We experience progress
Global Diversity Awareness Month is a timely opportunity to reflect on the steps needed to remove barriers to women’s participation in the security sector, as well as to consider the value of inclusion and diversity within the security personnel.
October 31, 2023
•
,
7 minutes. read
As our digital age advances by leaps and bounds and technology-related roles will remain in high demand in the future, the cybersecurity industry continues to face persistent human capital challenges. These include a general labor shortage (of 3.4 million workers at last count), as well as a related imbalance between industry needs and barriers to entry.
So it’s probably no surprise that gender, racial and ethnic diversity is also lacking, despite the fact that a diverse and inclusive workforce is known to drive innovation and growth, not to mention of its contribution to a more equitable society. Women, for example, hold only a quarter of security positions around the world, as gender diversity in security remains a persistent challenge and, unsurprisingly, as such, reflects the reality in computing.
Overall, it would seem clear that greater diversity in the security field would expand the talent pool and help close the overall skills gap. As we end the month of October, which is also Global Diversity Awareness MonthThis is an opportune time to reflect on the actions needed to eliminate biases and barriers that hinder women’s participation in the security sector, as well as to consider the value of inclusion in the security workforce.
Why is gender inequality so high in cybersecurity?
The latest figures from industry group ISC2 do not make for pleasant reading. Despite the huge shortage of workers, especially women, only 57% of companies report investing in diversity, equity and inclusion (DEI) initiatives. This figure only rises to 67% for those experiencing a staff shortage.
This may explain why more women do not choose a career in security, even though it offers competitive salaries, diverse roles and a rapidly evolving culture of near-continuous technological innovation. Several reasons stand out:
security has a reputation for being an elitist, male-dominated, jargon-heavy industry that is difficult to break into without the right qualifications,
- discrimination: 30% of female security professionals say they feel victims of discrimination at work,
- a perception that jobs do not offer enough flexible working options,
- employers fail to encourage new mothers to return to the workforce,
- a tendency for employers to select candidates based on their qualifications/certifications rather than their experience or transferable skills, which can mean that new mothers returning from a break and looking for a career change are excluded,
- a perception that security is all about technical skills, while roles are varied and require creativity, flexibility, good communication, problem solving and other skills
- relatively small number of girls studying STEM subjects at school/university
- a vicious cycle as the security sector lacks female mentors and role models to encourage the next generation to enter the industry
Are things getting better?
There may be signs that things are changing for the better. The ISC2 study states that women represent 14% of people aged 60 and over in the security sector, but 30% of those under 30. Younger women are also accessing management positions in greater numbers. The report says they represent only 10% of senior executives aged 50 or over, but 35% of all executives in their 30s.
That said, there is still a way to go. Women make up just 17% of cybersecurity professionals in “advanced, non-management positions,” the report states.
7 Ways to Increase Gender Diversity in Cybersecurity
This is a wasted opportunity. Improving gender diversity is not just a moral imperative for employers. This could really improve team performance. This is especially important in scenarios where diversity of thought is required: in everything from marketing campaigns to detecting threat actor activities. Encouraging more women into security roles should ultimately create a virtuous cycle where the brightest and best talent wants to come and join the company in the future – particularly younger workers who tend to value more the DEI.
So how to get there? Let’s take a look at eight ways to improve gender diversity in cybersecurity:
1. Foster a culture of respect
The need to make the industry welcoming cannot be underestimated, and people already working in the field can play an important role in this by putting forth efforts in various ways. This includes actively working to change culture, tackling bias and barriers, and supporting a healthy work-life balance. This can be done, for example, through flexible working arrangements and support policies, particularly for new mothers wishing to re-enter the labor market.
There also needs to be a zero-tolerance policy towards sexism, harassment and discrimination, whether blatant or subtle, as well as mechanisms to report and address inappropriate behavior. Building a culture of respect, open communication and collaboration benefits everyone. It can also help female talent navigate an often male-dominated culture, help build their confidence and skills, and ensure they avoid blatant or subtle discrimination and other inappropriate behavior.
2. Spark an interest in cybersecurity from the start
Competitions like hackathons and Capture the Flag (CTF) competitions are a great way to introduce girls to safety from a young age. The hope is that more people will then choose to study the subject formally and potentially make a career in it. Governments have an important role to play here by creating programs such as that of the UK’s National Cyber Security Centre. CyberFirst Girls.
But companies can also help by providing funding, sponsorship, and even expertise through efforts to support a more diverse talent pool (ESET’s own network). Scholarship for Women in Cybersecurity is an example).
3. Create more pathways to a career in cybersecurity
What happens once young women develop an interest in safety? Not everyone wants to spend several years in college. This is where internships and apprenticeships can help, providing a springboard into a career that allows participants to learn real-world skills on the job. For the provider, this can help build a steady stream of talent ready to hit the ground running from day one if they have what it takes to progress to full-time employment.
4. Create mentoring programs
As we’ve seen, the lack of role models in the industry can create a vicious cycle where it’s difficult to attract women to security due to the apparent lack of representation. It is therefore essential to provide formal and structured mentoring programs, so that those who join the company feel supported and can develop into senior managers. They can in turn become role models for others.
5. Ensure compensation is fair
Women earn only 72% of what their male counterparts earn, study finds. estimate. That’s a large and unsustainable sum, especially for an industry that promises high wages as one of its main benefits. Women should feel that their contribution is valued as much as that of their male peers. There should be no gender pay gap in cyberspace or any other sector.
6. Improve career development
Women need to feel that a career in cybersecurity will allow them to advance to higher levels. So, alongside greater representation of women as managers and executives, organizations must offer support for career development, taking into account the needs of those who wish to interrupt their careers to have children.
7. Broaden your hiring criteria and search internally
HR and recruiting managers should look beyond accreditations and certifications to spot transferable skills, experience and/or abilities that may indicate a suitable candidate. Too many people are filtered out at the first stage. Job descriptions should also be reworded to be less exclusive.
Plus, some of your best candidates may already be working for the company. So reach out to employees working in IT-adjacent fields, such as data analytics, who might be looking for a career change. They will be highly motivated and will already know the company and the culture inside out.
Moving the diversity needle
Many organizations are realizing the scale of the problem and are moving toward a more diverse and inclusive cybersecurity workforce. There is no excuse for gender inequality in the workplace and it is up to each of us to question and challenge biases, dismantle barriers, advocate for inclusion and creating spaces where everyone can flourish. These efforts are necessary not only for the sake of equity, but also for the progress and innovation that diversity brings.
We leave you with some of the many findings of ESET’s DEI 2022 survey, in which its female employees rated “equal treatment in daily work” and “acceptance of the person in the workplace » as the best aspects of their professional life related to DEI. at ESET, a sentiment also echoed by their male colleagues. At the same time, the survey also showed that women are more confident than men that they have a better understanding of DEI issues, that these issues should be part of the company’s value system and that the pursuit of DEI contributes to the success of the company.
RELATED READING: Women in Technology: Unique Perspectives from a Constant Quest for Innovation