Careers & People

1/12/2018
03:15 PM
50%
50%

How to Attract More Women Into Cybersecurity Now

A recent survey finds a number of attributes women seek in their careers can be found in a cybersecurity profession - the dots just need to be connected.

With the cybersecurity industry facing a shortfall of 1.8 million professionals by 2022, increased efforts are underway to find and train more infosec pros – especially women who, according to a Global Information Security Workforce Study, comprise only 11% of the cybersecurity workforce.

And although a number of challenges exist in attracting women and young girls to a cybersecurity career, a number of similarities exist between the attributes these women and young girls seek in a career and what the cybersecurity profession can offer, according to a recent survey by Kaspersky Lab and interviews with female cybersecurity pros.

In its global survey of approximately 2,000 females ages 16-to 21 years old, Kaspersky's report, "Beyond 11% - A Study Into Why Women Are Not Entering Cybersecurity," found:

  • 72% want a career they can be passionate about
  • 83% do not believe a cybersecurity career would be dull
  • 23% want a career that can make a difference to society
  • 44% believe cybersecurity is helpful to society
  • 52% want a career that will enable them to earn a good salary

Median annual salary is $100,000 for cybersecurity staff members, according to a Dark Reading 2016 Security Salary Survey.

Career Passion

"Being passionate is important for any job," says Ambareen Siraj, founder of the national Women in Cybersecurity (WiCyS) organization and an associate computer science professor at Tennessee Tech University. "Cybersecurity is a very dynamic field and you are always learning. If you want to be in a field that is always refreshed and you have a big thirst for learning, then you should consider cybersecurity."

As for the 17% of survey respondents who believe a cybersecurity career would be boring, it comes down to a lack of understanding of the various roles in cybersecurity that can range from technical to training to developing policies, says Mari Galloway, director of finance and communications for the Women's Society of Cyberjutsu.

Benefit to Society

A career in cybersecurity can make a difference in society, Galloway says. 

"Take healthcare. So much technology is used to keep people alive. All it takes is one bad hacker to exploit a vulnerability in a hospital system and bring the whole operation down, potentially killing patients," Galloway explains. "It's the cyber professionals' job to ensure things like this don't happen."

Noushin Shabab, senior security researcher with Kaspersky's Global Research & Analysis Team, says she was surprised by the low percentage of women and young girls who noted they wanted to make a difference in society with their career and believed that cybersecurity helped society.

"Despite the [23%] statistic, I feel deep down, a woman wants to make their mark in society," Shabab says. "Hopefully with the hard work and efforts that women around the world are taking in today's world, more women will feel empowered to make a difference in their respective societies. If women believe they can make an impact (big or small) this is already a big start to change how they feel about their careers."

Salary and Job Security

Salaries are a big factor in women's career choices but not the only deciding factor, Siraj says. Cybersecurity not only provides a good salary but, in many cases, infosec professionals are able to work from home and can relocate to a new job with relative ease, since there is virtually no unemployment in the industry, she adds.

Challenging Stereotypes

Despite these similar attributes that can be found in cybersecurity careers, it remains a challenge to attract women and young girls to the field, these cybersecurity professionals say.

"All that women hear about in the media is about the bad guys in cybersecurity. They don't hear about the researchers who made a difference and helped society," Siraj says. "In the movies and TV shows, cybersecurity professionals are portrayed as guys sitting in a dark room alone, surrounded by computers, and as highly intelligent nerds. That is not how most women want to view themselves."

Shabab noted WannaCry, ExPetr and other large-scale cyberattacks may attract more women to the IT security field, rather than chase them away. These attacks proved cybersecurity is essential for every individual, home user, and enterprise – perhaps fueling a desire to pursue a cybersecurity career and protect what matters most to them, she adds.

A range of efforts are underway to dispel of cybersecurity career stereotypes and educate young girls and women about the profession, these women note. Cyberjutsu Girls Academy, Girl Scouts, Black Girls Code, WiCyS, and others are providing information and role models, they add.

"What will bring more women in are seeing women at various levels making decisions, [girls] getting hands-on experience in STEM, cyber at a young age, providing equal opportunities for women to grow, and laying out a roadmap of potential career paths for young women to visualize where they can go," Galloway says.

