The disparity on gender representation among cybersecurity professionals may be detrimental to the further growth of this field, especially as demand for talent continues to escalate, say stakeholders from Open Systems and Tessian.
It is no secret that attention on cybersecurity increased as the pandemic forced organizations to establish remote operations via the cloud quickly. The circumstances opened up the potential for bad actors to take advantage of sudden changes in operations with personnel working outside of their usual security infrastructure. Though the need remains high, there has yet to be widespread elevation or hiring of nonmale professionals to cybersecurity roles that must be filled.
Though organizations may try to make headway diversifying their cybersecurity teams, along with other technology roles, the results can be influenced by their internal culture. “People talk a lot about diversity but sometimes the point that is missing is the inclusion piece,” says Aurelie Guerrieri, chief marketing officer of Open Systems, a provider of cybersecurity for the enterprise cloud.
She says though companies often publish language to describe their culture, it is the behavior of employees that determines their culture. That might deter or encourage women to pursue roles that continue to be male dominated. “An employee will pick up on those cues that make her feel like she belongs, and her voice is heard,” Guerrieri says.
In many ways, cybersecurity roles should be fair game for hiring and promotion because of the importance of code versus gender but that is not always the case in practice. “Behind the screen, in theory, everyone is equal,” she says. “Clearly that is not what is happening.” Guerrieri would like to see more networking among women in cybersecurity to facilitate the creation of support systems to encourage them to remain and thrive in this career path.
Some women have seen opportunities in cybersecurity emerge in response to the pandemic, says Sabrina Castiglione, CFO at Tessian, an enterprise email security software provider. Her company recently conducted a survey that included responses from 200 female cybersecurity professionals, 100 in Britain and 100 in the United States. Castiglione says some of the responses showed an increased sense of job surety among women in cybersecurity as the world coped with the COVID-19 pandemic.
“In cybersecurity, women are saying they feel more secure or that with the impact of the pandemic, their job security has actually increased,” she says. Of the women respondents to the survey, 49% felt more secure in their jobs, Castiglione says. Further, she says 94% of the female professionals interviewed hired new staff members to their respective teams.
The shift to remote work happened in short order, Castiglione says, which placed an emphasis on organizations figuring out how to stay secure outside of the office. “The world had to rush to adapt to the new security landscape, which is more distributed with less in-person monitoring and relying more on cloud security,” she says.
The pandemic brought about other changes that she says may have helped women with their work-life balance. Castiglione says compared with the last time Tessian conducted this survey, more respondents indicated greater job satisfaction now as their organizations adjusted working patterns and increased flexibility with work locations and hours.
This also allowed some employees to live outside of high-cost city centers while continuing to work remotely, she says. “A lot of companies have placed a lot more emphasis on some of their quality of life benefits in the last year having recognized the value,” Castiglione says.
Though such opportunities exist, it can still be a challenge to fill cybersecurity roles because of the skills gap, she says, making it hard to achieve a more balanced workforce. If organizations support efforts to reskill professionals looking to change careers, extend opportunities to groups who have not had access to such training, or try to elevate from within, she says it could help address such gaps. “The fact that there is still such a disparity in between the number of men and women in this industry is hindering its growth,” Castiglione says. “The demand is there but the supply of personnel is not.”
Part of the issue can be the perception of cybersecurity, she says, which can deter some women from pursuing such careers. For example, Castiglione says the mechanistic aspects of the trade tend to be highlighted over the opportunities for creativity and social enterprise for doing good that include protecting people and jobs. “Additionally, females in the cybersecurity industry still feel there is a lot of work to do with regards to equal pay,” says.
There was a bit of a geographic divide among the results of Tessian’s survey with respondents from the UK and the US taking some starkly different perspectives.
According to the survey, 73% of female respondents in the US indicated equal pay was necessary while only 21% of UK female respondents shared that sentiment.
Furthermore, 60% of women respondents from the US indicated they believe a gender-balanced workforce would encourage more women to pursue cybersecurity careers. Just 26% of the women who responded from the UK echoed that belief.
Differing national employment laws and practices in those countries, Castiglione says, could have been a factor in the responses. “The UK has a lot more employee protections, generally speaking,” she says. The country also maintains more firmly established national statutory maternity pay, Castiglione says, and a larger proportion of British companies also offer enhanced versions of such policies.
“In the US, you generally have at will employment, so fewer employee protections,” she says. There are also limited or no mandatory nationwide requirements in the US on maternity leave, Castiglione says, with states making such determinations.
There is a generational challenge at hand, she says, to further build up a diverse talent pool for the cybersecurity field. “We need to make sure the perceptions of cybersecurity and visible role models make it clear this is a role for diverse people,” Castiglione says. “It’s a role for women; it’s a role for people from nontraditional backgrounds.”
Finding ways to make cybersecurity more welcoming as a career path could go a long way in encouraging a broader breadth of candidates to fill such jobs. Many organizations may want to further diversify their teams, but Castiglione says finding skilled hires is a challenge. “The talent pool right now is too small,” she says. “Women and minorities are not being attracted into some of these careers and industries, which are exceptionally lucrative. Technology, IT, InfoSec roles, some of the most lucrative areas of business you could go into, they’re typically very male-dominated.”