What's With the Gender Gap in Information Security?
Increasing female representation in this field is essential to decreasing online crime.
Across the United States, the information security workforce is experiencing a supply shortage. As of May 2020, there were more than 500,000 cybersecurity job openings in the past year, with the highest numbers in California, Virginia, and Texas.
At the same time, women are heavily underrepresented in the field. While the general US workforce is 48% female, the information security workforce is only 14%, according to a 2017 study by the Center for Cyber Safety and Education. The disparity is even more acute at the upper levels of leadership: only 1% of the women in the field are in senior management positions.
This gender gap is not unique to the US. When looking at female representation in the information security field elsewhere, the numbers are even smaller. Women account for 10% of the field’s workforce in the Asia-Pacific region, 9% in Africa, 8% in Latin America, 7% in Europe, and 5% in the Middle East, according to the 2017 Global Information Security Workforce study.
The trend persists for executive and management positions. Globally, men are four times more likely to hold cybersecurity C-suite and executive level positions, and nine times more likely to hold managerial positions than women.
A Deeper Look Into Information Security
Information security, or infosec for short, deals with the protection of information, more specifically data. Cybersecurity can be seen as a component of information security, as it deals with protecting data that is found in electronic form. Today, the two are practically synonymous due to the electronic nature of companies and organizations.
Some common job titles in this field include information security officer, IT security engineer, and information assurance analyst. Most positions in information security will require both soft and technical skills. Applicants will be expected to know how to analyze security tools, systems, and data. But they will also need strong communication skills and the ability to think creatively in order to anticipate cyberattacks.
Since the infosec workforce has such a large supply gap and a need for new talent, there is a lot of potential for women to join the field and increase their representation. In fact, many experts argue that women are essential to improving cybersecurity and decreasing the risk of online crime.
Reasons Behind the Gender Gap
The lack of women in the infosec workforce is connected to the low percentage of women who receive degrees in science, technology, engineering, and mathematics (STEM). In the US, women make up 36% of bachelor’s degrees in STEM, and 34% of master’s and PhD degrees in STEM, according to Catalyst.
For computer and information sciences specifically, the percentages are even lower. Women represent a third of the master’s degrees in these fields, and only 20% of the bachelor’s and PhD degrees.
Despite growing efforts to increase awareness, education, and recruitment for women and girls to enter STEM fields, the numbers show that the infosec industry is lagging behind. Some of the main factors discouraging women from joining this industry include the lack of awareness of cybersecurity as a profession, the perception that cybersecurity isn’t cool or exciting, and the lack of role models and recruitment opportunities.
The fact that society still views cybersecurity as a “man’s job” can also deter women from joining the field, and even result in gender bias within the industry that impacts recruitment and promotion decisions.
👉 Read Next: Historically unutilized talent-- how women are left out of the tech industry
Increasing Female Representation in Infosec
To change the perception that cybersecurity is a “man’s job,” governments, NGOs, and the private sector must come together to strengthen education programs and recruitment methods. Girls need to know from a young age that these jobs are available for them, and that the industry wants and needs them.
One such example is the partnership between cybersecurity firm Palo Alto Networks and the Girl Scouts in 2017 that introduced 18 cybersecurity badges for Girl Scouts. The two organizations hoped to foster knowledge and develop interest in the profession through a curriculum on the basics of computer networks, cyberattacks, and online safety.
Companies have also been trying to attract more women to their information security departments. One of the initial barriers for the industry is that its extremely low female representation makes it harder to recruit more women. To combat this, IBM created Women in Security Excelling, a program that highlights women as role models and offers opportunities for students in underrepresented communities, with the hopes of sparking an interest in more women and girls.
On the recruitment side, it would also be effective to create cybersecurity job ads targeted toward women, so that they feel welcome to apply. A recent study found that there were almost twice as many male-gendered terms as female-gendered terms in cybersecurity job ads. These gender-biased ads can drive away women applicants, whether intentionally or unintentionally.
👉 Read Next: Why is there a lack of female Asian leaders in tech?
Why Women are Essential to Decreasing Online Crime
The importance of bringing more women into the infosec workforce is not only about gender equality. Increasing female representation in the field provides the chance to seriously improve the quality of cybersecurity and reduce online crime.
“We need people with disparate backgrounds because the people we are pursuing, [threat actors, hackers, ‘bad guys’] also have a wide variety of backgrounds and experiences,” said Priscilla Moriuchi, director of strategic threat development at Recorded Future, in this Forbes article. “The wider variety of people and experience we have defending our networks, the better our chances of success.”
“You lose out on a lot of diverse perspectives,” said Jennifer Sunshine Steffens, CEO of IOActive, in a Fifth Domain article. “Especially in security, we’re trying to fight against ever-changing threat aspects. You want all perspectives … to make sure we can stay up to speed and [to be] as ahead of things as possible.”
Women bring value and insight to the infosec industry that currently lacks diversity. In order to create a safer cyberspace, closing the gender gap is essential. And to do so, governments, companies, and organizations need to work together to increase awareness, inspire interest, and actively show support for women entering and rising in the infosec profession.
The information provided herein is for general informational purposes only and is not intended to provide tax, legal, or investment advice and should not be construed as an offer to sell, a solicitation of an offer to buy, or a recommendation of any security by Candor, its employees and affiliates, or any third-party. Any expressions of opinion or assumptions are for illustrative purposes only and are subject to change without notice. Past performance is not a guarantee of future results and the opinions presented herein should not be viewed as an indicator of future performance. Investing in securities involves risk. Loss of principal is possible.
Third-party data has been obtained from sources we believe to be reliable; however, its accuracy, completeness, or reliability cannot be guaranteed. Candor does not receive compensation to promote or discuss any particular Company; however, Candor, its employees and affiliates, and/or its clients may hold positions in securities of the Companies discussed.