A 2022 report by Cybersecurity Ventures reflects that women represent 25% of the global cybersecurity workforce.1
While this number has improved over the last six years, more work lies ahead for an equitable presence of women in cybersecurity.
Why does the lack of women’s representation in this field matter?
A study by Rock and Grant (2016) reported that workplace diversity provides greater analysis and accuracy and improved performance results.2
For example, diverse teams in the financial industry were 58% more likely to have better appropriate price stocks. McKinsey’s 2015 report found a 15% increase in the likeness of financial returns above the mean amongst 366 companies in the top quartile for gender diversity. Team performance also increased to 35% for organizations in the top quartile for ethnic and racial diversity.3
An estimated $8 trillion is expected to be lost to cyber crimes by the end of 2023.4 Hence, the increased diversity within cybersecurity service providers is crucial to improving team performance, enterprise cyber defenses, critical infrastructure cybersecurity, and national security.
Understanding the need for more inclusive teams provides a stronger, more resilient, and adaptive cybersecurity workforce to combat the ever-changing cyber threat landscape.
“When criminal adversaries are from different cultural and economic backgrounds, you also need a diverse team to counter them.”
Enterprise Cybersecurity Initiatives for Women
The gap for women resides in more than cybersecurity. The shortage of Women is reflected in science, technology, engineering, and mathematics (STEM) positions in general.
Since 2009, White House initiatives noted an increase of women in STEM5, which is necessary to “out-innovate, out-educate, and out-build the rest of the world.” Yet the representation of women in STEM and cybersecurity has increased slowly over the last decade.
Currently, Women make up just 34% of the workforce in STEM6. The same report reflects that women of color represent 24% of the women in STEM — rendering an even more significant diversity gap.
This type of disproportion limits a team’s capabilities due to the lack of distinct and unique contributions and perspectives of a diverse group. To successfully defend our nation and better contribute to enterprise cybersecurity programs worldwide, organizations leverage diversity as a cornerstone of their strategy.
Moving the Needle in Enterprise Cybersecurity
While several organizations have moved to increase the representation of women within, the number of women in the industry still remains low. The question then becomes: How do we increase representation for women in cybersecurity?
This becomes difficult to answer. How can organizations increase the representation of women in cybersecurity when only 20% of women are seeking degrees in cybersecurity?7 It’s tough to boost workforce representation when the demand greatly exceeds the supply. And with the low representation of women seeking degrees in cybersecurity, the problem appears to remain ongoing.
Engagement of women in cybersecurity must exist before college, high school, and even middle school. Providing resources at a younger age thereby normalizes cybersecurity terms and the environment for young girls, which validates that women have a place and future in cybersecurity.
The goal is to increase the pipeline of women seeking degrees in the industry long before college. Programs like Latinitas8, Girls Inc.9, IDRA10, and the National Science Foundation11 aim to do just that.
Launching a Career with a Cybersecurity Service Provider
From the opposite perspective, another question many women ask is how they obtain a career in the cybersecurity field. While there are initiatives towards increasing women’s presence in STEM and cybersecurity, there is still a gap in knowledge of how to obtain those resources. But fear not; there is hope!
In March 2023, the White House developed the National Cybersecurity Strategy12 to strengthen and improve the American cyber workforce with the objective to “tackle lack of diversity in the cyber workforce” through programs that promote diversity and inclusion.
Through creating pathways, training, education, and partnerships between Federal leadership and public and private sectors, addressing “systemic inequities and overcoming barriers that inhibit diversity in the cyber workforce” is sought to be resolved. This strategy aims to reduce the low representation of women pursuing careers in cybersecurity fields by providing resources and engagement in the industry.
To answer the question women in the industry have on how to obtain a career in cybersecurity, here are some tips to find a place in cybersecurity AND feel like a significant part of a team:
- Research Organizations
Research IT and cybersecurity organizations that promote diversity and are recognized as Best for Employers for Women13. When applying for roles, refer to colleagues who can provide insight on the landscape for women in the organizations they have or currently work for.
BreakPoint Labs’ corporate leadership team, for example, is comprised of 50% women. Additionally, the women on the team note the space provided feels safe to “fail forward” and are encouraged to “speak their mind,” — further promoting not just an environment of a diverse team but the ability to operate as one.
Best Practices From the Organizational Side
BreakPoint Labs supports all team members’ growth and advancement of their skills through educational reimbursement. As a cybersecurity service provider seeking to foster workforce diversity:
- Actively engage in organizations that support and represent women in cybersecurity for recruiting efforts.
- Encourage women in your organization to speak freely and provide the time and space for them to find resources, training, education, and certifications to further their craft.
- Encourage networking through both internal and external activities.
These exercises allow for the exchange of solutions to industry performance and issues between your employees and other industry professionals — sharpening your team’s skills and abilities.
Additionally, you should provide the space by actively engaging the women in your organizations, respectfully garnering responses, input, and contributions, and not passively waiting for participation.
Finally, celebrate women’s contributions and commitment to the organization at every opportunity. Recognizing an individual being only one or two, or maybe a handful of people that look like them, can weigh heavily on their mind in the background.
- Find Your Tribe
While many national and local organizations seek to increase the number of women in cybersecurity14, only a few are known to provide resources and support for women specifically, such as Women’s Society of Cyberjutsu (WSC), Women in Defense (WID), Women in Cybersecurity (WiCys), and Women in Technology (WIT).
Even so, there are organizations like Armed Forces Communication & Electronics Association International (AFCEA), Information Systems Security Association International (ISSA), and International Information System Security Certification Consortium (ISC2) that are open to both men and women and provide resources for women via subcommittees, training, resources, industry certifications, and mentorship. But what happens when there is not a local chapter? Many national organizations provide the structure to start a local chapter if one does not exist.
These organizations are in tune with what the industry requires for education and experience to aid in shaping qualifications to obtain and maintain a career in cybersecurity. Engagement with these organizations also expands cybersecurity peer networks when on the job hunt. Additionally, this type of engagement provides relationships that provide guidance and techniques from industry professionals to avoid burnout.
- Build your network
In addition to researching associations and organizations, connect on LinkedIn with online groups and individuals with like-minded careers and goals in cybersecurity. Stay abreast of current cybersecurity trends and follow Government and industry organizations and individuals that provide constant updates.
Attend conferences and events across the U.S. specific to cybersecurity to grow your network in the industry to expand the reach of resources further.
Join and attend meetings of local chapters, chamber of commerce councils, associations, and organizations with individuals working in cybersecurity to grow your network and presence in the community further.
Be empowered to contribute freely and ask for help and guidance, knowing when needed. Only you have unique skills to contribute to the ever-evolving emerging threats.