosity by spending time with representatives from across the industry; from government departments to recruiters to pen-testers to CISOs, and get to the bottom of why there is such a lack of women, and what can be done about it.

At the Big Bang Careers Fair earlier this year, CREST, in partnership with the government, ran a digital defenders stand to try and encourage schoolchildren to consider careers in cybersecurity. Interestingly – and encouragingly – they welcomed to the stand just as many schoolgirls as schoolboys expressing an interest in cybersecurity. That’s the good news. Yet, only 17% of computer science graduates are females, and according to the latest (ISC)2 workforce study, only 10% of industry professionals are women. So what’s going wrong and why are we, as an industry, not converting those interested schoolgirls into graduates and then industry professionals?

Does it even matter? Many industries have gender imbalance, so is it something we should even be worrying about? The answer is unequivocally yes. There are arguments that a diverse workforce increases productivity; that research shows increased profitability in companies with more women; and recruiters even say that women bring a loyalty and stability to the industry that male counterparts, on the whole, don’t. Whilst these arguments are all valid, it’s actually simpler than that: cybersecurity is facing a frightening skills gap, with predictions that by 2020 there will be 1.5 million unfilled positions, so to put it simply, we need more people, so we need more women. It just makes sense.

We don’t do ourselves any favors in the way we sell – or don’t sell – the industry.

Recruiters are eager to point out that it’s not a case that female applicants to cybersecurity roles aren’t successful, but rather that there are no – or very few (less than 10%) – female applicants.

So what’s putting women off? Some of the women I spoke to suggested, quite candidly, that it’s “all the men”, that the gender imbalance acts as a deterrent itself. Others point to gender stereotypes, that girls aren’t encouraged enough in STEM at school, or media representation of STEM roles as being predominantly male.

I have no doubt that all of the above are contributing to the gender gap, but I think that there is another, perhaps less understood, problem: the industry is putting women off, or more accurately, the perception of the industry is putting women off.

There is a total misconception of what the information security industry is, perhaps a result of the language we use which is often opaque, intimidating, and some argued “full of male connotations.” All of the women I spoke to during this research agreed that while the cybersecurity industry has changed, the perception hasn’t changed with it. We don’t do ourselves any favors in the way we sell – or don’t sell – the industry.

The reality is that women working in the cybersecurity industry agree it is an exciting and rewarding industry, and the fact that they are working in what is traditionally perceived to be a ‘man’s world’ is of no relevance or consequence to them.

One woman who works in the public sector said to me: “The environment is not poisonous to women; it just looks like that sometimes.” This is not only totally criminal, but completely heart-breaking. We have this incredible, fast-paced, well-paid, innovative industry that truly makes the world a safer place, and we’re not selling that. Not only are we missing out on talent due to our own failure to market the industry, but women are missing out on the chance to work in cybersecurity. Nobody is winning.

Personally, I want to forget about the statistics, and the negatives. We need to stop getting hung up on how few women there are and what the challenges may be. Instead, I’d like to see our industry championing the incredible women that are in the industry, promoting them as role models, and talking about the success stories. It’s time to start backing ourselves as an industry. 

What’s hot on Infosecurity Magazine?