Women have long been fighting for equal opportunity and pay in the workplace - and they been fighting for just as long in the cybersphere, right in the trenches with males. While gender disparity is particularly prevalent in information security and IT, in general, that shouldn't and hasn't stopped any females from becoming a part of this workforce. In fact, it should encourage them to pick up cyberarms.
According to the 2017 Women in Cybersecurity Report, presented by the Executive Women's Forum on Information Security, Risk Management and Privacy (EWF) and the Center for Cyber Safety and Education, women account for only 11 percent of the global information security workforce. The report also revealed the following:
- Men are four times more likely to hold C-suite positions and nine times more likely to hold manager-level roles than women.
- More than half of women in cybersecurity have experienced some form of discrimination.
- In 2016, women in cybersecurity earned less than men at every level despite entering the profession with higher education levels.
— Theo (@psb_dc) March 22, 2017
Beyond moral and social responsibilities, there are many reasons we should focus on getting more women in the InfoSec field. Let's start with the skills shortage.
One of the biggest issues that organizations deal with today regarding information security is the lack of highly skilled and qualified talent. The aforementioned report said that the number of unfilled cybersecurity positions is expected to reach nearly 2 million by 2022. To bridge this gap, it's becoming increasingly obvious that organizations need to take a different approach to both who and how they recruit, as well as how they train InfoSec teams. They should start by stepping away from the conventional mold of what skills and competencies should be considered for IT pros.
Diversity could bridge talent divide
Diversifying the InfoSec workforce sets the stage for a stronger and more successful security posture. It means a broader range of perspectives, which translates to more creativity and better problem-solving. And it's why organizations are encouraged to consider talent coming from nontechnical backgrounds.
People who are creative, artistic, have military experience, a willingness to learn new things and the drive to be the best - these are just a few examples of people who don't fit the stereotypical profile of a computer scientist yet possess qualities that make them uniquely well-suited for InfoSec functions. The roles and threat landscape of information security are both changing, and the workforce needs to adapt in tandem, which means incorporating varied skill sets when building an InfoSec team.
"Overlooking women is a missed opportunity for stronger security."
Women bring unique skills and qualities that make them not only suitable for these roles but likely to succeed in them. According to research conducted by Gallup, some of the top strengths women bring to the workplace is a willingness and desire to expand their knowledge and learn new information, a responsibility and commitment to completing projects and an innate ability to empathize and understand other perspectives. They are also more likely than men to maintain a disciplined focus on planning, routine and structure.
It's easy to see how overlooking women in InfoSec isn't just a disservice to them - it's a missed opportunity for organizations that want a stronger security team.
Lynn Terwoerds, the EWF executive director, put it best when she said, "The under-representation and under-utilization of female talent is both a critical business issue and a hindrance to the development of world class cybersecurity organizations and resilient companies, as well as the overall safety and protection of our country."
Rethinking the who and how of training
At the end of the day, if decision-makers want to bridge the talent gap and build a better cybersecurity department, a good place to start would be with filling the gender gap. To take InfoSec strategies to the next level, companies need to place more focus on recruiting, educating and promoting women.
Although much of the research in the 2017 Women in Cybersecurity report consisted of discouraging and disappointing figures - like a significant portion of women agreeing that their opinions are not valued when it comes to the security of their organization - there were some positive takeaways. For example, the women who feel the most valued in their roles are more likely to have seen opportunities and resources for training and development.
In today's chaotic and increasingly complicated risk landscape, investing in InfoSec training is a must. It's time for organizations to rethink not only who they recruit to their teams and train, but how they go about their training and development.
If you're moving in the right direction and evolving with today's cybersecurity climate, your InfoSec team of tomorrow likely won't look and train like it once did.
To learn more about the varied skill sets needed to combat the growing cyberthreats of today, as well as the distinct types of training for developing those skills, download our whitepaper.