Gender Diversity in Cybersecurity: Why the Field Needs More Women
Written by: University of Tulsa • Jan 4, 2024
Gender Diversity in Cybersecurity: Why the Field Needs More Women ¶
A global cybersecurity threat is poised to affect every industry that uses internet-connected data systems today: There simply aren’t enough cybersecurity professionals to meet the demand.
Severe cybersecurity worker shortages render all companies vulnerable to attack. Data breaches, phishing attacks, and extended service outages are on the rise. Experts at Gartner predict that, by 2025, over half of significant cybersecurity incidents will be caused by human error or talent shortages. Many believe that cybercrimes can be prevented with a strong cybersecurity labor force.
It is clear that organizations must recruit and retain more cybersecurity professionals. Only 1 out of every 4 global cybersecurity workers identifies as a woman, according to 2022 data from Cybersecurity Ventures. Given the critical need, companies can do more to train, hire, and promote women in cybersecurity roles. Learn more about gender diversity in cybersecurity, its importance, and what organizational changes may help to meet the soaring demand for cybersecurity expertise.
Cybersecurity Field Demands ¶
Cybersecurity professionals are pivotal in safeguarding information that should be kept private. Cybercrimes have become more sophisticated, frequent, and damaging, demanding advanced security measures. Cyber attack damages are projected to reach approximately $10.5 trillion per year by 2025, marking a 300% rise from 2015 figures, according to Cybercrime Magazine.
While cybersecurity was a growing field before the onset of the COVID-19 pandemic, entire economies have been increasingly relying on digital infrastructures for everything from banking to education and health care since then — skyrocketing the need to ensure secure data storage and access. High-profile breaches highlight vulnerabilities only in retrospect — once it’s too late. Today, organizations need robust security systems run by well-equipped cybersecurity experts to protect themselves.
Many industries are recognizing the urgent need for trained cybersecurity workers. Nationwide, the U.S. Bureau of Labor Statistics (BLS) projects employment of information security analysts will increase 32% from 2022 to 2032, with 16,800 job openings projected to be available each year.
While understanding the escalating demands of the cybersecurity field is crucial, it’s also important to recognize how diversifying its workforce, particularly by increasing the number of women, can not only meet these demands but also substantially fortify the sector.
How Organizations Benefit From More Women In Cybersecurity ¶
Increasing the number of women in cybersecurity roles is about leveraging the full spectrum of available talent. Consider three ways that organizations benefit from having more women in cybersecurity:
Gender Diversity in Cybersecurity Provides Broader Perspectives ¶
Gender diversity drives innovation. Women working in cybersecurity bring their lived experiences with them, which can help organizations understand and address issues that may be overlooked otherwise. For example, severe online harassment and the practice known as doxxing (the intentional, nonconsensual exposure of an individual’s private information online) disproportionately affect marginalized groups including women, according to a 2021 Pew Research Center poll.
Moreover, a gender-diverse team considers a broader range of perspectives, experiences, and problem-solving methods than a heterogenous team. As cyber attacks become more varied and complex, information technology (IT) teams need to harness all the problem-solving tools that they can find.
Diversity Can Improve Cross-Team Communications ¶
Effective communication can bridge the gap between technical solutions and the people they protect. Ensuring diverse perspectives are represented can improve collaboration, innovation, and communication within cybersecurity teams and across companies.
Communication is crucial in cybersecurity on many fronts:
- Incident responses. When a security breach occurs, stakeholders need to understand the required actions to mitigate the breach immediately.
- User education. Humans are often the weakest link in a cybersecurity chain. Properly communicating best practices, like password policies and phishing avoidance techniques, is an irreplaceable defensive maneuver against cyber attacks.
- Cross-team collaboration. Cybersecurity isn’t the sole responsibility of the IT department. It involves collaboration across various departments, from legal to human resources. Effective communication ensures that these teams can work together seamlessly.
- Ditching the jargon. The concepts and technologies that operate together in cybersecurity can be intricate and highly technical. Clearly describing these complexities to all stakeholders, regardless of their familiarity with technology, ensures that all employees can understand cybersecurity best practices and troubleshoot problems as needed.
Women in cybersecurity roles can be leaders in closing the understanding gap across their organizations. While generalizations about the skills and capabilities of “all women in tech” should be avoided, many women in science, technology, engineering, and math (STEM) fields have needed to work with people who may not share their perspectives, which means women in cybersecurity roles may have an edge when it comes to communicating both inside and outside their IT teams.
