Well into the 21st century, women still make up only 25% of the cybersecurityworkforce — a mind-boggling issue that security leaders, cyber pros, and theindustry at large must work to address.
The participation of women in cybersecurity is vital, a non-negotiable proposition. Forgetany current handwringing over diversity and equity; it’s fundamental that the contribution ofwomen to the profession has made cybersecurity better.
The proverbial door was kicked open long ago for women, who have made majorcontributions to the development of information security . But it’s the 21st century and there remainnumerous barriers to their entry and advancement.[https://www.csoonline.com/article/57 0531/10-pioneering-women-in-information-security.html]
Frankly, that needs to change — and change now. I am continuously appalled to hear thatwomen are leaving the profession , that the boy’s club mentality is still hedging women out, and that only somewhere between 11% and 24% of cyberpros are women .[https://www.csoonline.com/article/3499360/women-in-cyber-da y-finds-those-it-celebrates-leaving-in-droves.html] [https://www.csoonli ne.com/article/2088360/boys-club-mentality-still-a-barrier-to-womens-success-in-cybersecurity-careers.h tml] [https://www.csoonline.com/article/2066687/the-obstacles-women-face-to-get-the-cis o-job.html]
The barriers are easily recognizable from years gone by, ranging from blatant misogyny tothe more subtle shaping that occurs within the secondary school system and science,technology, engineering, and math (STEM) programs.
We are constantly told about the skills shortage in cybersecurity , and the fact that such a largepotential group of candidates is nowhere to be seen is patently ridiculous. Want to bridgethe gap? One solution seems obvious.[https://www.csoonline.com/art icle/2074581/the-cybersecurity-skills-shortage-a-ciso-perspective.html]
I spoke with organizations supporting the inclusion of women in cybersecurity, I spoke withCISOs both female and male, and there was universal agreement that solutions exist, but thewill to enact them is lacking. We must invest time and energy if we wish to change the statusquo.
A wide consensus exists that the pipeline to bring women into the cybersecurity field isn’tstarting soon enough. There remains a noticeable gap in how early students, particularlyyoung women, are exposed to cybersecurity as a viable career path.
The shunting of women away from IT starts early
High schools with STEM programs often prioritize biosciences and engineering, withcybersecurity and computer science taking a backseat. This emphasis on more “practical” fields inadvertently steers students away from technology-focused careers.
”To pave the way for the next generation of cybersecurity professionals, we need toincorporate cybersecurity into the education systems before higher education,” says EmilyO’Carroll, field CISO at Guidepoint Security. “It will be critical to expose young women tocybersecurity opportunities early, get them interested, and demonstrate that they can workin this highly technical STEM field.”
To address this, intentional outreach is crucial, says Jackie Mattingly, a senior director ofconsulting at Clearwater focused on small and medium hospitals.
“Programs that introduce cybersecurity concepts in middle school or even earlier candemystify the field and spark interest before students start narrowing their career focus,”Mattingly says. “Partnerships between schools and industry professionals are also crucial —we need to be visible role models, showing students what a career in cybersecurity lookslike and why it’s exciting.”
I couldn’t agree more.
I had the distinct pleasure of discussing the topic with Lynn Dohm, executive director ofWiCYS (Women in Cybersecurity) . She says it’s important to ensureyoung women are exposed to cybersecurity at an early age. But she stressed that teachingleadership skills to young women should go hand-in-hand with vocational training.[https://www.wicys.org/]
Companies must offer women the support to succeed
Mentorship and sponsorship can play important roles in capturing the interest of youngwomen and focusing them on a career path, O’Carroll says. “In addition to mentorship andsponsorship, we need to look at how women are supported in the home and with theirfamilies to pursue cybersecurity roles and leadership positions.”
That would require companies to consider offering childcare and family care options andexpand hybrid and work-from-home flexibility. “Additionally, we need to continue to supportand explore non-traditional gender roles in the home where women share the home andfamily responsibilities more with their spouse,” O’Carroll says.
Another challenge particularly pernicious in cybersecurity is that roles tend to be definedtoo narrowly, says Donna K. Kidwell, acting CIO at the University of Toronto. “The easy thingsto define are the technical skills needed for a job,” she says. “That turns into ‘get thesecompetencies and certifications.’”
That’s great, because the job does require technical skills, but it often turns out thatbootcamps or competency development courses aren’t sufficient to convince women theyhave a place in the profession.
“Talented people find ways to contribute and end up in other sectors, or worse, may say tothemselves ‘I’m not an IT person,’” Kidwell says. “A focus on the skills of learning, listening,translating, pivoting — those are found in all sorts of sectors and all sorts of people. We cantrain them on the tools. [We need to] start earlier but end this nonsense of asking, ‘What doyou want to be when you grow up?’ and instead, ‘What would you like to contribute to haveimpact?”
