A vital yet often-overlooked aspect of diversity within the cybersecurity profession is gender diversity. Racial and gender inequities continue to limit our potential for innovation and complex problem-solving—both in the world and within the rapidly evolving realm of cyber security. Addressing inequities for women, who account for just under half of the global workforce, but only 24% within the cybersecurity sector, is worth revisiting. I last wrote about this in 2020; since then, we have seen some advances, but we have much more work to do.
REPRESENTATION OF WOMEN IN CYBERSECURITY HAS A LONG WAY TO GO
A recent report highlighted the gender disparity, finding that 83% of participants shared one or more experiences of exclusion, and new hires reported 17% more exclusion than those employed between two to five years. Veteran employees (those within their organizations for six or more years) reported the highest rate of exclusionary experiences. Larger organizations (with five thousand or more workers) appear more inclusive than smaller ones.
Cybersecurity firms (and tech fields more generally) were found to be more exclusionary than companies in other sectors. So, what do we mean by exclusion? In this context, exclusion encompasses women's lack of career and growth opportunities. Where is it coming from? Perhaps counter-intuitively, people—not policies—are the primary source of the disparity between genders in the workplace, with a lack of respect from leadership (68%), management (61%), and peers (52%) reported by participants.
DISPARITY COMES FROM SEVERAL SOURCES
The reasons behind the disparity are essential to understand if we want actual change. They include:
-Stereotypes and biases about gender roles/abilities that create hostile, unwelcoming working environments for women in cybersecurity. In turn, these impact hiring, promotion, and recognition, leading to a lack of career advancement.
-Hostile work environments, where harassment, discrimination, and exclusion are tolerated, lead to high turnover rates and an exodus of talented women.
-Perhaps unsurprisingly, the gender pay gap prevalent in male-dominated professions such as cybersecurity contributes to the departure of women from jobs in the STEM fields.
-A lack of female role models is a demoralizing factor. It perhaps contributes to the engendered prevalence of Imposter Syndrome (feeling inadequate because of biased treatment and a lack of representation).
-Education/pipeline issues. The problem starts earlier than one's entry into their chosen career. The STEM fields have a long way to go in encouraging and supporting girls and young women (such as providing mentorship and other resources).
-Recruitment and retention because of the perception that the field is male-dominated and unwelcoming.
-Male-dominated networking events, and perhaps of even more impact—the informal networks in all organizations. For example: Who talks to whom? Who offers informal support, and to whom do they offer it? When opportunities arise, do some people learn of it through informal channels while others miss out? Who can access such informal support, communication, and advancement systems? In an atmosphere dominated by men, the men themselves might be unaware of the bias they enact unless it is brought to their attention.
Is it any wonder that women faced with the lack of support and role models, pay disparity, and a hostile work environment might exit the field when faced with the challenge of finding work-life balance in jobs where long hours and high-pressure situations are the norm?
STRATEGIES FOR ADDRESSING GENDER DISPARITY
-Encourage girls to pursue STEM education, ensuring schools foster supportive environments emphasizing gender equality, and providing mentorship programs—all are proven methods for increasing confidence and fostering a sense of belonging.
-Promote workplace inclusivity by establishing company policies prioritizing diversity, equality, and inclusion. Components of this are eliminating gender bias in recruiting, hiring, and promotion processes, often accomplished by presenting unconscious bias training to employees. These ensure that women receive evaluations based on their skills and capabilities rather than on gender.
-The media plays a part in the disparity by shaping our perceptions of gender roles. Portrayals of cyber professionals that are diverse can help combat stereotypes and encourage broader participation. This requires media outlets, industry experts, and organizations to collaborate to present realistic images of cybersecurity professionals that reflect the diversity within the workplace.
-Continuing education. In an ever-evolving field, encouraging women to pursue continuing education and offering scholarships and financial support removes financial barriers and enables more women to enter the profession.
-Related to this, creating partnerships between academia, industry, and government contributes to a supportive ecosystem. Internships, research opportunities, and information sharing give women real-world experience and boost their career prospects.
-Networking with an emphasis on creating safe, welcoming spaces where sharing stories and experiences and receiving support goes a long way to contributing towards women's empowerment in the field.
KUDOS TO ORGANIZATIONS SUPPORTING DIVERSITY
The cybersecurity workforce has been successfully drawing a more diverse pool of talent through dedicated efforts, programs, and initiatives. More recently, this focus has expanded to encompass not only racial diversity but also the pressing issues of gender representation and accessibility. Strategies to support gender diversity include:
-Addressing the labor shortage by pushing policies and securing funding for cybersecurity clinics nationwide.
-Launching initiatives to upskill workers for cybersecurity roles.
-Providing academic funding to members of minority communities.
-Access for training K-12 students to create a more diverse cyber workforce.
-Expanding a Cybersecurity Skills Initiative to include 28 countries worldwide and a series of partnerships to skill women in the field.
GENDER DISPARITY MATTERS
Cyber threats are increasingly complex, and solutions must be equally so. Closing the gap isn't just about social justice. It leads to diverse perspectives that contribute to growth and innovation. Breaking down the barriers to equal representation and empowering women contributes to the overall effectiveness of the cybersecurity field itself.