Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

7/25/2017
10:30 AM
Jodie Nel
Jodie Nel
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
100%
0%

How Women Can Raise Their Profile within the Cybersecurity Industry

Closing the cybersecurity gender gap won't happen overnight, but women can take can take steps to begin leveling the playing field.

As most organizations race to close the gender gap, the cybersecurity industry lags behind. A recent study found women make up only 11% of the global information security workforce, and the majority of women are underpaid compared with their male counterparts and likely to experience some form of discrimination at work.

The gender disparity is particularly disappointing given the projected workforce gap: 1.8 million cybersecurity roles are expected to go unfilled by 2022. From unconscious bias to poor recruiting tactics, female professionals looking to enter the cybersecurity space find themselves face-to-face with a number of barriers to entry.

Cybersecurity's gender discrimination problem is leaving its mark on the industry — demand for skilled security experts is quickly outstripping supply. Unless action is taken to attract, retain, and develop female professionals, the number of vacant positions will continue to grow.

Why Women Are Invisible in Security Ranks
Although some in the industry herald cybersecurity as one of the most progressive fields in which to work, it remains stuck in the past when it comes to diversifying the workforce. The security industry as a whole is commonly viewed as maintaining an old boy's club mentality, one that discourages women from even considering a career in the field. Women who make it into the industry often have to go to greater lengths to prove their ability. Female professionals in cybersecurity were found to be more educated than their male counterparts, with 51% of women entering the profession holding a master's degree or higher.

Visibility (or the lack of it) largely contributes to the low number of women in technology. Security is often considered a masculine area of expertise, deterring female job seekers from pursuing a career in such a male-dominated industry. Women already in the security industry are often left out of high-priority projects that could raise their profile both inside and outside an organization. This persistent trend of suppressing female professionals creates a number of obstacles that exclude women and challenge those seeking upward mobility.

Similarly, invisibility keeps women from attending and speaking at industry-specific conferences. While many cybersecurity events are in need of female guest speakers, they also demand high-level professionals who are established figureheads in the industry. Event organizers don't want to hire a female speaker for the sake of diversifying a conference panel — inviting just any woman isn't enough, and can even appear condescending or a form of tokenism.

To catapult more female professionals into the spotlight and make their presence felt in the industry, several changes need to occur from within security organizations.

Raising Awareness in a Field Dominated by Men
Resolving the cybersecurity gender gap won't happen overnight, but women can take take several steps to begin leveling the playing field. For a female security professional, holding office hours and providing mentorship can help younger women carve out their own path in the industry. Women should also work with their company's PR or marketing teams to get in front of the media whenever possible, proactively becoming thought leaders on subject matter they know inside and out.

In addition to boosting visibility, women can debunk existing stereotypes about who is "allowed" to work in the security field to usher more women into the industry. Public perception suggests only men with technological backgrounds can work in cybersecurity, though this is far from the case. Part of this confusion is because most job seekers don't know what types of nontechnical careers fall under cybersecurity. Jobs like social engineer and security architect don't necessarily require prior technology or security experience but are valuable roles in the cybersecurity industry. By partnering with educators to reach girls at younger ages, organizations can contribute to the growth of women in tech by dispelling common cybersecurity myths.

Achieving gender equality in the cybersecurity industry starts with raising awareness of the female professionals currently contributing to its success. From dispelling tech stereotypes to seeking out public speaking gigs, women have the ability to diversify the industry and satisfy the demand for much-needed talent.

Related Content:

Jodie Nel is the event organizer for the Cyber Security Event series hosted by Imago Techmedia. Nel is responsible for providing tech industry decision-makers with access to world-class conferences and events. Prior to working on the Cyber Security Event series, Nel served as ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
7/31/2017 | 5:51:41 PM
Profile Raiser: Hack and Publish
Another way to raise that profile is to hit the bug bounties hard, shooting for the higher profile ones.  Discover, write up and publish exploits and get noticed through regular quality work.  Take these anecdotes and exploits to conferences and speak often.  Joanna Rutkowska, Sherri Sparks, Parisa Tabriz and Raven Alder come to mind.  Regardless of gender I know I connect quickly with people based on what they can do.  If you do something cool and you're enthusiastic when demoing it and talking about how you got from concept to execution, I'm in.  I think that respect factor is huge and just keeping at it publicly and proving your chops every day is a solid way to help get you there.  Do what you do, do it well.  Nobody's saying it will be easy, but keep at it and love every moment of it.
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
CVE-2019-18888
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. T...
CVE-2019-18889
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.