Cybersecurity Insights

Kirsty Trainer

International Women's Day - Why Are There Less Female Cybersecurity Professionals?

08/03/18 10:08

As you may be aware, today is international women’s day. Gender equality and inclusiveness have played a prominent role in society over recent years, with a strong call to motivate people to think, act and be gender inclusive. However, women in the cybersecurity industry are still underrepresented, with a large gap between male and female professionals.  

In Kaspersky’s article, they claim that only 11% of cybersecurity professionals are women, and undertook a report to look at the root cause of the issue.

“We found that young women have the skills to enter the industry, and they tend to have positive opinions about cybersecurity’s role in society. They are not, however, pursuing cybersecurity careers, and our research implicates two broad causes: educational guidance and a lack of role models.”

They go on to say that in school, boys are more likely to choose mathematics and IT as their preferred subjects (both of which are common foundations for a career in cybersecurity). The studies into why girls aren’t choosing STEM field subjects are broad and conflicting; but the fact remains that there’s a shortage of cybersecurity professionals, of which could be bolstered by having more women in the industry.

When it comes to the affect of role models, they found that 69% of young people haven’t met anyone from the cybersecurity industry, with only 11% having met a woman that works in the industry. After meeting a fellow female that works in cybersecurity, 63% of women are reported to think more positively about the sector.

If we take this at face value, it would appear that putting more women into the cybersecurity spotlight could contribute to an increase in engagement. However, when you look at speaking events, women are sorely underrepresented.

The RSA conference (one of the biggest gatherings in the industry) has recently come under fire for only featuring one woman, Monica Lewinsky, among 22 keynote speakers. There has been criticism that RSA’s only female speaker is not a cybersecurity expert. She has previously spoken at conferences about internet trolling, but supposedly has no experience in cybersecurity.

Facebook’s CSO, Alex Stamos, tweeted a list of 16 women that could’ve made good keynote speakers at the RSA conference.

In response, a rival conference OURSA (Our Security Advocates) is being set up with the aim of featuring more female speakers. All tickets for the rival event are reported to have sold out.

The UK government has been pushing a female centred cybersecurity scheme (Cyberfirst Girls) into schools to increase the level of engagement and attempt to inspire young women to take up a career in the industry.

There are also non-profit organisations such as Women’s Security Society, set up with the aim to “encourage the advancement of women involved in all aspects of the security industry through the exchange of information and cultivation of productive relationships”. According to their website their objectives are:

  • To share knowledge, provide support and encourage the empowerment and success of women in the security industry
  • To reach out to women in the security industry through networking events and a web based forum
  • To support women specifically working or studying in a security related or management security discipline
  • To be open to everyone across all security disciplines regardless of the experience, position or industry

Whilst these efforts won’t completely solve the problem facing the gap in cybersecurity professionals, it’s good to see that people are aware of the issue; and are beginning to take steps to solve it.

TRENDING POSTS

David Kirkpatrick
Penetration Testing: The Quest For Fully UnDetectable Malware

Malware continues to be one of the main attack vectors used by criminals to compromise user and ...

Read More
Kirsty Trainer
"Key" to Secure Data - P2PE - Derived Unique Key Per Transaction (DUKPT)

Written by Andrew McKenna, PCI QSA, PCIP at Foregenix The encryption key infrastructure usually ...

Read More