Shelley O’Leary, EMEA Channel Manager at Digital Guardian, comments on the skills and gender gap cybersecurity companies are presently facing.
The cybersecurity industry has a skills gap. It also has a gender one. It doesn’t take a computer scientist to work out that the latter reinforces the former. Recruiting more women and non-binary people into the industry and closing the gender gap is crucial to gaining much-needed talent for the sector. So how can this be done?
The cybersecurity industry is facing a war on two fronts. Externally, it’s battling an increased global threat with cyberattacks growing in frequency and sophistication. Internally, it’s wrestling with a skills shortage: according to the (ISC)² Cybersecurity Global Workforce Study 2021, there are 2.7 million unfilled cybersecurity positions around the world. This short-staffing means organizations cannot keep on top of threats, struggle with patching delays, and risk more significant errors and oversights due to overstretched staff. And the shortage has a direct impact on cybersecurity teams, too, as existing teams are burdened with an increased workload, leading to burnout.
This isn’t the only gap the industry has. The (ISC)² also estimates that three-quarters of cybersecurity professionals are still male. This gender imbalance isn’t just an ethical issue; it also has commercial implications. Gender diversity – and diversity in all aspects and identities – brings new viewpoints, experiences, and approaches that are incredibly valuable to a business and boost creativity. A gender-diverse workforce also helps an organization interact more honestly and authentically across different demographics and lessen the chances of making harmful mistakes. This commercial advantage isn’t theoretical: companies in the top quartile for gender diversity on executive teams are 25 percent more likely to have above-average profitability than companies in the fourth quartile.
When viewing these statistics side by side, it’s clear there’s one solution to both problems: drawing more women and non-binary people into the sector. Bringing them into the industry will help meet the skills shortfall while simultaneously creating a more gender-diverse workforce. It’s a win-win situation. But how can it practically be done?
Working towards gender diversity
Perceptions are powerful things. One of the barriers to women and non-binary people entering the cybersecurity industry is the belief that it’s the preserve of men. It’s a belief that draws on fact: historic male overrepresentation in the sphere and the gender pay gap send a message that cybersecurity is a space for men, where the work of women and non-binary people is of less value.
It’s vital we change this; closing the gender pay gap is, of course, crucial, but there are other, smaller ways organizations can break down the idea that cybersecurity is only a place for men. Making sure job descriptions are gender-neutral in language, using marketing materials that highlight the work of women in the sector, and creating female and non-binary role models (by amplifying their voices at industry events, for example) are some of the steps we can take to demonstrate that cybersecurity is a world for all genders.
But the conditioning starts young, so our work to correct the gender imbalance must go further back. When asked by the (ISC)² in 2020 about the best way to increase women’s representation in the field, cybersecurity professionals identified encouraging women to pursue STEM degrees in university as the most effective action. To do this, the idea must be planted early. Out of school clubs and talks and presentations at schools geared towards encouraging girls and non-binary young people to consider technology subjects are important ways to encourage underrepresented genders into the sector.
We also need to break away from the idea that there’s one path into cybersecurity. Those within the industry know it’s a very varied sector, and you don’t need to have a background in programming to thrive. In fact, cybersecurity professionals say that traits such as strong problem-solving abilities, curiosity and eagerness, strong communication skills, and strategic thinking are equally or more important than certifications and relevant cybersecurity experiences for new entrants to succeed in the field. Amplifying the importance of these in job descriptions is a way to draw in women and non-binary people who may not have a STEM degree and may not have considered a cybersecurity career.
And it’s not simply about the assumptions people have looking in. Creating a gender-diverse workforce involves interrogating and overriding the subconscious gender bias in hiring processes and unlearning the gendered assumptions we’ve all been taught. Ways to do this include bias training and de-biasing hiring software, so all the work done to get underrepresented groups to apply isn’t then undone at the hiring stage.
Closing the gender gap isn’t just about bringing women and non-binary people into cybersecurity. It’s about keeping them here. This is where inclusion comes in: making certain underrepresented groups aren’t just statistics on a company payroll but are given equal opportunity to be heard and progress. Not only will failure to do this result in talent loss, but it will also mean companies aren’t gaining from the diversity of experience they have on paper. You won’t benefit from underrepresented talent if they’re only found in your junior roles.
Ways to ensure your organization is gender-inclusive include mentorship at all job levels, eliminating the promotion gap, increasing female leadership presence, and continually asking if you’re doing all you can to make the workplace supportive for all genders. There’s always more that can be done.
Finally, it’s essential to note that when it comes to any discussion of gender, intersectionality is critical. Organizations need to recognize the role other aspects of identity – such as race, class, disability, and sexuality – play in people’s lives and actively address the additional barriers they face. Closing the gender gap is crucial, but cybersecurity won’t be a fully diverse, inclusive industry unless it takes steps to draw in people from all backgrounds and give them the opportunities and space to thrive.
- What’s the state of gender diversity in the tech industry?
- Leadership team diversity: this is how tech companies can get it right
- Diversifying entrepreneurs with access to the EU
The cybersecurity industry may be struggling with its skills gap, but the solution is right in front of it. There’s a wealth of untapped, underrepresented talent out there who can make up the skills shortfall while correcting the sector’s diversity problem in the process. But this won’t happen by accident. If the industry wants to see this become a reality, it needs to take active steps to change its image, encourage and support underrepresented groups and deconstruct its bias. Closing the skills gap means opening up new opportunities.