Much has been written about the high barriers to entry for women in cybersecurity. Certainly the numbers are depressing. Women make up just 11% of the world’s information security workforce, according to the 2017 Global Information Security Workforce Study. This is far behind other industries.
For example, in the U.S. women represent nearly 47% of total workers and 51.5 % of management and professional positions. They account for 60% of pharmacists and 34% of doctors. Even the IT and computing industry, notorious for low female participation, puts cybersecurity to shame with 26% of positions held by women.
That’s not to say women should simply accept non-equal pay as the status quo, but neither should it deter women from a promising career choice. The severe labor shortage in cybersecurity presents a huge opportunity for women: The ISACA predicts a global shortfall of two million industry professionals by 2019.
Beyond the salary advantages (and non-existent bathroom queues at conferences), cybersecurity offers other benefits many women find important. As a still emerging industry, the work is demanding and fast-paced but well-suited to flexible hours and working from home. With the right support, work-life balance is achievable.
The same flexibility carries through to types of work available: from deep research to sales, marketing and high level management. And with the industry constantly changing, it offers many opportunities to learn, to pioneer, to excel in new fields. If you’re smart, work hard and keep educating yourself, there really is no limit.
Women are also uniquely well suited to the work. In general, women are often able to see things from multiple perspectives and excel at multi-tasking – skills crucial in a young, continuously evolving industry. They also tend to be better than men at team-building, cross-organizational collaboration and communication, abilities that are also increasingly critical, particularly in the drive to align security with business strategy.
A study conducted by (ISC)² backs this up, showing that women possess distinct perspectives relative to their male counterparts, consistent with "the traits needed to transform the direction, operating practices and priorities of security organizations."
In other words, the industry needs more women. Their diverse voices, viewpoints and opinions help drive innovation, improvement and resilience.
So where are they?
If anecdotes are anything to go by, most women in the cybersecurity industry arrive by accident. A confluence of circumstances rather than a deliberate choice. For me, this happened during my military service. I was fully set on a different path, but a group of bright, talented young soldiers in a cyber unit showed me that there is so much in computer science. I was hooked by the wide open possibilities, their evident passion at working through challenges, and the instant gratification that comes from seeing your code run. Fortunately, I was never treated differently due to gender.
In Israel, military duty provides women with a unique chance to join the cyber world without making an early committed career choice. We need more opportunities like this for girls and women to try on the role, to see themselves in it. Women need more clear and accessible entry points.
Those of us in the industry need to loudly proclaim our commitment to increasing workforce diversity and back this up with action. Consider moving to blind resumes, which remove names and other markers of gender or race. Offer official or unofficial mentor programs — nearly every successful woman in cybersecurity mentions how invaluable their own mentoring was. Show the wide variety of roles out there; cybersecurity is usually portrayed by a guy in a hoodie when it is so much more.
I recently talked to several high school-aged girls about what they might want from a career, what was important to them. All expressed, in various forms, the same two things: to do something interesting, something that they would wake up every morning and want to do, not dread another day of. The other is to do something that benefits not just themselves and the organization they work for but society as a whole.
We need to show these girls that the cybersecurity industry embodies them and their ideals. That it’s about creative ways to preserve the openness and freedom of the digital world while making it safer, from practical tactics up to the highest levels of policy.
We also need to better tap into local role models. There are incredible women in the field of cybersecurity in every country. For me, women like Keren Elazari, Dr. Kira Radinsky and Orna Berry, to name a few, still amaze and inspire me with their drive, fearlessness and belief that nothing is impossible. A role model is much more powerful when girls and women can see themselves in her, can feel that she is not completely outside their realm of experience.
Since I began my career some two decades ago, I see more women in the audience and on the agenda at conferences. I hear more women talking about their own experiences, encouraging young women to join their ranks. But we need to take it further. Organizations like the Cybersecurity Diversity Foundation and their Cyb“her” Geek Scholarship are a big step in the right direction. I think (hope) that we will see a new generation of girls considering cybersecurity as a career. When that happens, I’ll gladly give up the short bathroom lines.
This article was previously published on CIODIVE.