Women’s representation in the cybersecurity workforce has remained at 11 percent since 2013, despite the growing shortage of cybersecurity workers worldwide, according to a recent (ISC)2 survey.
“The one thing that surprised me the most was the fact that the percentage of women in the workforce really has remained stagnant,” said (ISC)2 North America managing director Dan Waddell.
Though the cybersecurity workforce shortage is expected to reach 1.8 million by 2022, women make up a very small portion of the current workforce and often have more varied and higher levels of education than their male counterparts, the study found.
“The Women in Cybersecurity report found that 52 percent of millennial women have a computer science degree, yet the number of women in the cybersecurity workforce has remained stagnant for the last two years,” said Sam King, chief strategy officer at Veracode. “We are already facing a significant skills gap in cybersecurity with positions going unfilled. If we continue on this track, we will be unable to secure the digital economy.”
Though computer science degrees are helpful for working in the cybersecurity industry, Waddell said that the ideal cybersecurity team should have a mix of disciplines to be effective.
“When most people think about cybersecurity, they default to STEM,” Waddell said, explaining that people with arts and communication degrees can ensure that cybersecurity practices are communicated across an organization. In fact, Waddell said, the 2015 Office of Personnel Management breach demonstrates how known cyber vulnerabilities can be left unaddressed when communication fails.
“The failure was in that cyber translation area,” said Waddell. “If we have people with greater communication skills, that might not have happened.”
“Mature cybersecurity teams require a mix of skills and diversity of thought. You must foster teamwork that’s inclusive and integrates multidisciplinary and diverse perspectives,” said Angela Messer, a Booz Allen executive vice president. “An overreliance on any one background or perspective leaves an organization vulnerable to adversaries and threats that rapidly change. Only diverse, multidisciplinary teams can rapidly respond and problem solve on the next challenge.”
To attract that diverse talent, Waddell said the media needs to work on showing images of female and minority information security professionals.
“I think the image that we are portraying, just by its very nature, presents a boys club,” said Waddell, explaining that the stereotype of a white, male hacker in a hoodie limits the kind of people that actually enter the field.
Waddell championed organizations and social media accounts that make sure to display pictures of women, and especially women of color, working on computers, in the security operations center, or in the tech boardroom. He also said that cybersecurity events should seek to include more women and minorities in their panels.
“I’m exhausted by the ‘women in security’ panels,” Waddell said, explaining that it does more good to include female cybersecurity professionals in a wide array of panels rather than relegating them to a special panel for women.
“As long as we are offering opportunities to give them a voice, the women that are already there will open the door for other women,” Waddell said.
Waddell also encouraged industry to take the knowledge provided by the survey and use it to drive programs and initiatives to change things. Many companies are already doing so, such as Raytheon working to provide cybersecurity scholarships for women and Microsoft’s #MakeWhatsNext campaign to encourage girls to stay in STEM programs.
“We really want to start turning this into action,” said Waddell.