Careers & People

4/17/2018
04:20 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Majority of Men Think Women Have Equal Opportunity to Advance in Cybersecurity Career

Not so fast, say women.

Add another data point to the growing body of evidence on the deep gender divide in the high-tech industry.

A new survey by ISACA shows that far more men than women think women have equal career advancement opportunities in cybersecurity.

ISACA surveyed more than 2,300 cybersecurity professionals holding certifications such as Certified Information Security Manager (CISM) and Cybersecurity Nexus Practitioner (CSXP) on a variety of issues related to their jobs and careers.

The survey found 82% of male respondents saying women have the same opportunities as men for career advancement. In contrast, just 51% of female respondents said the same thing.

The startling disparity in perspective between the genders was somewhat smaller in the 51% of organizations in the ISACA survey that had a formal diversity program in place. In these organizations men and women appeared somewhat more aligned in their thinking on the matter compared with organizations without a diversity program. Eighty-seven percent of male respondents and 77% of females believed that men and women had equal career advancement opportunities in cybersecurity.

The sharply differing views on career advancement between men and women reflected in the ISACA study mirror those in other studies that have found similar disparities in other areas as well. Numerous studies, for instance, have shown that male employees in Silicon Valley are routinely paid substantially more for the same work than women in identical roles and with the same experience and qualifications. Men in high tech are also far likelier to advance more quickly in their careers than their female counterparts.

"In practice, cybersecurity jobs should be competency-based," says Susan Snedaker, director of infrastructure and operations at Tucson Medical Center. But in reality, there is a gender gap in all technology fields. "The reasons are many, but part of the problem is that women drop out of tech jobs at a higher rate than men," she says. Driving that statistic is a male-dominated culture at some tech companies and in some cybersecurity training programs. "It’s really difficult working in a job where you are constantly challenged, not because you aren't smart, but because you aren't 'us'," she says.

Given the skills crisis in the industry, it would seem obvious that cybersecurity is a great career for women, "but the hurdles can be daunting," Snedaker says. "Cybersecurity leaders need to do a better job ensuring they build inclusive teams and merit-based rewards."

Rob Clyde, vice-chair of ISACA, points to a PricewaterhouseCoopers report showing men are four times as likely to hold senior cybersecurity positions than females. "Women are underrepresented at every level in cybersecurity, and recruitment and retention programs need to focus on how to change that," Clyde notes.

An effective diversity program that offers employees career development opportunities, mentoring, access, and support are critical, he says. Also vital is inclusive leadership. "IT leaders need to be educated so they can run effective teams, which includes hiring, training, and retaining diverse talent," Clyde says.

"Training programs need to meet the needs of the organization and be gender-neutral," Clyde adds. Training needs to be conducted in a manner where it is equally effective for both men and women, he says.

Another key finding in the ISACA report is just how persistent the skills gap continues to be for organizations across the board.

"Cybersecurity skills shortages have been major headlines for years now, but finding qualified candidates with solid technical skills is still a significant challenge," Clyde says.

The ISACA survey found 25% of the respondents believe it takes six months or more to fill an open cybersecurity position, Clyde says. "Fortunately, since enterprise cybersecurity budgets are increasing at a faster rate than ever, there are more dollars available for training to develop hands-on technical skills," Clyde says.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for two cybersecurity summits at Interop ITX. Learn from the industry's most knowledgeable IT security experts. Check out the Interop ITX 2018 agenda here.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Mozilla, Internet Society and Others Pressure Retailers to Demand Secure IoT Products
Curtis Franklin Jr., Senior Editor at Dark Reading,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7164
PUBLISHED: 2019-02-20
SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the order_by parameter.
CVE-2018-20025
PUBLISHED: 2019-02-19
Use of Insufficiently Random Values exists in CODESYS V3 products versions prior V3.5.14.0.
CVE-2018-20026
PUBLISHED: 2019-02-19
Improper Communication Address Filtering exists in CODESYS V3 products versions prior V3.5.14.0.
CVE-2018-9867
PUBLISHED: 2019-02-19
In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier.
CVE-2019-5780
PUBLISHED: 2019-02-19
Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events.