Yes...We Need More Women in Cybersecurity, But How?

Cybersecurity, as most of us know, is an exciting and very intricate industry. After all, the industry is teeming with fascinating stories about breaches, ransomware and neoteric technology, and we hear these stories daily. The oft-duels between cyber-attackers and cybersecurity represent a contemporary, dystopian-like, sci-fi drama. Yet, beyond the technology and spectacle, there is a human element that often goes unrecognized. 

Commentators and our writers have penned many an article in Infosecurity Magazine about the gender imbalance in cybersecurity. Whether the issue concerns the challenges women face entering the industry or the problems that women deal with when they are actually in the industry, there are unforgivable problems that blanch the industry as a whole. 

According to (ISC)2, only around a quarter (24%) of the global cybersecurity workforce comprises women. The report found this number is significantly higher than 2017, when only 11% of study respondents were women. Worryingly, women comprise 39% of global employment but account for 54% of overall job losses since the pandemic. 

Many voices remonstrate the fact that few women are in the cybersecurity industry, and their arguments are typically ethical in form. They argue that there is something downright wrong with women being discouraged or obstructed from entering such an exciting industry as cybersecurity. Equally insidious is that a disproportionate number of women continue to experience harassment and other types of profligate behavior from others in the industry. Another important reason is a utilitarian one. Indeed, people often argue that diversifying a given group will maximize utility since perspectives increase. For example, when finding a solution to a given issue, more perspectives at one's disposal ostensibly increases the chances of finding an answer. It's not difficult to understand the point here: everyone benefits by achieving diversity to an acceptable degree. The situation is a type of positive-sum game — a win-win for all. 

But, if most of us know the why, what about the "how"? In other words, what approaches are available when considering ways to get more women into the cybersecurity industry...?

People often pursue two different approaches when considering the various ways to diversify a workplace. These two are: 

  1. Equality of opportunity
  2. Equality of outcome

Basically, equality of opportunity looks to ensure that everyone has the same opportunities to make gains. Conversely, equality of outcome looks to make sure disadvantaged people are making gains. Thus, while equality of opportunity focuses on a level playing field for individual progress, equality of outcome concerns results.

Equality of Opportunity

Equal opportunity means that people have an equal chance to 'compete.' The point here is to uproot arbitrariness and discrimination from the selection process, meaning everyone gets a fair chance. This essentially amounts to leveling the playing field. The larger goal of this leveling is to live in a society in which the most qualified people populate the most important jobs in a given organization. Gender, race, etc., shouldn't be a factor in where people end up in life. 

This approach nevertheless comes with drawbacks. People often argue that equality of opportunity overlooks certain social factors a person faces through no fault of their own. When we talk about "most qualified," the factors involved include a person's education, intelligence, work ethic or other factors that might determine their success. However, these things are inextricably tied to socio-economic conditions. If a given society has etched sexism and racism, for example, into the fabric of where people happen to be born, certain people are disadvantaged from the get-go. 

Equality of Outcome

Rather than looking at the opportunities that people are given, equality of outcome looks at where people actually end up. Instead of looking at how accessible top jobs are for a given group, it measures the representation of that group in these jobs. If equality of opportunity is a measure of how equal our chances of success are, equality of outcome is a measure of how successful we actually are. This approach essentially considers the socio-economic conditions that encumber people from obtaining the types of opportunities they deserve.

Equality of outcome nevertheless has its opponents, particularly those who take umbrage with diversity quotas. In an attempt to correct historical inequality, organizations aim to fill a certain number of positions with people from minority backgrounds. While this approach can burgeon the representation of minority groups in an organization, people argue that this can cause tokenism and other adverse effects, with claims that this goes against the very competitive nature of the job market. They often argue that, if the job market is all about competition, there should be winners and losers, provided that competence is the factor at play. 

What Does This All Mean?

Those who recognize the importance of ensuring that women enter the cybersecurity industry will no doubt have different ideas concerning how to achieve it. Some will think that leveling the playing field will be necessary; others will argue that focusing on outcomes is the proper way forward. Yet, it is arguable that a system with anything near equal opportunity across multiple generations will require equalizing specific outcomes at certain points. Indeed, far from being opposites, it could be that equality of opportunity and equality of outcome mutually constitute each other. Just like a game, sometimes the pieces require resetting to level the playing field for all players. Equal outcomes for women today engender the possibility for equal opportunities for women tomorrow.


What do you think is the best approach to take to address gender imbalances in cybersecurity ? Let us know in the comments section below.

What’s Hot on Infosecurity Magazine?