At a recent IT conference, Cyber Security Chicago, more than 4,000 cybersecurity professionals sat in on presentations covering everything from cyberattacks in the Internet of Things era to third-party vulnerability assessments and DevSecOps. My job provides me the opportunity to attend many events like this one, and I always make it a point to seek out sessions that touch on the topic of diversity in the workplace — it’s an issue that I think needs more attention, especially when it comes to the gender gap in IT.
In Chicago, I attended Alisha Wenc’s presentation on SheLeadsTech, a program from ISACA that seeks to increase the representation of women in technology leadership roles and the tech workforce at large. Sadly, I was the only guy in the audience as Alisha discussed what I saw as a running theme throughout Cyber Security Chicago: the shortage of available and qualified cybersecurity professionals. She mentioned that by 2022, the industry will be short 1.8 million workers.
Solving the Cybersecurity Skills Shortage
In other sessions I attended, one way or another, speakers talked about how to address this looming problem — either by relying on more automated security processes or by building more secure hardware and software, from the code level on up. No one suggested a very simple and elegant strategy to help tackle this problem: recruiting and retaining more women.
Like other IT professions, the cybersecurity field strongly lacks women, and that isn’t surprising, given the surrounding research. Wenc pointed to a stat from the 2017 Global Information Security Workforce Study: Women in Cybersecurity that indicates 51 percent of women have experienced discrimination in their careers. The study also points out that women in cybersecurity experience more discrimination the higher up they rise in their careers. The barriers these women face include: a lack of mentors and female role models, straight-up gender bias, unequal growth opportunities and unequal pay. Is it really any wonder that just 11 percent of cybersecurity professionals are women?
Why IT Organizations Should Actively Pursue Gender Diversity
Plenty of research shows the value of gender diversity in the workplace. A Gallup study once showed that gender-diverse units in the retail industry performed remarkably better than their less-diverse counterparts, with 19 percent higher net profits on average. A Credit Suisse report points out that companies with at least one woman on their board outperformed strictly male-led companies by 26 percent.
Aside from these corporate yardsticks of success, diversity in the workplace brings everyday value: Different viewpoints lead to unique solutions to business problems; diverse talent brings in a variety of backgrounds and industry experience to the workplace; and greater diversity within the company leads to greater diversity within the customer base.
Shifting the Corporate Culture Within Cybersecurity
For women looking to change their IT organizations from the inside out, Wenc laid out a strategy that includes forming a women’s leadership council, determining addressable issues within the workplace, and then introducing the program to stakeholders. The SheLeadsTech program can be a part of that initiative, providing guidance and resources to help raise awareness, as well as training and skills-development programs and access to strategic partnerships with other ISACA chapters around the world.
The ISACA’s recent State of Cybersecurity Report, Part 1 recommends that organizations also provide effective diversity training to mitigate gender disparities within cybersecurity organizations. According to the report, 82 percent of men surveyed believe that men and women are offered the same career-advancement opportunities, while just 51 percent of women share that belief. However, when you look at only those organizations that institute a diversity program, 87 percent of men say men and women have the same opportunities, and 77 percent of women agree. There’s still a gap, but it’s a move in the right direction. Meaningful progress often comes not by big leaps, but through a series of small steps over time. And this will be true for the retooling of many security organizations if they are to grow and thrive in an era of chronic skills shortage.