According to a survey by ISC2, women working in cybersecurity currently account for about one quarter (24%) of the overall workforce. This then shows that although men significantly outnumber women in cybersecurity, more and more women are starting to join this field and asserting themselves in the profession.
Yet, there is still a long way to go before completely bridging the gender gap in cybersecurity. Women are still faced with many challenges, especially as this environment has always been so male-dominated.
Thus, we have talked to women who work in cybersecurity on the importance of gender diversity in the field and how to improve it.
Gender diversity in cybersecurity
According to a report from Cybersecurity Ventures, it was stated that women only represent ⅕ of the cybersecurity workforce.
Sonya Moisset, Lead Security Engineer at Photobox, points out that we have to keep in mind that the field is a fast-growing pace industry, but this evolution doesn’t apply to the number of women in the field – the field being depicted as a male-dominated industry. Hence, cybersecurity has much progress to be made in terms of gender parity and diversity in general.
Moreover, Melanie Molina, Security Engineer at GoCardless, adds that many companies have shifted their perspective and have seen diversity as an amplifier with great benefits. By doing so, they have introduced more discussions and efforts in refining their hiring process, helping reduce bias and be more open to talent without traditional backgrounds or stereotypical traits, that would in the past describe the only candidates in the pipeline. Thanks to this, we can see more opportunities for women and their rightful validation in the cybersecurity field.
Yet, she continues, there is still a lot of work to do, and not all companies are in this journey for inclusion and diversity. It is also not as simple as refining the recruitment process and hiring more women but also working on retaining talent, ensuring that the culture promotes the same opportunities for growth and respect for all and that there are resources and education efforts to reduce bias and sexism in the workplace.
Vaibhavi Sobti, Software Development Engineer II at Amazon, also states that she has observed different patterns at different places. Indeed, technical colleges in India have a really skewed gender ratio and cybersecurity is no exception. As for the tech industry, she has noticed that teams with bad work-life balance lack gender diversity while the situation is better at other places.
Are women a minority in cybersecurity?
According to the latest numbers, Sonya notes that women are still a minority in this field.
This could then be explained by the challenges they are facing as well as the perceptions based on status quo rather than scientific evidence, such as STEM fields being more suited to men than women and that the field is for ‘techie’ people. She adds that closing the gender gap would help correct these perceptions.
Vaibhavi also underlines that cybersecurity is a lesser-explored field in computer science that is taught mostly at the postgraduate level in India, which makes it a lesser-known domain to college graduates. It is only when they go into the industry that they realise the importance of cybersecurity. Besides, traditionally engineering has remained a male-dominated field of study in India which might be one reason why we see fewer women in cybersecurity.
Melanie adds that women have come a long way in terms of progression and condemning sexism. Yet, one of the things she found to be the toughest, is the normalisation of behaviour that negatively impacts this progression – including the normalisation of reactions, vocabulary, dialogue etc that may seem harmless but its accumulative power can have a negative view/perception of women.
Indeed, for both men and women, we have been conformed to be okay with this, but it actually isn’t. For example, whenever she speaks to customers or engineering teams, it is very common to refer to their engineers or teams as “the guys”, it is always assumed they are all men. She points out that this did not bother her at all, as she didn’t even think about it. It was only after GoCardless did an Inclusivity and Diversity month where one of the speakers mentioned challenging all these sorts of normalisations that she realized that this was happening.
That’s when she started to ask herself why should she be okay that it is always assumed engineers are all guys? What about her, and the other women that work as engineers? Why should she be questioned every time she asserts something? Why does she have the need to question women more than men? Why should she be okay with people assuming she doesn’t know what she is talking about? Why does she feel the need to be apologetic so much, when there is no reason to?
These are some of the questions that she asks herself all the time, a behaviour that has been instilled and normalised since very young. Although none of it tends to be intentional, having an open dialogue about it can be very positive, and if you are working with the right people, you’d be impressed at the amount of effort your team/company will make to become more and more inclusive.
Melanie then recommends asking yourself, why is this okay and should you be okay with this? Have an open discussion with your peers, it can go a long way!
The importance of diversity in cybersecurity
Sonya highlights that we need to acknowledge as well the severe talent gap and shortage of cybersecurity skills aside from the gender gap – which is true for the whole tech industry. Nowadays, most industries rely on technology to function and therefore have needs in terms of cybersecurity to help them protect their data, platforms, and products.
Having more women in the field would help boost the industry and fill the need. It will also help bring different perspectives to the table. She also adds that closing the gender gap would help pave the way for other types of diversity in the field
Vaibhavi emphasizes that this issue is important everywhere and not just in cybersecurity. Gender diversity brings a sense of inclusion and brings different perspectives to problems and their solutions. In cybersecurity especially, the defender sometimes needs to think like an attacker who is trying to disrupt or intrude on the system.
