Women currently comprise only 11% of the global cybersecurity workforce, according to the (ISC)2 2017 Global Information Security Workforce: Women in Cyber Security study. With an expected shortage of 1.8 million cybersecurity workers by 2022, it is logical, practical and necessary to tap into women, and the skills we bring, to help fill it.
Some exceptional women are taking up the charge. At Focal Point, we’ve been focusing on a few of them through a series of posts that highlight their compelling and often unexpected career paths. These leaders tackle diverse roles within the cyber domain: building cybersecurity programs for Fortune 50 companies, analyzing malware, developing software, training other cybersecurity professionals, and mentoring young women and other underrepresented groups entering the field.
Along with their technical abilities, we’ve discovered that they share some interesting traits: creativity, strong communication skills, seeking and embracing others’ perspectives, and a passion for problem solving. They also share some unique challenges that make their accomplishments all the more notable: facing down bias in a male-dominated domain, conquering the self-doubt of imposter syndrome, and blazing their own trails despite a lack of female role models in the industry.
These conversations also exposed some required changes — both at a systemic level and at a human one — to build a more inclusive industry that maximizes women’s contributions to tackling cyber threats. Here are some ways we can approach them.
Early Education and Engagement
Much has been said in recent years about the need to advance STEM education for girls. This is especially important in cybersecurity, because many females who do study STEM choose other fields of science for their careers.
Christie Verscharen, a Practice Leader in Focal Point’s Cyber Security practice, notes that a root cause behind the lack of women in cyber may go all the way back to primary education.
“If you aren’t interested in technology or security by junior high or high school, the chances of you going into those fields later are quite low.” As a society, we must intentionally integrate cyber awareness and foundational education into formal curricula, and support girls and young women in seeing security as a viable, fulfilling vocation.
Tapping the value of diverse skills and backgrounds
Given the newness of cybersecurity as a profession, many women come to the field via a non-traditional career path. For instance, Kelly Schmitz is a Cyber Security Instructor who began her cyber career as a malware and digital forensics analyst in the U.S. Navy. Struggling with a lack of organized technical information, she used her own learning process to create training programs and teach those who came in after her.
Today she researches, develops and presents cyber training to Focal Point customers. Franchesca Sanabria built on her background in systems engineering and business process/systems assurance to become a Principal in Focal Point’s Data Privacy practice, and Christie Verscharen, who started in IT and financial audit, now leads a team of over 40 security professionals. The lesson? Rather than eliminating job candidates without years of direct cyber experience, the industry would be better served pursuing applicants with a variety of backgrounds and aptitudes, and then building their skills in cyber-specifics.
Championing women as thought leaders
Women in cyber are innovating. For instance, Yvette Connor, a risk management and compliance executive, leveraged her 20 years of guiding data-driven, C-level decision-making to break the mold of traditional risk analysis modeling. She now integrates IT and cyber risk factors into all assessments so clients can prioritize and act on that intelligence.
LaTonya Hall, a Cyber Entrepreneur and Security Consultant, builds on knowledge and skills developed through her work with U.S. government agencies and commercial entities to drive holistic cyber solutions for clients. She focuses on security fundamentals, noting, “We want to apply whatever the sexiest technique or technology is (like block chain or machine learning) when we haven’t even properly segmented the network yet.” Experienced and insightful, the stories of these and other women thought leaders in cyber need and deserve amplification.
Strengthening community and self
Sponsoring more industry conferences and events aimed toward women will build community, encourage mutual learning and sharing, and offer a perhaps less intimidating environment for newcomers. Such forums also play a role in developing strong personal networks, from which comes support, mentorship and new opportunities.
Community support and ongoing learning will also help overcome imposter syndrome, which Schmitz says can be a big obstacle for women. “This is a difficult field, and nobody knows everything.”
Sanabria also notes that continually relating to new people can help her “figure out something I was stuck on, because people outside of your common network can provide a different perspective.”
There is a small but growing number of women with similar career paths and backgrounds. Unless we elevate their stories, the impact and influence these leaders can have may extend no further than their direct colleagues and professional circles. In the current threat environment, that’s just not good enough.
We owe women and minorities—in, entering and contemplating cyber risk disciplines—bigger forums to share their stories and knowledge, and the opportunity to serve as role models. Digital risks are not relenting anytime soon; our nation needs a much wider pipeline of applicable talent ready to act in our defense.