Representation Improves Recruitment ¶
As more women work in cybersecurity, organizations are likely to have a larger pool of workers to draw from in the future, because representation matters.
Motivating more women to immerse themselves in the world of cybersecurity paves the way for the mentorship of other women and sparks inspiration for the coming generations. Research reported in Forbes indicates that, when young girls hear about STEM careers from women role models, it positively influences their ambitions in these fields.
Women have been working in cybersecurity for years, but their contributions to the field may be underacknowledged. During World War II, cryptographers and “code girls” worked to facilitate international intelligence efforts. Their ability to intercept and break codes, as well as to encode messages, can be thought of as a precursor to what cybersecurity professionals do today.
More recently, many women deserve recognition for their excellence in cybersecurity leadership:
- Theresa Payton was the first woman to serve as the chief information officer at the White House.
- Letitia A. Long was the first woman to lead a major U.S. intelligence agency, serving as director of the Geospatial Intelligence Agency from 2010 to 2014.
- Melissa Hathaway served as acting senior director for cyberspace for the National Security Council.
- Jeannette Manfra served the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) as the assistant director for cybersecurity.
Witnessing the accomplishments of female cybersecurity professionals offers young girls and women a glimpse into possible futures for themselves.
For these three reasons, as the need for online security expands, fulfilling this need while promoting gender diversity in cybersecurity can benefit organizations.
Challenges to Increasing the Percentage of Women in Cybersecurity ¶
The cybersecurity field has much to gain from more women joining its workforce. However, to make the field a more welcoming one for women, employers must reckon with some of the factors that have contributed to its current gender gap.
For example, gender-based discrimination is not uncommon in cybersecurity. The international cybersecurity organization ISC2 surveyed cybersecurity employees and found that 30% of women had felt discriminated against at work at some point.
Another example is less subjective. The gender wage gap in many professions is a pressing concern, and the cybersecurity field is not immune to this disparity. According to the accumulated data from the last three ISC2 cybersecurity workforce studies spanning the years 2019, 2020, and 2021, women in cybersecurity earned, on average, a staggering $22,046 less than their male counterparts.
Additionally, according to the “Women in Cybersecurity 2022 Report” published by Cybersecurity Ventures, cultural depictions of cybercriminals and the cybersecurity experts who protect against their attacks tend to exclude women.
“If you look at media reports, you see dark stock images of men in hoodies, typing away in basements,” states the report. The report also notes how gendered language has crept into the way cybersecurity gets talked about, for example, the term man-in-the-middle (MITM) attack. “Logos, wording, and branding in cybersecurity are often what we consider ‘masculine.’ We must change the perception and awareness of STEM fields to encourage gender diversity.”
These statistics and insights only underscore the social and financial disparities women face with respect to gender equality in professional cybersecurity environments. To increase the percentage of women in cybersecurity, organizations can start by addressing their discriminatory and exclusionary work cultures and paying their employees equitably.
Addressing the Cybersecurity Gender Gap ¶
Tackling the gender gap in cybersecurity is crucial, not only for reasons of fairness and equality but also for the very efficacy of the field itself. Here are several ways that companies can approach this challenge:
Educational Partnerships ¶
The cybersecurity gender gap starts in school. Companies can collaborate actively with schools, colleges, and universities to introduce cybersecurity as a promising career choice for young women. Workshops, seminars, and career fairs dedicated to this cause can ignite an early passion.
For instance, a Deloitte campaign covered by Forbes amplified cybersecurity career opportunities for working women, highlighting roles like ethical hacker and cyber strategist, with the goal of clarifying misunderstandings about the nature of the field and the skills required to break into it.
Moreover, setting up scholarships or sponsorships tailored specifically to women can incentivize their entry.
Revamped Recruitment ¶
The hiring process is a critical phase where many unconscious biases can creep in. Companies can be proactive in ensuring that their job descriptions and hiring practices are inclusive.
In addition, promoting diverse interview panels and specifically reaching out to female-focused tech events or platforms to recruit cybersecurity employees can help tilt the balance. It’s not just about bringing women in but also about making sure they have the support they need to succeed in the role.
Opportunities for Switching Careers ¶
Many individuals may not realize that their current jobs already put them in a good position to move into an entry-level cybersecurity professional role after learning some new skills. Cyberseek’s interactive career pathway tool explains how professionals with roles such as IT support, financial and risk analysis, networking, systems engineering, and software development can pivot into cybersecurity roles.
