5 ways to fix the Cybersecurity gender balance
- September 9, 2019
- Posted by: Wale Omolere
- Category: Career Advice
Diversity works. It’s good for every industry. Dozens of research studies show that a diverse workforce is more innovative and creative. Our information security industry depends, perhaps more than any other industry, on innovation and fresh perspectives. But we’re not diverse, as far as gender is concerned. Only 11% of the global information security workforce is made up of women, and in the UK, this figures decline to only 8%.
Women aren’t entering the sector, and, if they do, they’re leaving quickly. Our sector is limiting itself by its inability to attract and retain women. And, with more than 1 million unfilled cybersecurity jobs worldwide and cybercrime becoming more sophisticated and widespread, we must change.
Organisations with women in leadership outperform their competitors, and the tipping point to change leadership dynamics – and organisational culture – is three or more women on the executive board. Yes, there are women in leadership positions. Think Angela Sasse, Head of Information Security Research at UCL; think Carmina Lees, VP Security at IBM. But women in leadership roles are rare.
The reason for underrepresentation at every level is complex. There’s:
- The popular perception of cybersecurity as a male domain.
- A lack of female role models.
- Underrepresentation of women in STEM subjects. For instance, women made up less than 15% of UK STEM undergraduates in 2014-2015 (HEFCE, 2016).
- The sector’s focus on recruiting from STEM-only talent pools.
Rethinking recruitment and retention
Attracting and retaining women workers should not be a piecemeal process, but a sustained, deliberate programme to transform perceptions and culture. It might be beyond our powers to normalise technology for girls in schools and dissolve the gender-biased messages that both girls and boys receive from babyhood. But we can act on what’s within our own locus of control. Many companies are examining every aspect of the organisational design to improve their gender balance.
Five steps to a more diverse workforce
- Explain our sector properly
Employers like Raytheon have focussed on myth-busting to make the engineering sector more attractive to women. The infosecurity sector could do the same to alter perceptions. For instance, it’s not a new sector for women; a recent study showed that nearly 40% of women respondents had been working in the field for 10 or more years.
- Widen the talent pool
The same study showed that fewer than 50% of the women respondents entered the sector from computer science or IT. Many had come from psychology, compliance, audit, sales and entrepreneurship. Infosec recruiters who look beyond STEM will find a more diverse talent pool.
- Stay with the programme
McKinsey research suggests that the most effective practices for increasing women’s representation at every level are:
- CEO commitment: top-level prioritisation of gender equality had better results.
- Persistence: staying with gender programmes for longer had better results.
- A comprehensive, holistic transformation view: gender equality was considered integral to every part of the business process, rather than a separate “thing”.
- Introduce return-to-work programmes
IBM, for example, supports women returners through its Tech Re-Entry Program, which brings returners up to speed before launching them back into the workplace.
- Link to support networks
Support networks are an effective mechanism for exchanging information, increasing collaboration and fostering a sense of belonging. Networks like the AnitaB.org or Women’s Security Society (also open to men) aim to help women flourish and are sponsored by, and partner with, a range of infosec organisations.
Diversity is good for all of us. If we break down the barriers to true gender balance, we’ll enrich our sector with more talent, more innovation and an increased ability to take on all the challenges of the future.
- Cobalt report: https://www.helpnetsecurity.com/2017/08/04/women-cybersecurity/
- Biennial Women in Cybersecurity report: https://iamcybersafe.org/news_women_cybersecurity/
- PWC: 2017 Global Information Security Workforce Study: Women in Cybersecurity
- Women Matter, Reinventing the workplace to unlock the potential of gender diversity: McKinsey & Company, 2016
- Kramer, V. W., Konrad, A. M., and Erkut, S. “Critical Mass on Corporate Boards: Why Three or More Women Enhance Governance.” Research & Action Report Fall/Winter 2006
Networks and support:
- Growth through innovation/creativity:
Rather than be constrained by ideas for new products, services and new markets coming from just a few people, a Thinking Corporation can tap into the employees.
- Increased profits:
The corporation will experience an increase in profits due to savings in operating costs as well as sales from new products, services and ventures.
- Higher business values:
The link between profits and business value means that the moment a corporation creates a new sustainable level of profit, the business value is adjusted accordingly.
- Lower staff turnover:
This, combined with the culture that must exist for innovation and creativity to flourish, means that new employees will be attracted to the organization.