In that moment, I found myself at a crossroads. Facing a perplexed gaze, I turned my back on one of cybersecurity’s most high profile CISOs, my hands pressed firmly against my ears, belting out a powerful melody. I knew it was a crazy act, and perhaps it was unfair of me to subject him to it, but I wanted him to understand a pressing need in cybersecurity.
My intention was to physically manifest the dire state of gender diversity for cybersecurity; to make him truly feel the weight of it all. It was a desperate attempt to bridge the gap between understanding and empathy, to paint a vivid picture of the struggles women face.
You see, when it comes to women in cybersecurity, one glaring challenge persists: their continual underrepresentation. Using ISC2’s Workforce Studies as data sources, since 2020, the percentage growth of women in cybersecurity hasn’t grown. It’s declined.
Reading that line should be a wakeup call for anyone who cares about reducing cyber threats and resilience, for women are an integral defence strategy. This was something I discussed with Kirsty Paine, Field CTO & Strategic Advisor at data platform Splunk during our recent LinkedIn Live: ‘Resilience Talks: Fostering Female Belonging in Cybersecurity.’
Rather than repeat the conversation we had, in this blog you’ll get additional content and source links, but the talk is also available on-demand. It covers some really important points such as how we build up diverse practices that become part of the solution to reduce resistance to female leadership or introverted personalities.
Why do women in cybersecurity matter?
Research tells us that diversity offers a strategic and competitive advantage to business and when discussing with Kirsty, we agreed that businesses need to be intentional in creating a culture that has the policies in place to support women and underrepresented groups.
Drawing on gender diversity specifically, women are found to be more productive, innovative and able to stay on schedule, and within budget, much more than homogeneous teams. When companies employ more women, stock prices rise, and, when top management teams are filled with more women, they financially outperform companies with low women’s representation by around 35%. In fact, McKinsey recently reported that if Europe could double the share of women in the tech workforce by 2027 it could benefit from a GDP increase of as much as €260-600 billion.
However, the reason why women matter so much in cybersecurity is because of the way they view and deal with risk. Countless studies have shown that women and men gauge risk differently. For example, Byrnes et al. (1999) presented a meta-analysis of 150 psychology studies that showed that women are in some situations significantly more averse to risk than men. Research by Gavin D. Brown, Ann Largey and Caroline McMullen found that gender differences in risk perception can vary by risk, and research by Christine R. Harris and Michael Jenkins from the University of California, and Dale Glaser Consulting Firm in Gender Differences in Risk Assessment: Why do Women Take Fewer Risks than Men?, concluded similarly. It turns out that women are highly competent at assessing odds and the way this is evidenced is by women avoiding more risk than men.
Bayes Business School discovered this when they studied risk in banks and found that by having a greater representation of women (rather than full diversity) they could significantly reduce the frequency of their banks misconduct fines, saving them $7.48 million each year. Interestingly, too, the World Economic Forum tracks gender, along with age and organisation type, for its Data on Global Risk Perceptions, see below.
Women also often exhibit a greater inclination towards compliance with rules, a willingness to embrace organisational controls and technology, and a heightened ability to detect shifting patterns of behaviour, making them adept at identifying threat actors and safeguarding environments. Additionally, their exceptional intuition, coupled with high emotional and social intelligence, equips them to effectively manage stress better than men and remain composed in the face of turbulent situations, a vital trait when addressing significant security breaches and incidents. And as cyber attackers are actively employing strategies that exploit vulnerabilities, including those that specifically target men’s weaknesses, having more women strengthens an organisation’s security posture.
So, if there are all these benefits, why are the numbers of women still so dire? To answer this question, we need to look at women’s routes into tech, and as I said in my talk with Kirsty, we need to take an honest look at why they are leaving the industry.
We also have to appreciate the complexity of the answer to the question. As Kirsty rightly pointed out during our conversation,
“It involves multi layers, and women who aren’t a homogenous group. We have to be mindful that within women, we have different representations such as ethnic minorities and neurodiversity, (amongst others), with many different needs.”
Exploring Pathways and Opportunities for Women
There are several routes available for women to enter the field of cybersecurity, including specialised training programmes and initiatives aimed at closing the gender gap.
Here are some notable options and sources:
Entry-level Programs: Many individuals begin their careers in fields unrelated to tech, entering cybersecurity in a variety of ways. One approach is to obtain entry-level cybersecurity certifications after graduating or as a career pivoter. Popular and in-demand certifications include CompTIA Security+, CCNA, CSX Cybersecurity Fundamentals, MTA Security Fundamentals, GIAC Security Essentials (GSEC) and ISC2 Certified in Cyber. These certifications aren’t exhaustive but provide specialised knowledge and demonstrate proficiency in specific areas of cybersecurity.
Apprenticeships, Internships and Entry-Level Positions: Internships and apprenticeships offer hands-on learning opportunities and the chance to work on real-world projects under the guidance of industry professionals. Entry-level positions such as Security Analyst, Network Administrator, or IT Support Specialist can provide valuable experience and exposure to various facets of cybersecurity. Military experience, especially in roles related to information security and intelligence, can also serve as a solid foundation for transitioning into civilian cybersecurity careers.
