A Guide for Women in Cybersecurity

In a recent study, a whopping 53 percent of organizations that hire information security professionals lamented a shortage of cybersecurity skills among the talent pool from which they were selecting workers. When you combine this with the fact that as of 2019, women make up only 20 percent of the cybersecurity workforce around the world  (according to Cybersecurity Ventures), you can see that unless changes occur, cybersecurity firms will continue to have difficulty finding skilled and trained workers. While the percentage of women working in the cybersecurity field has increased since 2013, when just 11 percent of the global cybersecurity workforce was comprised of women, the numbers are still far too low.

In a field in which the unemployment rate has remained at zero since 2011, women need, and deserve, far greater representation. Here, we will examine the reasons behind the lack of women in cybersecurity, as well as how to better encourage women to pursue cybersecurity education and careers.

Women in Cybersecurity Around the World

Some countries are moving more quickly than others in placing more women into leading cybersecurity roles. Israel, for example, is the world’s second-largest exporter of cyber technology (the United States being the first). As of 2018, TechCrunch noted that 15 percent of new cybersecurity startups were founded by females, up from just five percent in 2017.

Another country in which women are succeeding in cybersecurity is Australia. As of 2018, per McAfee’s Cybersecurity Talent Study, 25 percent of Australia’s cybersecurity workforce is female. This rate is much higher than the international average.

Yet another country boasting more women in the information technology and services workforce is India, where 34 percent of such workers are women, according to the National Association of Software and Services Companies.  India is pushing for even more women to specialize in cybersecurity, with one example being CyberShikshaa, a three-year joint program between Microsoft India and Data Security Council of India designed to create a talented pool of women in cybersecurity in that country.

The United Kingdom’s cybersecurity workforce is currently 18 percent female, per BeecherMadden. In the United States, according to a 2019 report by (ISC)2, 24 percent of the cybersecurity workforce is female. BeecherMadden also notes that in the U.S., 83 percent of all spending decisions are controlled by women. It only makes sense that more women in the cybersecurity workforce, then, would be better in the long run for U.S. companies as well as international businesses.

As of 2020, 14 percent of chief information security officers (CISOs) at Fortune 500 companies are women, or 70 out of 500, per Cybersecurity Ventures. However, within the ten largest companies in the United States, no women hold CISO roles. In fact, just one company in the top 15, Cardinal Health of Ohio, has a woman CISO—Lori Havlovitz.

Backgrounds of Women Entering Cybersecurity

When we examine the educational background of CISOs of Fortune 500 companies based on gender, 48 percent of female CISOs have a bachelor’s degree in computer science, while 36 percent of male CISOs hold such a degree. Within these companies, 43 percent of female CISOs have a master’s degree, compared to 37 percent of male CISOs.

So, in which industries and disciplines do women who end up working in cybersecurity typically originate? An article in Nature noted that women working in cybersecurity are 44 percent more likely to have degrees from fields other than computer science, such as mathematics, business and social science (compared to 30 percent for men).

In the 2017 survey “Women in Cybersecurity – A Progressive Movement,” fewer than half of the 300 women who responded said that they had gotten into cybersecurity by studying or working within information technology or computer science. Other fields that women currently working in cybersecurity have backgrounds in are quite diverse, and include compliance, psychology, entrepreneurship, internal audit, sales, and art.

Many of these women did not initially plan to work in cybersecurity, but ended up there for a variety of reasons. These include:

  • The desire to solve complex problems
  • Wishing for a growing field with many opportunities
  • Wanting to work with new technology
  • Desiring to be a part of future innovation
  • Interest in the legal and regulatory aspects of cybersecurity
  • Other reasons

These same women, when asked what they love about working in cybersecurity, noted:

  • Being able to help others
  • Solving complex problems
  • Creating a better future for the world
  • Helping to secure organizations against threats
  • Seeing new things before others do
  • Being able to apply technological skills

How to Increase the Number of Women in Cybersecurity Jobs

How can companies recruit more women to work in the field of cybersecurity worldwide? One of the findings of the survey above noted that women who land in cybersecurity jobs come from a wide variety of backgrounds. This means that recruiters for cybersecurity jobs should be looking within all industries, not just information technology, computer science and STEM (science, engineering, technology, math), to find the types of workers they want who have the skills they desire.

