Women in Security: Where We Are And Where We Need To GoOctober 25, 2017
Ada Lovelace, Grace Hopper, Katherine Johnson, Radia Perlman—some of history’s greatest technical minds have been women. However, since the mid-1980s, there has been a devastating decline in the number of female computer science and engineering graduates. This is even more clearly reflected in the modern workforce—especially within Information Security.
While women make up nearly half of the American and European workforces and 40 percent of it worldwide, according to the ISC2 2017 Women in Cybersecurity report, only 11 percent of global Information Security professionals are women. Many women also have difficulty moving up in their careers, despite reporting higher education levels and qualifications than their male counterparts. Furthermore, at all levels, men also earn more than women, are nine times more likely to be promoted to managerial roles, and four times as likely to hold C-level positions.
NERDS AS THE NORM
So, why aren’t there more women in security and what’s keeping those of us who are from excelling? While there is no single answer, part of this can be traced back to a trend that became prominent in 80s pop culture, when computers became labeled as something only ‘nerdy’ guys should enjoy—think Revenge of the Nerds, or the more modern-day IT Crowd—where male leads are portrayed as socially awkward and computer-obsessed.
In addition, personal computers became a household norm. According to an NPR article entitled, “When Women Stopped Coding,” this trend was seen in much more homes with male children than those with female children. Therefore, the sheer lack of exposure to computers, again, diverted a lot of young women away from an interest in tech. Many more boys grew up with the opportunity to excel in coding, security, and other computer-related disciplines, not only from an early age, but from home—setting a nearly impossible bar for young women to reach.
As far as the workforce is concerned, tech has quite an unfortunate retention rate for women as well, as many women end up switching careers after some time in a technical role. Personally, before I even took my first security course in undergrad, I was warned by another woman in the field that I would need “a very thick skin” to succeed. She was absolutely correct and this is something I learned quickly on my own, as well. This is not okay and it should absolutely not be the standard.
Furthermore, according to the ISC2 report, 51 percent of women have experienced discrimination within the field, with only 15 percent of men reporting the same. According to these reports, this also happens even more frequently as women excel in their careers. In addition, while unemployment rates in tech are lower than many other fields, according to Dice, for women it’s the opposite. And with other issues such as pay inequity and gender discrimination, women face a very steep uphill battle if they truly want a future in this field.
THE MODERN STATE OF SECURITY
In modern day Silicon Valley, a few women have been willing to speak out against these injustices. Women like Ellen Pao, famous for her gender discrimination lawsuit, and Susan Fowler, for her blog on the toxic working culture for women in tech. However, despite this, little has changed.
Back to security, with the big push for women to learn how to code at female-focused coding camps like Hackbright and Girls Who Code, the number of female software developers is on the rise. In fact, according to the US Bureau of Labor Statistics, 20 percent of software/web developers are female. However, this same push is not reflected in security, clarified by the aforementioned statistic with only 11 percent of InfoSec professionals being women. This also rings true at events and meetups focused on women in tech. Other women have looked at me strangely and become a bit cliquey in these situations, once I’ve shared that I work in security and not software development. Because of this, women in security can still feel left out, even in a room full of female tech professionals.
This is very problematic because of an increasing demand for workers with cybersecurity skills. A major lack of women in the field, therefore results in less people to fill these much-needed positions. On top of that, women should be encouraging other women in tech, regardless of their specific discipline.
According to a study from the “Center for Cyber Safety and Education”, there is a projected gap of 1.8 million unfilled cybersecurity jobs by 2022. A push for women to enter the security workforce would not only aid in closing this, but businesses with a more even distribution of men and women have seen up to a 41 percent increase in revenue. And companies with at least three female directors have seen over a 66 percent increase in invested capital. Workplaces with more gender diversity also see higher customer satisfaction, productivity, and profitability.
HOW TO MOVE FORWARD
So, how do we change this? I think the first thing that needs to be considered is a strong outreach to young girls. This is not only critical, but needs to begin very early at the elementary level. According to a survey conducted by Microsoft, girls lose interest in STEM when they hit their early teenage years. In addition, 60 percent of them report that they are intimidated by the tech field because of the unequal numbers and stereotypes.
1. Get engaged at a young age – and stay engaged. It’s important to inspire girls at a young age with hands-on workshops, camps, and other experiences. While coding camps are fantastic, a rise in security camps needs to happen, as well. We need to encourage our young girls who are excited about logic and problem solving to recognize how they can one day make a career out of it. And finally, it needs to be fun. We need to inspire young girls to excel in tech in the same way we do with young boys. The Girl Scouts of America, with their superstar rocket scientist CEO, have teamed up with Palo Alto Networks, and are making strides in the right direction. In 2018, the Girl Scouts will begin offering a range of cybersecurity badges. Hopefully other organizations will begin to follow this example.
2. Powerful role models. Another change that needs to happen, is for girls to become less intimidated by the industry itself. Personally, I was always interested in tech, but also terrified by the idea of entering such a male-dominated field. This is enough to dissuade many women from even giving it a chance. A focus on powerful female role models within tech and security is paramount. I’d love to see more lists like this: http://www.nextgov.com/cybersecurity/2015/07/top-10-women-cyberwarriors/117745/.
3. Keep up progress where it exists. On a positive note, according to the ISC2 report, millennials may have a chance to change this downward trend due to an increased number of women entering computer science and engineering degree programs. This increase is likely due to the focus on technology, which has occurred within our lifetime. In fact, just last year, more women graduated with engineering degrees than men at Dartmouth, and several other universities are working to follow suit. Last year, the Oracle Academy also pledged $3M and began the international Let Girls Learn initiative with the White House in order to help expose more young girls to STEM.
Encouragement early on is key, as girls lose interest in tech at a very young age. Inspiring them to embrace their abilities and to recognize the opportunities at hand is an excellent start. Work needs to be put in by people across many industries—whether its security, education, or community organizations—in order to become a driving force to not only embrace women within the field, but to close a very serious, impending employment gap within it, as well. Negative stereotypes about tech need to become a thing of the past, and positive female role models need to be lifted up and exemplified. Without any of this, the cybersecurity industry is going to continue to lack diversity, and soon flounder, as demand increases, but our standards continue to live in the past.