Closing the Cybersecurity Skills Gap — Calling All Women

Wednesday, October 12, 2016

Michelle Johnson Cobb


As cyberthreats have become more sophisticated, networks more complex and cybersecurity issues of greater concern at the board level, demand for skilled cybersecurity professionals has soared. Unfortunately, there just isn’t enough talent to fill all of the roles.

According to the 2015 “Global Information Security Workforce Study” (GISWS)from the (ISC)² Foundation, the information security workforce will reach a 1.5 million shortfall by 2020. Another study by (ISC)² on women in securityrevealed that in 2015, 90 percent of the information security positions worldwide were filled by men. This is despite women nearly closing the gap between men and women in terms of relevant undergraduate degrees and holding higher academic degrees than their male counterparts.

Somewhere between graduation and the career path, women are turning away (or being turned away) from roles in information security. Closing the cybersecurity skills gap will depend heavily on the inclusion and participation of an untapped pool of talented women. To get there, it will require a mix of practicality and inspiration.

1. Show Them the Money

Gartner predicts 2016 will see worldwide information security spending reach $81.6 billion. cybersecurity Ventures also projects $1 trillion will be spend globally on cybersecurity from next year to 2021, according to their Q3 2016 Market Report. The presents a great opportunity for women looking for stable employment in a field with continued growth and high wages.

Women are already taking advantage of high-growth divisions within cybersecurity. According to (ISC)2, 20 percent of women hold roles in governance, risk and compliance (GRC), which the foundation sees as a division with solid projected growth and importance.

“Women, therefore, have positioned themselves wisely in an InfoSec profession that should not be defined by sheer headcount, but in the roles of those that are shaping the future practice of InfoSec.”

2. We Need You

Solving cybersecurity issues requires a mix of talent. STEM-skills, technical knowledge, critical thinking, product management, understanding of organizational behavior, planning and communication are key. But in an age where networks and threat landscapes change constantly, organizations must seek out fresh perspectives and creative approaches to combat current challenges and lay the foundation to meet future ones. Recruiting women not just for diversity’s sake but for diversity of thought will create more agile, innovative security teams.

Job descriptions that include “softer” skills such as collaboration, objectives management and openness to new methods, in addition to technical knowledge, make clear that organizations are seeking well- rounded applicants. Hiring managers should avoid inflating the job requirements unnecessarily as women are less likely than men to apply for positions where they feel that they are not 100 percent qualified (men put that threshold at about 60 percent).

3. End the Token Speech

Increasing the visibility of women in cybersecurity can improve community within the industry and also influence younger women who perhaps have the much-needed skills but are undecided in their career path. Many cybersecurity conferences often have speaking opportunities for women in the industry to give insight on establishing their career in a male-dominated field.

Unfortunately, too often these are some of the only presentations given by women at such conferences. What would be more useful to the women in the audience would be to see women presenting on their work rather than their career. This is not to suggest career talks given by women for women should be eliminated; rather, they should not be used as a sort of “affirmative action check box” for conferences.

Women need to see that though they are underrepresented in cybersecurity, they are not an anomaly. They, like women before them, have value to contribute to the industry and their efforts can shape it for years to come.

Enterprise Security Security Training
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.