ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > Reducing the Gender Disparity in Cyber Security

Reducing the Gender Disparity in Cyber Security

Daksha Bhasker, CISM, CISSP
| Published: 10/24/2016 3:13 PM | Permalink | Email this Post | Comments (2)

Bletchley Park is great historical evidence that women do well as contributors to national security, intelligence and technology development. At its peak, Bletchley Park, the British government’s Code and Cipher School, employed about 7,000 women in its 10,000-person code-breaking operations of the German Enigma machine during World War II. The age and education of the women in this intelligence operation varied, ranging from high school graduates at 17 years old to linguists, mathematicians and talented crossword puzzle solvers. Diversity in gender and skills were integrated successfully in cryptanalysis and some of the world’s most critical security operations.

In 2015, Cisco estimated a short supply of more than 1 million security professionals worldwide. Somewhere between WWII, the development of computer systems and current times, we find ourselves with less than adequate participation of women in cyber security. A meager 10% of the security workforce are women, with one-fifth of those concentrated in governance, risk and compliance (GRC), and a much lower percentage in security engineering and technologies. Retention of the few women who do enter cyber security remains at a dismal 44%, meaning that more than half of the women who enter the field will leave mid-career. It is, indeed, time to revisit the cyberarena, change the rules of the cyber security playing field, reengage women in this discipline, and rebalance the diversity in security skills and intelligence. The following steps can help reduce the gender disparity in cyber security:

  • Demystify information security—Information security is a wide discipline ranging from physical security professionals, to software engineers working in dark, windowless offices, to legal experts ensuring compliance with telecommunications and privacy laws, to intelligence agents apprehending hoodie-clad hackers exploiting companies and people’s data and other media publicized images. An aspiring new entrant is simply overwrought by the presentation of the discipline and struggles to relate and identify as a security professional.
  • Create a clear career path—The security industry, in partnership with academia, needs to make an effort to simplify security career pathways. Creating a handful of concentrated main streams for information security (e.g., information security management, security engineering and operations, security research) and achieving mass consistency in the industry would bring clarity and demystify what security professionals do for the layman. This would enable new entrants, especially women, to select specific security domains and navigate toward a successful role in information security.
  • Going beyond science, technology, engineering and mathematics (STEM) issues—Many women in STEM speak of lonely experiences as the minority gender through their academic years, which extends into their careers in the field. The information security industry in its current skills crisis has a prime opportunity to dismantle the baggage of gender stereotyping that STEM fields carry and address its own talent scarcity issues. This can be achieved by ensuring that the recruitment strategy for security professionals is well balanced and specifically targets women. Once recruited, offer equal training and support and consciously tackle glass ceilings that women experience while enabling upward mobility in their security careers. Implement diversity training to address unconscious bias in the workplace. Just as with Bletchley Park, security still continues to span a vast array of domains, across all industry verticals; be open to skills from various disciplines beyond science and engineering alone. Consider linguists, psychologists, sociologists, criminologists, economists, political scientists and strong problem solvers among others to develop an array of defenses against nimble cyberattackers with a gamut of sociopolitical and economic motivation and devices.
  • He for she in cyber security—Men are not unilaterally accountable for systemic male dominance in the information security arena, and neither is it a women’s only problem that can be resolved in isolated women’s forums. This is not a battle of the genders situation. Men who have majority leadership roles in this industry today and have a head-start in this growing domain need to be encouraged to be professional allies with women. Women, in turn, need the support and participation of their male compatriots to thrive in the security community. This is very much akin to the “He for She” campaign initiated by UN women to solicit support from men toward gender equality. Contrary to the recent furor over Paypal’s all-male panel discussion on gender equality, this was, in fact, a stellar example of male allies owning the problem of gender equity and coming together to discuss it in a public forum.

These are early first steps toward reengaging and supporting women in information security that need to gain momentum in the cyber security industry. With equal opportunities, women can, indeed, become valuable players in the cyber security industry, fighting just “like a girl.” 

Author’s note:  Opinions expressed in this article are the author’s and not necessarily those of her employer.

Read Daksha Bhasker’s recent Journal article:
Balancing the Cybersecurity Battlefield,” ISACA Journal, volume 5, 2016.


Diversity and Mentoring

Good start to this issue.  Another category that should be addressed is for the old men in the crowd to embrace various diverse people groups with no kidding one on one mentoring to expand the "bench" of eligible candidates for mid and senior level positions.  These mentoring programs need to go beyond the traditional HR types of discussions to help people understand how to be good leaders of project and people, better communications skills, interpret body language and become the trail blazers.  Diversity creates a sense of hope in the business, government and/or community.
James816 at 10/25/2016 2:19 PM

Brilliant Suggestion @James816

This is a great solution where there is an immediate solution arising from within the venerable security experts in the security community. Thank you for this comment @James816
Daksha679 at 11/21/2016 10:06 PM