Women continue to be underrepresented and underutilised in the cyber security workforce, creating missed opportunities for information security companies who are looking to attract the best talent – and bridge the growing gap between qualified professionals and organisations’ burgeoning cyber security needs.
According to a newly released study, sponsored by PwC, although women make up nearly half of the global workforce, they represent only 11% of professionals in the cyber security industry. And although women in cyber security tend to be more highly educated compared to their male counterparts, the study shows that women, on average, earn less and report higher rates of discrimination in the workforce.
As cyber security professionals ourselves, we have experienced firsthand many of the challenges highlighted in this study. But we are also encouraged by the findings, which we hope will promote a deeper discussion of the issue among executives, educators and women already in the field – potential mentors who can help promote more diversity in the STEM (science, technology, engineering and mathematics) industries.
>See also: Women in IT Awards 2017: winners revealed
The study, conducted by the Center for Cyber Safety and Education and presented by the Executive Women’s Forum on Information Security, Risk Management & Privacy, Alta Associates and (ISC)2, shows that women start feeling discouraged about entering the cyber security profession at the university level, meaning many are diverted from the pipeline before they even graduate.
As women in the field, we appreciate that we have been fortunate enough to have worked with female CISO and executive-level cybersecurity clients whom we have worked with over the years. As is the case in any profession, we build on the work of those who came before us – and envision a day when more young women are encouraged to study cybersecurity and choose a career in the field.
There is much work to be done. According to the study, women are progressively underrepresented as they climb each rung of the professional ladder. Globally, men are four times more likely to hold C-suite and executive-level cyber security positions, and nine times more likely to hold managerial positions.
To PwC that shows that employers must not only target the best-and-brightest in recruiting, but work to retain and grow women in their cybersecurity organisations. That means creating or improving career developing programs, mentorships, support networks and flexible work arrangements.
The benefits are manifold, and not just for women. By attracting and maintaining highly qualified women, it can help diversify the field, improve overall quality by attracting more talent, and reduce the cyber security labor shortage. But first, the challenges faced must be acknowledged – and encourage an ongoing conversation about the issue.
What can executives do to reverse the trend and boost the number of women in cyber security? PwC have some suggestions:
• Create career development paths that are well defined, lead to the executive level and emphasise diversity. Ensure your values are clearly communicated, and that your organisational culture welcomes and values women.
• Be transparent in your hiring and compensation when recruiting women. If there are gender-based disparities between men and women of the same job titles and skill sets, work to eliminate those pay gaps.
• Create opportunities for mentoring, both internally and externally. As we mentioned before, none of us, no matter our gender, got to where we are today without help and support. Map your best leaders with your most promising young stars, regardless of their gender.
>See also: Insider: Women in the technology industry
• Revisit your recruiting practices to ensure you are connecting with a diverse candidate pool. That means encouraging young women who are still in school to consider the cybersecurity industry. It also means focusing on colleges and universities that have diverse candidate pools.
• Incorporate a flexible work environment to help attract the highest-quality talent. By establishing flexibility, you can access a deeper pool of candidates and allow employees to maximise the contributions they make.
• Consider participating in HeForShe, a global awareness program in which men pledge their support for women in the workplace. This United Nations program asks men and boys to confront the inequalities they witness. PwC have found this program to be an effective way to personalise the mission of inclusiveness and gender equality, regardless of profession.
The issues of workplace diversity aren’t limited to the information security profession. PwC explores these topics regularly through The Gender Agenda blog and through initiatives based on the suggestions we outlined above. Many women at PwC were deeply moved by Sheryl Sandberg’s bestseller Lean In: Women, Work and the Will to Lead. Inspired by the book PwC created, LeanIn circles.
The circles encouraged professionals to take the next big steps in their careers. PwC has also worked to transform itself from a buttoned-down, office-centric workplace to a more flexible one. The results have been dramatic, creating positive differences in the work lives of all our employees, while enhancing our recruiting efforts.
This is not to suggest the challenges outlined in the cyber security gender gap study are easy to fix. At PwC, at least 50% of its entry-level hires are now women. But our higher ranks still struggle to find, hire and retain women. The professional services firm has been focused on this issue for a while, but it will take time.
The same is true in cyber security, but employees are encouraged by how executives have responded to the study. Gender’s role is already becoming less relevant as the profession becomes more virtual.
People should look forward to a day, in the not-too-distant future, when the emphasis is on getting the job done, regardless of gender. To solve the cyber security gender gap, companies must transform their workplaces to attract and retain highly skilled female employees who would otherwise work somewhere else. That means changing mindsets across the spectrum, both inside cyber security organisations and among the talent pool. To that end, the cybersecurity workforce paradox should really just be a solution.
Sourced by Suzanne Hall, Managing Director, Sloane Menkes, Principal and Emily Stapf, Principal, at PwC
The UK’s largest conference for tech leadership, Tech Leaders Summit, returns in September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here