Women in Cybersecurity: Why are there so few female CISOs and how do we change this?
At the Cyber Leadership Institute, we are obsessed with helping aspiring CISOs realize and fulfil their dreams. We recognize, however, the gender imbalance within our industry. 50% of the world’s computer users are women, yet multiple studies over the last few years have shown that globally, only 11% of the cybersecurity workforce are women. At the top, the number is even smaller. A 2020 study by McKinsey found women, especially women of colour, are still highly underrepresented in the C-suite.[i] If we fail as an industry to include women in cybersecurity, we are not only perpetuating the imbalance of gender diversity, but we will fail to fill the ever-increasing cybersecurity skills gap. Cyber attacks are only increasing with intensity and frequency.
Why does this imbalance exist?
The idea that women are not interested in science, technology, engineering, and maths (STEM) is unsupported scientifically and thus, does not explain why women are missing in these roles.[ii]
Yet, even today, the idea that STEM jobs are masculine prevails.
Recent studies revealed possible hurdles preventing women from entering the field include gender bias in job ads, lack of acknowledgment to current prominent females in the field, sexist attitudes within the industry, and gendered wage discrimination.[iii] For women that do enter the field and rise to executive positions, they face the likelihood of discrimination. The 2017 Global Information Security Workforce Study found that over 50% of women in cybersecurity experienced discrimination, with that number increasing to 67% for women in the C-suite.[iv]
Further compounding the gender inequality is the reliance on technically trained IT, telecommunications, and engineering graduates to fulfil cybersecurity roles. The rise to the CISO role, however, isn’t always linear, neither should it be. MacAfee suggests filling cybersecurity roles from those in business, finance, arts, and science, can offer benefits like varied thinking, new ideas and alternate views.[v]
The role of the CISO, while technical, is also highly creative, and includes the necessity of exceptional soft skills. The CISO must have the ability to turn technical jargon into plain English and combine management with strategy, education and advisory roles.
By diversifying the field, including non-technically trained professionals, and encouraging women into cybersecurity, the industry will become stronger. A broad scope of views, experiences, and education will offer a wide variety of perspectives and solutions to overcoming cybersecurity challenges. The inclusion of women in cybersecurity could also help tackle a greater diversity of threats, such as technology-facilitated gender-based violence.[vi] Furthermore, the inclusion of women will help fill the current talent gap.
What can we do to encourage women to enter cybersecurity?
The more specialized a field gets, the narrower female representation is. In an interview while Chief Development Officer at Lookout Inc., Vijaya Kaza said that while there is a larger cultural issue at play, the problem with cybersecurity also lies with not enough efforts to get women in the door in the first place.[vii]
While there is no one-size-fits-all solution available to tackle the gender imbalance in cybersecurity, a range of steps are identifiable. For one, a need for a combination of outreach and educational programs at all stages of academic and professional development exists. Our learning environment and social belief systems affect girls and women’s interests and achievements in STEM subjects. It is essential to encourage and facilitate girls and women to pursue STEM subjects in the first place and at a young age. In recent years, Girl Scouts have introduced badges to encourage girls to pursue STEM careers awarding badges specifically for computer and internet literacy and cybersecurity.[viii] More initiatives like this are needed.
Women also need to be seen as role models in cybersecurity. Lisa Harvey-Smith, professor and Australian women in STEM ambassador, understands nominating and supporting women in applications for high profile opportunities, awards, and prizes is one way to encourage women to enter STEM roles.[ix] Similarly, the cybersecurity industry needs to elevate and promote women already in the field through public recognition.
Employers need to advertise jobs with gender-inclusive wording and seek to recruit employees beyond traditional tech roles. Job ads need to include gender-neutral language. The idea of a male hacker in a hoodie is still a prevalent stereotype in cybersecurity. The inclusion of titles such as hacker is masculine and could deter women from considering the job. Neutral language, careful consideration of pronouns and avoiding superlatives can improve women's engagement, and subsequent application, with job advertisements.
Furthermore, a focus on training and development will encourage and facilitate women in cybersecurity. Deloitte found that mentorship/sponsorship, non-technical skill development, and leadership training help women feel valued in the workforce in a recent study.[x]
At the Cyber Leadership Institute, we have a strong focus on strengthening cybersecurity skills to create forward-thinking cybersecurity professionals with a focus on bridging the gender gap and encouraging, facilitating and recognizing women in cybersecurity.
The Cyber Leadership Institute has partnered with some amazing organizations that seek to promote the advancement of women in cybersecurity. As such, we have issued scholarships worth approximately $45,000. Some of the excellent organizations we have partnered with include Australian Women in Security Network, Cyber in Africa, Women of Security (WoSEC) Singapore, and Cybersecurity Women of the Year.
Most recently, we have partnered with ISACA Sydney & Melbourne, AWSN - Australian Women in Security Network and ISACA SheLeadsTech to award scholarships to 3 Australian women cyber leaders (valued approximately AUD $ 9 000).
Each scholarship recipient, to be announced at the ISACA IWD Special event, will gain access to our April Cyber Leadership Program (CLP). The CLP is an intensive, 8-weeks online program geared to impart leadership & influencing skills to existing and emerging CISOs. Each scholarship recipient will also automatically gain access to the Executive Cyber Resilience Program, an intense, self-paced course for executives and board members, and access to a closed CISO community comprising leaders from more than 24 countries.
The Cyber Leadership Institute will continue to challenge industry standards while encouraging others to do the same. Through the training and development we offer as part of our CLP, continuing support within our CISO community and elevating women as role models in cybersecurity, we are beginning to rectify the gender imbalance in cybersecurity. The inclusion of women in the cybersecurity workforce and increasing female CISOs will correct the gender imbalance, strengthen our industry, and fill the talent gap.