Less Talk, More Action: 3 Steps to Diversify the Cybersecurity Workforce

Organizations have a lot to gain from team diversity, so now is the time to start employing more women.

5 Min Read
collage of diverse people
Rawpixel via Adobe Stock

Despite all the conversations about diversity initiatives and efforts in the past few years to get more women in STEM careers, it often seems the needle is moving slowly. Too often, these conversations are just that -- talking points that sound good but aren’t connected to action-oriented strategies.

Women experience significant underrepresentation in corporate America and the gap expands when it comes to senior leadership: Only 25% of C-suite leaders are women. The numbers get worse when you look at women of color -- according to a study conducted by McKinsey Research and LeanIn.org, just 4% of the C-suite is occupied by women of color.

In parallel, we have significant skills shortages across many fields, with cybersecurity being especially noticeable. The cybersecurity skills gap remains dangerously high while ransomware and cyberattacks are positively flourishing. What’s needed to address both the dearth of women in STEM and the increasing cyber risk is real action.

The Gender Gap’s Impact on Cybersecurity

When we look specifically at cybersecurity, women comprise an estimated 24% of the cybersecurity workforce -- and concurrently, there is a global shortage of 3.4 million workers in cybersecurity.

This is the case even as the need for cybersecurity continues to grow and ransomware and other attacks climb. The 2022 Verizon Data Breach Investigations Report revealed that ransomware attacks saw a dramatic rise in 2022; ransomware was involved in 25% of all breaches. And that’s just ransomware, of course – just one attack vector in an expanding sea of cyber-attacks.

It’s not enough to just say it would be good to have more women in cybersecurity -- organizations need to do something about it. Organizations need to show their openness and ability to have more women in the industry. And specifically, men in leadership roles need to become allies, using their seat at the table to advance the cause of women; it can’t be incumbent upon women only.

What we’ve seen in study after study, survey after survey, is that diversity, equity, and inclusion (DEI) efforts aren’t just a nice-to-have. They matter and they’ve become more significant over the past two years. The McKinsey survey found that women leaders are more than 1.5 times as likely as men at the same level to have left a former job with the goal of working for an organization that was more dedicated to DEI.

Steps to Take

One of the best ways to get girls and women more interested in cybersecurity is to make the discipline more appealing to them from a young age. It's therefore crucial to inform young women and girls about the benefits of a career in cybersecurity. And representation matters -- the more girls can see women in these roles, the more likely they are to consider a similar career in the future.

Cybersecurity offers some very appealing elements. One is the opportunity to contribute to society. We live in a digital world in which protecting data and individual privacy has become a key issue. Another benefit appeals to personal interest; cybersecurity is constantly evolving, which makes this field very intellectually satisfying. A third benefit is the sheer opportunity. There are many open jobs to fill, which makes this sector financially attractive and appealing as a lifetime career trajectory. As long as there are bad actors, there will be a need for cybersecurity; human nature provides the ultimate job security.

Companies that are serious about moving beyond mere slogans have multiple opportunities to show their solidarity for advancing women in cybersecurity. Here are three avenues to pursue:

1. More training and access for women

Companies can develop education-based outreach programs that create ways to work with organizations specializing in diversity and encouraging careers for women. The private sector can play a key role in helping develop the cybersecurity professionals of tomorrow by working with the non-profit sector to reach new people and audiences.

2. Providing opportunities for career development

There are conferences, workshops, meetups, and other events that cater to women in tech and those who would like to explore this possibility. These experiences offer women a chance to network, learn new skills and elevate their professional brand. Not only should business leaders encourage and support existing employees to attend these, but they can also look to sponsorships and hosting their own such events. Such opportunities can also help to build a more diverse cybersecurity workforce through training, networking, and mentorship. Providing these opportunities allow women to gain self-confidence within themselves to grow and show others what they are capable of. This empowers women to assist others to join the industry and grow the percentage of women in cybersecurity.

3. Providing cyber skills to students to help create a diverse, inclusive workforce

Young girls and women aren’t usually presented with the opportunity to learn about cybersecurity while in high school or in a university. This is another opportunity for the private sector to work with nonprofits and universities, colleges, and high schools to help expand the cybersecurity workforce. The resulting programs should also encourage a more diverse set of candidates in other fields of study, such as business, communications, marketing and more, and help connect them to employers.

Greater Diversity, Greater Success

Organizations have a lot to gain from increased team diversity, so now is the time to start employing more women. From an employment perspective, it’s key to develop teams that offer a mix of leadership, critical thinking, and interpersonal communications skills. And diverse teams perform better because they are better at problem-solving since they bring a variety of perspectives and ideas to the table. In fact, a company may even enhance its financial performance, maximize advertising, brand exposure, marketing, and public relations opportunities, and energize client-base, employee morale and improve community reputation by recruiting a diverse team. There’s no reason any company today can’t be taking some or all these steps and consider the three action steps above as starting points for their own journey toward greater inclusion of women and diversifying the cybersecurity industry.

About the Authors

Vanessa Morales

Executive Director and Co-Founder, Latinas in Cyber

Vanessa Morales is a security architecture analyst based on the East coast and the executive director of the non-profit organization, Latinas In Cyber (LAIC). She is passionate about the success of beginners and diversifying the cybersecurity industry, and works alongside the LAIC executive team to create a community and opportunities to help assist those breaking into the field.

Rob Rashotte

VP, Global Training and Field Enablement, Fortinet

Rob Rashotte is the vice president, global training & technical field enablement at Fortinet. He has 20 years of experience developing training and education strategies for startups as well as complex global organizations. He also has 15 years of experience working with some of the most innovative, fast-paced companies in the high-tech industry. Rob has an MBA from the University of Ottawa.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights