logo

Wake up daily to our latest coverage of business done better, directly in your inbox.

logo

Get your weekly dose of analysis on rising corporate activism.

logo

The best of solutions journalism in the sustainability space, published monthly.

Select Newsletter

By signing up you agree to our privacy policy. You can opt out anytime.

Leon Kaye headshot

Women Are Still Vastly Underrepresented in Cybersecurity

By Leon Kaye
Cybersecurity

So far, the constant fears about cybersecurity attacks since Russia’s invasion of Ukraine haven’t quite materialized. But that doesn’t mean such attacks won’t happen as the siege on Ukraine continues into its second month. Although some experts say the success of cyberattacks as a tool of warfare are overstated, such attacks against many large companies over the past few years are a reminder that they can happen to anyone or any entity, regardless of size.

As the data have long shown, if an industry wants to be stronger, nimbler and more responsive to the ever-changing nature of business, a more diverse workforce is a way to forge ahead on such a path. Yet this is exactly where the cybersecurity industry falls short, as only about 25 percent of its employees are women.

While recent research on who’s working within this field actually found that the percentage of women employees in the industry is higher than what was previously assumed, there is still plenty of room for improvement.

Jen Easterly, the current director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), has made it clear recruiting more women into this space is a priority. Easterly has repeated ongoing calls to have women comprise 50 percent of employees within this field by 2030. The CISA has pledged to be more assertive in hiring qualified women, and says it's working with such organizations as Girls Who Code to open up young women’s minds to the possibility of having a career within this sector.

Editor's note: Be sure to subscribe to our Brands Taking Stands newsletter, which comes out every Wednesday.

More companies also appear to grasp that diversity within the cybersecurity field is necessary in order for the industry to adjust to the times and thrive in the long run. In a recent profile on ZDNet, Vasu Jakkal, Microsoft's corporate vice president of security, compliance, identity and management, agreed that women and other workers "with more diverse perspectives" were crucial to help take on ongoing threats as well as help take the pressure off understaffed information technology teams. Microsoft’s own research revealed that more women than men often make the assumption that men are seen as a better fit in the tech sector. And men, at more than twice the rate of women, assume they are more qualified for a typical cybersecurity job.

"I've always felt that cybersecurity is a calling but as our survey shows, the journey isn't always easy," Jakkal told ZDNet senior editor Owen Hughes. "I've often been the only woman or person of color at the table. And, while I've tackled every challenge thrown at me, I sometimes doubted myself and struggled with imposter syndrome. Most of us do — women especially. The important thing is that over time, we find our voice and learn to speak up."

Microsoft’s research found there are more than 2.5 million cybersecurity jobs open worldwide, meaning there is plenty of opportunity for anyone who is qualified. So, what can be done to recruit more women and underrepresented groups into this industry?

At a higher level, Gigi Schumm of Virginia-based ThreatQuotient suggests three overarching strategies. First, companies need to strive to fix those “broken rungs” within their hiring and retainment policies, including unconscious bias and the ongoing denial of offering women the chance to work on high-profile projects. “We tend to think of diversity in leadership,” Schumm wrote. “If you want diversity at the top, you must pay attention to every rung on the ladder. But the reality is, women start to fall behind at the first potential promotion up to the management level.”

Next, all companies need to be transparent in their hiring and promotion data — and this is a case where the federal government is actually ahead of the private sector. “Transparency in employee promotion leads to less subjectivity or unconscious bias, which helps give all candidates equal footing as they move from one rung up to the next,” Schumm added.

Finally, understanding that bias exists can actually boost inclusion and improve gender diversity in any industry, including cybersecurity. One-off events such as hiring someone a manager has known well for years, or hiring from the same small company or competitor, may appear benign on an individual basis. But over time, these habits can actually prove to be exclusive and deny qualified people the chance to excel, as their only shortcoming is not having that connection with the company or manager. “Given the research, it’s clear that many cybersecurity companies have a huge opportunity to improve gender diversity in the work environment. It’s also clear that diversity is good for business on many levels, so no company should want to be left behind,” Schumm concluded.

Image credit: Christina Morillo via Pexels

Leon Kaye headshot

Leon Kaye has written for 3p since 2010 and become executive editor in 2018. His previous work includes writing for the Guardian as well as other online and print publications. In addition, he's worked in sales executive roles within technology and financial research companies, as well as for a public relations firm, for which he consulted with one of the globe’s leading sustainability initiatives. Currently living in Central California, he’s traveled to 70-plus countries and has lived and worked in South Korea, the United Arab Emirates and Uruguay.

Leon’s an alum of Fresno State, the University of Maryland, Baltimore County and the University of Southern California's Marshall Business School. He enjoys traveling abroad as well as exploring California’s Central Coast and the Sierra Nevadas.

Read more stories by Leon Kaye