Women Make Gains in Cybersecurity, But Gaps Remain

While the cybersecurity industry has made strides in filling the diversity gap, it remains an issue in several aspects, including a lack of female representation.

The Women in CyberSecurity (WiCyS) conference, which brings together women and allies from cybersecurity industries, academia, government, nonprofits and research, is part of an effort to change that.

The conference is set to return in person for its eighth annual conference, held Sept. 8-10 in Denver, Colorado, backed by high-profile sponsors ranging from Adobe and Cisco to Google and the National Security Agency.

The agenda includes lightning talks, keynote speakers (among them Debora Plunkett, board chair of Defending Digital Campaigns and Aimee Cardwell, CISO at Optum) panel discussions, workshops, birds-of-a-feather sessions, student research poster sessions and a capture-the-flag (CTF) competition designed to teach newcomers about security vulnerabilities through challenges.

“When we started our mission to recruit, retain and advance women in cybersecurity in 2014, women made up 11% of the cybersecurity workforce, and we were in a global cybersecurity crisis of over 1 million jobs being unfilled,” explained Dr. Janell Straach, WiCyS conference chair. “Now, in 2021, women make up roughly 20-24% of the cybersecurity workforce and we now have 3.5 million unfilled cybersecurity jobs, globally. So, we’ve made progress, but the need has grown and the gap in equality is obvious so there’s lots more work to be done.”

Recruit, Retain and Promote Women

Straach said the WiCyS conference is an opportunity to bring those committed to recruit, retain and promote women together to network and learn.

The event also provides opportunities for attendees to be matched with hiring companies, to learn from each other and grow their technical skills, with the overall goal of strengthening the community.

“The strength of the WiCyS organization is its community and that community coming together strengthens the bonds and spurs innovative thoughts and ideas,” she said. “WiCyS gives those entering the field the chance to meet others and see those in the field and to be inspired to create a career plan in cyber.”

Straach explained that it’s important for outreach programs to be inclusive for all, noting there is no “one-size-fits-all” approach to providing support and nurturing talent.

Michelle McLean, vice president at Salt Security, a provider of API security, pointed out the importance of role models in cybersecurity.

“It’s hard to envision something you’ve never seen, so seeing female CISOs on panels and leading keynotes is valuable. It’s more important, however, for women not yet in security to see those role models,” she said. “The crossover effect is crucial. We as an industry need to figure out ways to reach women in other venues such as schools and job fairs.”

Smashing Cybersecurity Stereotypes

She said much of the way popular culture depicts cybersecurity focuses on hackers in hoodies, often characterized as males, and that broadening the understanding of all that cybersecurity includes could go a long way to building interest.

“Showing how security serves as the foundation for innovation and how it depends on influence and persuasion to be done well could show the net gains, which might be more of a motivator,” she said. “Consciously creating mentoring programs that target women in IT and educating them on security would be another tactic to broaden participation.”

Straach added that the key to encouraging more women in cybersecurity requires working together to understand the challenges and then working together to eliminate the roadblocks.

“We need to understand the need and match the program to the group,” she said. “There are groups at the start of their career journey, there are groups re-entering the workforce and there are groups needing to upskill for promotion.”

Isabelle Dumont, vice president of market engagement at Cowbell Cyber, said as new graduates join the workforce and cybersecurity transforms itself to use innovative technologies like artificial intelligence, she is slowly seeing more cybersecurity positions getting filled by women.

“At the leadership level, however, the transition remains slow,” she said. “I would invite women and newcomers to explore some of the new segments that are exploding as the market matures and evolves to address security more holistically.”

Dumont pointed to emerging sectors like cyberinsurance, which offers a wide range of opportunities in underwriting, actuarial or brokerage, for example.

“Cybersecurity awareness training is another segment that is taking center stage with the need to raise awareness of how to apply security best practices on the internet,” she said.

Straach also pointed out there are still a variety of roadblocks, including a perception problem that cybersecurity is all about programming and sitting at a computer all day.

“It is so much more,” Straach said. “There is also a lack of role models. We need to feature role models more prominently. Too many women don’t see it as a potential field for them. We need to encourage them to try it and they might just like it.”

Nathan Eddy

Nathan Eddy is a Berlin-based filmmaker and freelance journalist specializing in enterprise IT and security issues, health care IT and architecture.

nathan-eddy has 300 posts and counting.See all posts by nathan-eddy