One cannot imagine the number of innovative ideas and solutions we can get with diversity in the team/organisation. It is these ideas that help us understand our attackers better and also build defence mechanisms against them.
Challenges for women in cybersecurity
The challenges women face in the industry are cyclic in nature.
Indeed, as Vaibhavi notes, the lack of gender diversity in the industry causes a lack of sensitivity towards issues women face, in general. In a country like India, most married women who choose to pursue their careers after marriage have a tough time maintaining a work-life balance. They are constantly churned between managing office and home, which causes a lot of women to quit their jobs and only manage homes. The situation becomes way more complex for working moms.
Hence, the lack of sensitivity of women-centric issues at the workplace is often the driving factor that causes them to quit their jobs. In cases where women choose to fight the battle between career and family, they often struggle at work to prove their worth way more than men, just because they manage the home, which constantly requires a time commitment.
Moreover, Sonya adds that challenges women face in this industry can range from a lack of diversity in the teams, a male-dominated culture which could hinder acceptance in a team, unequal pay, lack of recognition and lack of support from leadership and the infosec industry in general.
Women also have to face negative perceptions that can deter some women from the cybersecurity field – they might think it is not a viable career path or be unwelcoming for beginners.
Yet, figures show that it’s one of the most opportunity-rich career paths at the moment and for the next decade, thus it is vital that organisations work on their gender diversity.
A slow progression towards equality…
According to Sonya, diversity in the field is progressing but it is slow. Companies have to realise they need this diversity to respond to threat actors who are also coming from disparate backgrounds.
Vaibhavi adds that a lot of big organizations are coming up with newer policies for women, including period leaves, longer maternity leaves, rekindling women who took a break from work, all of which promote an inclusive culture and gender diversity.
However, we still have a long way to go. First, there are only a handful of big organizations and even fewer women working in these companies. The not-so-branded startups and small scale companies still need to imbibe and embrace the importance of gender diversity. Second, the general mindset of people needs to change.
Gender diversity can only be achieved if everyone in the organisation respects women and aims to provide them with a comfortable space to work and grow.
Bridging the gender gap
The rise of several initiatives worldwide should help attract girls and women to careers in the field is a good way to improve diversity in cybersecurity, Sonya notes. Indeed, these initiatives focus on women’s cybersecurity careers, provide training, networking and mentorship.
They can be beneficial for those thinking of embarking on a career in the field or just starting out. Some initiatives might even include workshops, job boards and certification preparation study groups to provide companies with a pipeline of qualified cybersecurity job candidates at all levels.
Moreover, Vaibhavi thinks the leadership and immediate managers play a key role here. Managers need to understand the importance of women in technology and aim to improve the overall diversity in their team.
She also underlines that only hiring women does not solve the problem. They should also be sensitive about the problems and issues that their female subordinates are facing. Going the extra mile in understanding what your subordinate is going through goes a long way in building relationships, motivating and encouraging people and also retaining talent. Managers should be given special training to sensitise them towards women.
If every manager in an organisation achieves this for their team, we can achieve significant gender diversity in the industry.
Ideas & initiatives to benefit women working in cybersecurity
Sonya recommends joining an initiative to build a support network. There are many initiatives worldwide for women in cybersecurity (meetups, events, associations…). You can also explore the different areas available in the field (governance, risk assessment, threat intelligence, security architecture, penetration testing, user education…). Having a mentor for career advice or forming connections with key players in the field could lead to other networking or job opportunities.
For Vaibhavi, mentoring is a great way to learn and grow. Every woman going through different phases in her personal life and career could use some advice from another woman who has faced something similar or has seen someone handle the situation gracefully.
Besides, having a platform where women in technology could connect with each other would not only be a great networking place, it could also help women who need some motivation and build women role models for themselves. We are not alone in this!
What advice would you give to women who want to pursue a career in cybersecurity?
“Believe in yourself – you can do it! Everyone in cybersecurity has imposter syndrome and hitting some roadblocks along the way in your journey doesn’t mean cybersecurity isn’t a good fit for you!” Sonya.
“We know we have to work twice as hard to be heard or validated but keep going and be picky. Don’t accept behaviour from companies/people that don’t see your potential, don’t treat you with respect or offer real opportunities for career growth etc. There are organisations out there that do make a real effort to establish a progressive culture, and teams that will see you as you are, which is a security superstar. Focus on your quality of work, integrity and treating everyone with kindness, things will eventually fall into place.” Melanie.
“Cybersecurity is a growing space with lots of opportunities to grow and build a career in. It has challenging problems to that demand sophisticated solutions. It is important to learn about it as much as you can because even if you are not working in the core cybersecurity space, you are always expected to know at least some stuff around building secure systems.” Vaibhavi.
Special thanks to Melanie Molina, Sonya Moisset, and Vaibhavi Sobti for their insights on the topic!