Once businesses have landed women in cybersecurity positions, they must do more to keep them. Inclusive work environments that cater to employees’ needs (especially those pertaining more directly to female employees, including things like child care and better leave policies) are vital to retaining good workers within all demographic categories.  Part of this inclusive work environment must encompass training for all employees on eliminating sexual harassment, and making women feel valued in the workplace.

The 2017 Global Information Security Workforce study noted that more than half (53 percent) of women working in cybersecurity say that they have experienced gender discrimination, compared with just 15 percent of men. Types of discrimination they say that they have faced include unconscious bias, delayed career advancement, highlighting of their mistakes, tokenism, and overt bias. Gender discrimination must be eliminated in cybersecurity workplaces in order to attract and keep the best female talent.

Likewise, sexism in cybersecurity must be eradicated. Women currently working in cybersecurity have noted that their industry is full of white males, which has created a culture that is sometimes hostile towards those who are different, including women. Women in information technology positions tend to leave their jobs at a higher rate than men. The cost to US businesses of losing trained and talented professionals who leave due to discrimination and bias has been estimated at $64 billion per year.

Women’s contributions in cybersecurity must be acknowledged. They have been working within this field for the past 100 years, including (but not limited to) as code girls and cryptographers during World War II, as well as at NASA in the 1950s. Many influential positions in cybersecurity have been held by women, including (but definitely not limited to):

  • Theresa Payton, first female Chief Information Officer in the White House under President George W. Bush
  • Melissa Hathaway, Acting Senior Director for Cyberspace for the National Security Council under President Barack Obama
  • Letitia Long, first woman director of the National Geospatial Intelligence Agency from 2010 to 2014
  • Jeannette Manfra, Chief Cybersecurity Official for Department of Homeland Security as of 2018

Finally, women in cybersecurity must receive equal pay and the same opportunities for advancement as their male counterparts.  Many of the organizations and associations listed below focusing on women in cybersecurity help women fight for equal rights in the workplace.

Cybersecurity Incentives and Scholarships for Women

Another important component of attracting more women to the cybersecurity field is providing incentives and scholarships for them to study cybersecurity at international colleges and universities, including online. Starting at a young age, GirlsWhoCode works on addressing the shortage of women in technology fields, including cybersecurity, by appealing to younger girls to consider careers within technology. GIrlsGoCyberStart is another program designed to introduce girls, in this case older teenager/high schoolers, to the field of cybersecurity by offering training and friendly competition. Shift community in Israel, financed by that country’s Defense Ministry, Start-Up Nation Central and the Rashi Foundation, identifies and encourages high school girls who have aptitude and talent in information technology.

Many cybersecurity scholarships have been created that focus on enticing women into the field. They include:

Other scholarships for those of any gender intending to study cybersecurity include:

Examples of Women Succeeding in Cybersecurity

Despite the lack of women in cybersecurity, their numbers are increasing, as noted above. There are some shining examples of women who have risen to the top of the cybersecurity profession who can be role models for other women who are interested in working in cybersecurity. Some of the top women leaders in cybersecurity as of 2020 are:

  • Lisa Schreiber, Chief Customer Success Officer at Forcepoint, a cybersecurity company formerly known as RedOwl in Baltimore, Maryland
  • Hue Hemingway, Co-CEO and Chief Financial Officer at Guardian Analytics of Mount View, California
  • Tia Hopkins, Vice President of Global Sales Engineering at the cybersecurity firm eSentire in Waterloo, Ontario, Canada
  • Leslie Jones, Chief Human Resources Officer at Coalfire in Westminster, Colorado
  • Sagit Manor, Chief Executive Officer of Nyotron of Santa Clara, CA and Israel
  • Deborah McGinn, Chief Marketing Officer at Arxan Technologies in San Francisco, CA

Associations and Organizations for Women in Cybersecurity

Many associations and organizations have been created to foster and encourage women in cybersecurity positions and to help them to fight for equal pay and rights in the workplace. They include (but are not limited to):

Women in Cybersecurity: The Future

With more women being enticed into STEM fields, including cybersecurity, the promise of an increase in gender parity among the cybersecurity workforce is attainable. Especially as businesses around the world are experiencing a talent shortage within cybersecurity, women should expect greater opportunities to become available and remain available to them. The increase of female involvement in cybersecurity advocacy groups and organizations will also encourage companies to treat women as equal employees to men and further the chances of more women entering the global cybersecurity workforce.