{"id":114,"date":"2024-08-31T00:06:38","date_gmt":"2024-08-31T00:06:38","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=114"},"modified":"2024-08-31T00:06:38","modified_gmt":"2024-08-31T00:06:38","slug":"women-in-cyber-day-finds-those-it-celebrates-leaving-in-droves","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=114","title":{"rendered":"Women in Cyber Day finds those it celebrates \u2018leaving in droves\u2019"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

The information security industry has been trying for years to improve the participation of and respect for women in the cyber community, with some rising to CSO positions.<\/p>\n

But with International Women in Cyber Day being celebrated Sunday, Sept. 1, one US-based CISO thinks things may be going backwards for women in the profession.<\/p>\n

\u201cI was very positive until about a year and a half ago,\u201d Olivia Rose, head of Rose CISO Group, a virtual CISO provider, and faculty member at Boston-based management consulting firm IANS Research, said in an interview this week.\u00a0<\/p>\n

\u201cWe\u2019ve seen a shift in the past year and a half where women are leaving cybersecurity in droves. That\u2019s the only way to describe it. I hear or speak to at least two to three women a week who are either giving up completely and leaving tech, or they\u2019re going out on their own and starting a cybersecurity company like I did,\u201d she says.<\/p>\n

Creating your own firm may sound like a positive. But, Rose said, many who go private do it \u201cbecause they feel propelled to do so\u201d due to the way they\u2019re treated by colleagues or employers.<\/p>\n

And it\u2019s the middle and senior managers who tend to be the ones leaving, she added.<\/p>\n

Lynn Dohm, executive director of US-based Women in Cybersecurity (WiCyS), agrees, adding that many women with between six and 10 years of infosec experience hit a glass ceiling in their careers.<\/p>\n

\u201cThings have stalled,\u201d she said. In 2014, around when WiCyS was formed<\/a>, women accounted for an estimated 11% of the global infosec workforce. Ten years later, that percentage is estimated at between 20% and 24%.<\/p>\n

Lisa Kearney, head of the Canada-based Women in Cybersecurity Society, thinks the situation for women in infosec has improved in the past five years, but she still sees high drop-out rates among women early in their careers in Canada.<\/p>\n

Women in Cyber Day \u201cshines a spotlight on the vital contributions and acknowledges the achievements of women in cybersecurity,\u201d Kearney said. \u201c[The day] also serves as a reminder that diversity is not just about equity. It\u2019s necessary for innovation and effective problem-solving.\u201d<\/p>\n

WiCyS\u2019 Dohm believes Women in Cyber Day is important not only to honor the talent women bring to cybersecurity but also to let women explore the possibility of a cybersecurity career. It also allows the message to be spread that diverse cybersecurity teams make the organization more secure by allowing different voices and perspectives to be heard \u2014 especially at a time when unexpected challenges pop up daily. A study for WiCyS released earlier this year<\/a> shows the lack of diversity is a symptom of lack of inclusion in the workforce, she said.<\/p>\n

\n

Women in Cybersecurity<\/p>\n<\/div>\n

\u201cIt hasn\u2019t been the easiest industry to break into,\u201d she said. \u201cAlthough we\u2019ve moved the needle ever so slightly, there\u2019s still more work that needs to be done.\u201d<\/p>\n

Sexism still a barrier<\/h2>\n

Despite significant shortages of cybersecurity talent<\/a> around the globe, women still face an uphill climb establishing infosec careers, with sexism in the male-dominated field still a barrier.<\/p>\n

Rose of Rose CISO Group has been in the infosec industry for 22 years, including holding CISO positions at Mailchimp and Amplitude. Over that time, she has experienced more than her share of toxic behavior.<\/p>\n

\n

Olivia Rose, CISO and founder, Rose CISO Group<\/p>\n

Rose CISO Group<\/p>\n<\/div>\n

\u201cI\u2019ve been called every name in the book, except for one, to my face and behind my face,\u201d she said. \u201cAt one company where it was all men, I was called the cockroach because I refused to die, I refused to leave. I said, \u2018You\u2019re not getting rid of me until I\u2019m ready to go.\u2019\u201d<\/p>\n