Family shouldn’t be a barrier to entry
There isn’t one of us that didn’t come from a mother. The belief that the biology of life has noplace in the workplace is hogwash. Women, should they choose, should have the ability tobe mothers without the fear that their career path or opportunities will be withheld.
Appropriate staffing, considerate schedules, and the like can allow mothers (and fathers) toplan the care for their dependents as best suits their situation. It is not extraordinary to seeka work-life balance, yet it is so often elusive, especially in the cybersecurity realm.
“When a cyberattack occurs, in-house cybersecurity roles are similar to being a firstresponder,” O’Carrol says. “As the CISO, we are often expected to drop everything at amoment’s notice to respond. This can be very disruptive to security leaders’ personal lives,especially as women, when we are often the primary caregivers for our families.”
“Just like they do in hospitals, the police force, or firefighting, companies can better supportwomen in cybersecurity roles by properly staffing teams, developing on-call schedules, andtrusting their personnel, policies, and procedures in the event of a cyberattack or incident,”O’Carrol says.
“In addition to mentorship and sponsorship, we need to look at how women are supportedin the home and with their families to pursue cybersecurity roles and leadership positions,”she adds. ”Companies should consider childcare and family care options and expand hybridand work-from-home flexibility.”
Get involved to help correct the situation
Numerous initiatives are available for women in every career stage and every female CISOshould have connectivity to one or more groups or associations .[https://www.csoonline.com/arti cle/1308934/8-associations-that-women-in-cybersecurity-should-follow-or-join.html]
I’ve already mentioned the Women in Cybersecurity (WiCyS) initiativein the United States and its focus on recruiting, retaining, and advancing women in the fieldthrough professional development programs, mentorship, and conferences. Similarly, CraigNewmark’s Foundation has [https://www.wicys.org/] [https://craignewmarkphilanthropies.org/about-us/cybersecurity/] invested in programs such as Black Girls Hack , Girls WhoCode , and VetsinTech , which focus on trainingand supporting women and underrepresented groups in cybersecurity.[https://www.blackgirlshack.org/] [https://girlswhocode.com/] [https://vetsintech.co/]
In Canada, the Women CyberSecurity Society (WCS2) offers flexible training options, scholarships, job placement services, and communitysupport to help women enter and excel in cybersecurity. Within the European Union,Women4Cyber promotes gender balance in cybersecurity bycreating a registry of European women in the field, offering mentorship programs, andorganizing conferences.[https://womencybersecuritysociety.org/] [https://women4cyber.eu/]
Mattingly concluded, with a piece of advice that I think is spot-on for CISOs, CIOs, and allwho are currently in the world of cybersecurity: “The door is open, but we must do more tohelp young women walk through it confidently. That means starting earlier, providing theright support, and ensuring they see cybersecurity as an equally promising and rewardingcareer path.”
I spoke of how important mentoring is for CISO’s in the past for CISO development ,especially first-time CISOs and O’Carroll emphasized that “as cybersecurity leaders, we needto get more involved in the non-profits supporting these efforts or prioritize serving in amentor capacity.”[https://w ww.csoonline.com/article/646277/want-to-make-cybersecurity-much-stronger-become-a-mentor.html]
Help women break the glass ceiling
The door is open. The wherewithal exists, yet it remains difficult for some women to moveinto the executive ranks. A CISO shared with me how when he pushed forward candidatesfor promotion to the executive ranks, the resistance was remarkable when it was either awoman or a person of color, and there was no attempt to be discreet.
While this CISO could have gone with the flow, he opted to be salmon-like and push forwarddespite the insipid countercurrent. He found that to get his high achievers into executiveroles he had to make sure that they had every I dotted and every T crossed.
Meaning, if there was a leadership class available, they took it. Technical certificate? Get it!The candidate for promotion not only had to be good enough, they also had to be fullydocumented as better than good enough to forestall the bias within his HR, CIO, and seniorexecutive ranks.
The year is 2025. It seems ridiculous we’re still talking about this. Yet it remains the sad reality.
We must remove the misogyny from the equation, we must ensure all are availed the sameopportunity for entrance into the field of cybersecurity and advancement. We must notexpect women to be more prepared than their male peers.
In addition, we must ensure we aren’t creating an environment in which dreams are drownedand opportunity squelched, or as one senior executive said to me: “It’s not the talentpipeline that’s the problem; it’s the cesspool at the end of the pipeline.”
Read more HERE