The career pathway tool also shows the top skills and certifications requested by cybersecurity employers, providing benchmarks for individuals looking to break into cybersecurity.
Continuous Professional Development ¶
To ensure longevity in any career, continuous learning is key. Organizations can actively offer and encourage women in cybersecurity to partake in ongoing training sessions, workshops, and conferences. Women can be trained for cybersecurity leadership roles to promote a strong, diverse workforce at every level of the organization.
By actively supporting their growth, not only will companies benefit from having highly skilled employees, they’ll also demonstrate their commitment to women’s workforce advancement.
Mentorship Programs ¶
The power of mentorship can’t be overstated. Cybersecurity professionals, like those in many technical sectors, are predominantly male. Women entering the field can often feel isolated or misunderstood. Having a mentor, especially a female mentor, can provide new employees with valuable insights into navigating the unique challenges and nuances of the field.
By establishing mentorship initiatives, where experienced female cybersecurity professionals guide and nurture budding talents, companies can offer these women direction and encouragement. Not only do these relationships help newcomers navigate the intricacies of the field, but seeing women succeeding in cybersecurity roles can inspire these women to envision a similar path for themselves.
Inclusive Work Culture ¶
An inclusive work culture in the cybersecurity field means a setting where individuals of all backgrounds, identities, and experiences are valued and have equal opportunities to contribute and succeed.
Creating an environment that promotes respect, equity, and safety is crucial, as is creating space for open dialogue. Companies can actively solicit feedback on diversity and inclusion initiatives, making room for regular discussions where concerns can be aired and experiences shared. Such forums offer invaluable insights and can guide the company in making informed changes.
When employees, regardless of their gender, feel valued and safe, they’re more likely to stay and thrive.
Beyond Gender: Cybersecurity Diversity ¶
Given how dynamic and multifarious cyber threats are these days, organizations can benefit from recruiting a diverse cybersecurity workforce.
But gender diversity is just one factor in bringing innovation into cybersecurity. Diversity also encompasses differences in age, country of origin, sexual orientation, ability, race, and ethnicity — as well as educational background, previous job experience, and technical training.
In a global digital environment, cybersecurity efforts extend beyond national borders. The digital world is diverse, with users from just about every demographic and geographic location. A diverse cybersecurity team may better understand the nuances and varied needs of this global user base than a team comprised of people from the same country with the same demographic background.
Diversity in cybersecurity, not limited to gender diversity, is much needed — and experts calling for a diversification of the field are growing in number. Consider the insight from Maurice Gibson, cybersecurity leader at Wiley Edge:
“When I think of diversity in cybersecurity, I’m not just looking at the colors in the room or the gender ratio. It’s also about the richness of experiences, viewpoints, and unique skills each one of us brings to the table,” Gibson says.
A team with diverse expertise can better anticipate, understand, and counteract diverse threats, and can build a cybersecurity infrastructure that is robust, versatile, and adaptive.
Leaders like Gibson emphasize that cybersecurity is as much creative as it is technical. Having a diverse group of cybersecurity experts who can each draw from their own skill sets and experiences only strengthens the team.
“Considering the multifaceted nature of cyber threats, we cannot afford a one-dimensional approach. Threats are continuously changing, adapting, and trying to outsmart us. A diverse team … provides a comprehensive understanding of potential dangers, ensuring we address and anticipate them effectively,” Gibson says.
Take the Next Step: Earn a Degree in Cybersecurity ¶
While technical skills matter in cybersecurity, so do the breadth of experiences and perspectives that come with a diverse workforce. The unique challenges posed by cyber threats require organizations to choose employees from all backgrounds and with many areas of expertise when filling cybersecurity positions to stay ahead of the next security challenges.
Are you ready to start a career in cybersecurity? For individuals with an undergraduate degree in a technical field looking to enhance their problem-solving, system administration, and security capabilities, earning a graduate degree might be the right next step. The University of Tulsa offers a 30-credit master’s degree in cybersecurity that is entirely online.
The program, designed with working professionals in mind, can be completed in under 20 months. Students can acquire hands-on technical experience through the university’s remote virtual machines (VMs) that enable them to apply cybersecurity principles in practical scenarios. Enrolled students have the option to pursue either a technical track or a leadership track.
Learn more about the current level of diversity in cybersecurity and how to get started in this field by enrolling in the online Master of Science in Cyber Security program at TU.