\u201cYou [as a woman] have to have a very thick skin and a spine of steel to last a very long time in this industry,\u201d she said. \u201cEvery woman I know who is a leader has the same \u2014 very tough skin and a spine of steel.\u201d<\/p>\n

Women in cybersecurity statistics<\/h2>\n

The ISC2, a nonprofit offering training and certifications for cybersecurity professionals, estimates that women represent 20% to 25% of the global cybersecurity workforce. According to its April survey of 2,400 women in infosec roles<\/a>, on average only 23% of current cybersecurity teams are female, with 11% of survey respondents saying they had no other women on their security teams.\u00a0<\/p>\n

Another finding: Female respondents earn around 5% less than their male colleagues, with an average salary of US$109,609 compared to US$115,003 for men \u2014 a pay gap despite the fact that women respondents hold advanced degrees (master\u2019s and doctorate-level qualifications) at significantly higher rates than men, while they hold cybersecurity certifications at equal rates.<\/p>\n

One positive finding from the survey: Women hold executive titles in cybersecurity at a similar rate to men, with 16% of women reporting a manger-level title and 7% holding director-level roles.<\/p>\n

Discouraging workplace cultures<\/h2>\n

WiCyS\u2019 aforementioned \u201cState of Inclusion in Cybersecurity\u201d report found that women continue to face numerous unfavourable experiences that contribute to their overall feeling of exclusion in the workplace, negatively impacting their job satisfaction, productivity, and retention.<\/p>\n

\u201cIn particular, we find that women are especially impacted by lack of respect and by lack of career opportunities,\u201d the researchers wrote. \u201cWe also find that workplace experiences result most frequently from leadership and direct managers, but that peers also play a significant role, particularly in terms of being disrespectful.\u201d<\/p>\n

Examples of bad experiences women relayed included:<\/p>\n

\u201cAfter introducing myself, I have had individuals ask to speak to \u2018a guy who works in IT\u2019 instead of me.\u201d<\/p>\n

\u201cColleagues would play pornographic movies as I arrived to meetings. One time a colleague played a movie like this when we were meeting with a customer.\u201d<\/p>\n

\u201cMy male peers received more pats on the back for far lesser accomplishments than me.\u201d<\/p>\n

Just over 1,000 employees, approximately 35% of whom were men and 65% women, participated in the survey. Forty-eight percent of female respondents said they were experiencing issues related to career and personal growth at their employer, significantly more than the 26% of men who report similar experiences.<\/p>\n

Recommendations to the C-suite<\/h2>\n

ISC2 offers several tips for management to help increase women\u2019s participation and satisfaction in cybersecurity:<\/p>\n

Set specific hiring, recruitment, and advancement metrics.<\/strong> Security leaders should help establish targets to promote a workforce that closely reflects the diversity of the general population.<\/p>\n

Make pay<\/strong> equity a priority.<\/strong> CISOs should actively monitor pay equity for all roles within their organization to ensure salary and benefits are aligned based on role requirements and experience \u2014 and to make adjustments as needed.<\/p>\n

Eliminate inequities around advancement.<\/strong> Security leaders must support women in defining their goals and ensure they have equal access to development opportunities to reach leadership roles. Greater representation of women in senior positions inspires other women.<\/p>\n

Focus on the \u201cI\u201d in DEI.<\/strong> Many organizations understand what diversity and equity mean, but emphasizing inclusion will help address feelings of not belonging and feeling inauthentic, which in turn help on the retention front.<\/p>\n

\u201cI love being a women in this industry,\u201d Rose said. \u201cIt\u2019s been a really rough ride. There have been a lot of ups and downs. I\u2019ve had to work harder than a lot of people \u2014 like any woman leader will tell you. But my mantra has always been, \u2018I\u2019m not leaving until I\u2019m ready to go\u2019 because I love this industry. And I\u2019m good at it. So I\u2019ve stuck in there. But unfortunately, many women are giving up and leaving.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

The information security industry has been trying for years to improve the participation of and respect for women in the cyber community, with some rising to CSO positions. But with International Women in Cyber Day being celebrated Sunday, Sept. 1, one US-based CISO thinks things may be going backwards for women in the profession. \u201cI […]<\/p>\n","protected":false},"author":1,"featured_media":115,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-114","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/114"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=114"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/114\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/115"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=114"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=114"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=114"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}