Related Content:

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Bhumi joshi
100%
0%
Bhumi joshi,
User Rank: Apprentice
1/13/2018 | 8:20:23 AM
Women into cybersecurity
Hello, my self Bhumi Joshi, and I am from India. I want to go in cybersecurity field, I am passionate about it, I had also done the course of CEH still I did not get any job.everybody (every company) needs an experience, they don't think, once they will give a job then and then my experience will build. So, I thought after reading this article, (really this thing can happen???) Give me some suggestions!!
ltcollins
33%
67%
ltcollins,
User Rank: Apprentice
1/13/2018 | 3:46:30 PM
Re: MORE FEMINIST SEXISM!: How to Attract More Women Into Cybersecurity Now
I find this post extremely sexist making it seem like it is wrong that there are not enough women in Cybersecurity like it is a sickness that "nerdy men" are in the field and that is a turn-off for women to get in the field unless there are men that look like "Ken dolls."  No one writes articles about female dominated fields such as nursing and education, asking this same question on how we can attract more men to these female dominated fields.  Yet many universities will give free tuition for women to go into STEM and still have a difficulty getting women or keeping women to finish the programs.  As far as I know these same universities will not offer free scholarships or tuition for men in female dominated industries when universities now are females dominated on average 68% female/male ratio except for the STEM fields because the classes are more difficult and challenging.  The 100 and 200 level undergraduate classes have more women than men usually.  Many women will start off working towards a science degree because they hear about the more money they can earn and take the free scholarship money, then later switch to an arts degree.  As an instructor, I get asked to water down requirements and make it easier for women; but you have to ask in a cybersecurity scenario will the attackers make it easier because women are protecting that guarded system?

We are all supposed to be equal right.  Why do we have to go out of our way having to change things to make it more attractive to women to want to be in Cybersecurity?  In the nursing field, regulations are created in the name of patient safety and comfort that are purposely created to diminish the role of male nurses such as requiring a female nurse present in the room or a female supervisor on duty if the patient is female.  This tells employers that male nurses are a liability and will cost them more since a male nurse is more restricted than a female nurse in performing duties.  If I as the patient request a male nurse, they will say they do not have one so deal with it.  If this was told to a female, lawsuits and the media will be all over it asking why no female nurses are available. 

I am tired of how people think there is something wrong with Cybersecurity if there is a lack of females.  It makes me think that women are more equal than men and get special treatment because they are women.  Whereas men have to prove they possess the skills in order to get hired and do a job.  I have had many female students demand an "A" when they have incomplete assignments and average test scores.  Women should be treated the same as men are treated nothing more.  It is not a sickness because men have an interest and many women could care less about Cybersecurity but women really care about makeup and celebrity gossip. 

The author is just promoting a female supremacist agenda that men are bad and women are always good.  Cybersecurity is still a developing field.  It is difficult getting many "C" level executives to spend money in Cybersecurity or hire Cybersecurity teams to adequate staffing levels even though this is needed, they will accept the risk and leave Cybersecurity positions unfilled.  To waste resources on chasing non-interested women into Cybersecurity or entice them by starting their base pay higher than male recruits is completely ludacris!
SchemaCzar
0%
100%
SchemaCzar,
User Rank: Strategist
1/13/2018 | 5:51:45 PM
Forget women - where are African Americans of either sex?
Teaching Computer Science I have lots of female students, but almost no African Americans.  I have some Haitians and folks from Africa, but I can't remember the last time I had a black American in one of my classes.  Up to my recent departure from the software industry, it was much the case there, too.  Maybe it's a Boston thing, but this is a much bigger "problem" in my eyes than underrepresentation of women.
REISEN1955
0%
100%
REISEN1955,
User Rank: Ninja
1/18/2018 | 12:07:38 PM
Women think BETTER than men
I'll toss a little bomb of a comment here - in my experience, women think and analyze cyber-security issues FAR better than men ever do.  There are a ton of reasons for this, to much for one page really but calll male ego the curse of all men.  Women can conceptualize better, solve puzzles better (which is what cyber security really is at the base) and come to different, more correct, conclusions!!!   In many ways, men are generally IDIOTS!!
SchemaCzar
50%
50%
SchemaCzar,
User Rank: Strategist
1/18/2018 | 1:28:13 PM
Re: Women think BETTER than men
* troll warning! * straight from Hawaii Civil Defense!  ;)
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
[Sponsored Content] The State of Encryption and How to Improve It
[Sponsored Content] The State of Encryption and How to Improve It
Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19790
PUBLISHED: 2018-12-18
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti...
CVE-2018-19829
PUBLISHED: 2018-12-18
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
CVE-2018-16884
PUBLISHED: 2018-12-18
A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel id and cause a use-after-free. Thus a malicious container user can cause a host kernel memory corruption and a system ...
CVE-2018-17777
PUBLISHED: 2018-12-18
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have acc...
CVE-2018-18921
PUBLISHED: 2018-12-18
PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action.