Returner Programs: The motherhood penalty is evident in various aspects for women in cybersecurity, including long-term earnings, working hours, and career progression. However, the good news is many large organisations offer “returnships” for women who’ve taken a career break. Typically, around 16-weeks in duration, these programs offer training, mentorship, and support to help women refresh their skills, polish up their resumes, and transition back into the workforce.
Women-focused Training, Networks and Resources: Many people question the relevance of women-only groups and whether they divide the cybersecurity community even more. Data suggests otherwise. Women benefit from having different types of networks including women-only networks. According to Catalyst, in male-dominated workplaces and industries, women-only networks become a source of solidarity, support, and encouragement. They provide women with critical information about opportunities for promotion and progression, sponsors who take an interest in individual women’s careers, and mentors. And as a result, they are 2.5x times more likely to be promoted. In cybersecurity, there are numerous communities offering specifically designed for women offering training, networking and mentorship opportunities, and career guidance.
Women’s Scholarships and Financial Support: Some organisations, institutions, and initiatives like ISC2, KnowBe4, SANS, FS-ISAC, Black Hat, and my company – to name but a few – offer scholarships and financial assistance specifically for women pursuing cybersecurity careers. These programs aim to remove financial barriers and promote gender diversity in the field.
Programmes for Girls: There are some great programmes to get girls and younger women interested. One of my favourites is CyberFirst Girls Competition in the UK. More than 8,700 girls, aged between 12 and 13, entered this year’s competition, overtaking last year’s total by 24% and bringing the total to 65,000 girls who have entered since it began in 2017.
Why do Women Leave Cybersecurity?
As I explained in the LinkedIn Live,
“if we don’t have enough data to draw on, we can only hypothesise as to why, and if we’re not measuring, we can’t improve.”
While comprehensive data specifically focused on women in cybersecurity is limited, research and reports from women in tech provide valuable context. In 2019, Accenture reported that 50% of women leave the tech industry before they reach the age of 35, compared to 20% in other roles, and women are leaving at a 45% higher rate than men.
More recently, and localised to the UK, Computer Weekly reported that 57% of women are leaving tech. In fact, between Q4 2022 and Q1 2023, 17,000 female tech workers left the industry in the UK, despite overall headcount increasing by 85,000.
This gender brain drain could be attributed to several factors. One significant issue is the gender pay gap, which remains a prevalent issue. Women often face unequal compensation compared to their male counterparts, leading to dissatisfaction and a lack of motivation to continue in the industry.
Limited opportunities for career growth and development, as well as time-related constraints, have also emerged as significant factors contributing to this trend. A lack of female role models, inadequate support, mentoring, and guidance hinder progression. Then there’s the issue of bias in the workplace – confidence vs competence hurdles difficulties advancing into higher positions, along with macho cultures where minor to severe harassment, sexism, discrimination and misogyny play out, causing women to seek opportunities elsewhere.
Inflexible working arrangements have significant effects on women. Research and analysis of women in tech show that backtracking on flexibility, particularly with a mandatory return to the office, can have negative consequences for women’s career advancement and work-life balance. They disproportionately impact women who rely on flexible arrangements to manage childcare responsibilities or other personal commitments. Globally, women carry out at least two and a half times more unpaid work – household and care work – than men. Flexible working and hybrid work models keep women in the workplace.
Finally, the levels of stress and burnout are taking a toll on women. Now, reaching concerning heights, surpassing even the levels experienced by frontline healthcare workers in the aftermath of the COVID-19 pandemic, women in cybersecurity are facing significant challenges, particularly in terms of emotional exhaustion. Research by Cybermindz found that women, especially those in consulting roles, are experiencing higher rates of burnout compared to their male counterparts. When women feel like they must work twice as hard as any man to prove their worth and achieve their ambitions, it’s unsurprising.
Women have traditionally been underrepresented and marginalised in cybersecurity, both from a workforce perspective and as active participants. Sadly, this has created an environment where female belonging is not fostered—but it’s time for that to change. Leaders in the field need to act now, leading the charge with strategies of inclusion and equity focused on creating opportunities for women that recognise their value within this community.
To learn more about how you can promote diversity and foster female belonging in cybersecurity, watch the full conversation with Kirsty Paine Paine from Splunk here: https://www.linkedin.com/events/7137824422937202689/about/
The discussion reinforces how important it is for industry leaders to attract women in the early stages of their careers, empower women in existing roles and drive more opportunities for female leadership in the cybersecurity space.
Now I want to hear from you…
Drop me an email and tell me, where is the industry going wrong? What more can be done to attract and retain more women in cybersecurity?
And please share this blog if you found it helpful.
Finally, in the spirit of full disclosure, please be aware that I’ve received compensation for promoting this #ad for Splunk. Because your success is important to me, I only align myself with brands I believe in, and Splunk is one of them.