Bridging the gender gap in cyber security

#IWD2022 #BreakTheBias

To mark this year’s International Women’s Day, ITC Secure’s Chief Operating Officer, Fleur Chapman, explores why gender diversity is so important for the future of cyber security and how the industry can make progress in becoming more inclusive for women.

Cyber security is one of the most sought-after technology skills today, with 59% of organisations indicating that they would find it challenging to respond to a security incident due to a shortage of skills, according to a recent World Economic Forum report.

One major reason that limits the talent available is a shortage of women entering the sector with many making the assumption that male-dominated teams have always been the norm in computing and security technologies. However, this is far from the truth. When we look back at history, women have been at the centre of computing technology since its inception, programming giant leaps for humankind.

From Ada Lovelace, who was instrumental in designing and building Britain’s first real computer programme when she was just 19 years old, to Margaret Hamilton who was instrumental in NASA’s moon landing. Not to mention Bletchley Park’s codebreaking operation, which was accredited for cracking the Nazi’s ‘Enigma’ code during World War II, using the same abilities cyber security analysts use today: logic, methodology, and data analysis. This team was made up of nearly 10,000 people of whom 75% were women.

There is also a misconception that, to begin a career in cyber security, you must have a technical background. In reality, many of the best security professionals bring fresh perspectives and a range of soft skills from non-technical backgrounds such as English or psychology majors to artists, writers, and stay-at-home mums! Just as the saying “anyone can cook” goes, so too can anyone get started in cyber security if you have a passion for learning. Afterall, cyber security is actually all about learning how technology (and people) works.

Again, taking inspiration from female role models in history, Hedy Lamarr, the Austrian-American actor was a primarily self-taught inventor in her spare time. She co-invented a frequency-hopping method to control torpedoes remotely without the risk of signal tracking or jamming. Naval ships were using the technology by the 1962 Cuban Missile Crisis. And this invention later became part of Bluetooth and wifi!

These are just some of the rich examples of invention, strength, and achievement from female role models that dispel common gender myths and a source of inspiration to those considering a career in cyber security.

Why diversity matters

Today’s threat landscape is constantly evolving and attacks are increasingly complex – ranging from more sophisticated ransomware and supply chain threats, nation-state attacks on critical infrastructure, overlooked vulnerabilities at the firmware level, and more.

Solving cyber security challenges of today requires a holistic approach and, therefore, building a cyber security workforce needs to involve holistic thinking.

Work wisdom tells us that diverse teams create diversity of thought, fresh outlooks, and better outcomes that can lead to changes in status quo.

Bridging the gender gap

There has been some improvement over recent years in terms of growth in female representation within the cyber security workforce globally. The Global Information Security Workforce Study from (ISC)² estimates that this make up has grown to 24% today vs only 11% in 2013.

However, while this is positive news, there is still some work to do to bridge the gender gap within the industry.

So how can we make progress as an industry?

1. Encouragement for girls to understand cyber security at an early age

Cyber security is an exciting and diverse career that needs more exposure!

The lack of diversity in STEM fields has been well-discussed, but it’s time to bring this topic home by showcasing some interesting opportunities for those with a knack towards cyber security – starting at school level. Cyber security programmes need encouragement from both educational institutions as well industry professionals if we want our younger generation exposed enough so that they know what great careers are out there waiting when they graduate school or start working.

2. Visibility of female role models, including more female-specific awards and events

The next generation of cyber security professionals will be more likely to choose a career in the field if they see people that look like them succeeding. Visible female role models can educate younger generations, help demystify this profession for young women and men alike – showing how broad it is with many different skills sought after – covering not only traditional ‘technology’ skills such as product development and engineering, but also skills such as human behaviour, effective communication, business impact, risk management, and project management.

3. Establishment of industry-wide female mentoring and coaching

Mentoring and coaching programmes can be a vital part of the diversity efforts for cyber security professionals. These types of initiatives help to retain female employees, provide support when it becomes time to expand career options or simply feel more confident at work because you’re surrounded by others who understand what life is like outside office walls as well! A number of groups and projects are already in place that are good sources of inspiration including

Women in Cybersecurity, Courageous Women in Security, Ladies of London Hacking Society, Lean In and The Female Lead – all of which are worth exploring and supporting.

4. Commitment to building an inclusive environment for all

An inclusive environment is important for any organisation because it allows people from different backgrounds regardless of gender, race, sexual orientation, disability, or religion to thrive in the workplace. And to do this, four areas should be considered:

  • Emphasis and support on the business case for diversity and inclusion at the leadership level.
  • Unconscious bias training that helps people recognise and detangle their own prejudices.
  • Intentional practice of inclusive leadership to create a safe team environment where all employees can speak up, be heard, and feel welcome.
  • And finally, leadership accountability where inclusion is a core value to the organisation and not just a check-box exercise.

By making progress in these areas as an industry, we can start to make cyber security a more diverse and inclusive industry. This will not only help to plug the estimated 2.7 million skills shortage, but it will also lead to organisations that are more successful and innovative.

At ITC, while the gender ratio of 26% is above the industry average, advocating and improving all areas of diversity (including gender) is an ongoing commitment for our business. If you’re reading this and want to explore a career in cyber security, take a look at our careers page which includes open roles right at the bottom of the page. We’d love to hear from you!