{"id":1654,"date":"2025-01-27T06:00:00","date_gmt":"2025-01-27T06:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1654"},"modified":"2025-01-27T06:00:00","modified_gmt":"2025-01-27T06:00:00","slug":"cybersecurity-needs-women-and-it-needs-to-treat-them-better","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1654","title":{"rendered":"Cybersecurity needs women \u2014 and it needs to treat them better"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

The participation of women in cybersecurity is vital, a non-negotiable proposition. Forget any current handwringing over diversity and equity; it\u2019s fundamental that the contribution of women to the profession has made cybersecurity better.<\/p>\n

The proverbial door was kicked open long ago for women, who have made major contributions to the development of information security<\/a>. But it\u2019s the 21st century and there remain numerous barriers to their entry and advancement.<\/p>\n

Frankly, that needs to change \u2014 and change now. I am continuously appalled to hear that women are leaving the profession<\/a>, that the boy\u2019s club mentality<\/a> is still hedging women out, and that only somewhere between 11% and 24% of cyber pros are female<\/a>.<\/p>\n

The barriers are easily recognizable from years gone by, ranging from blatant misogyny to the more subtle shaping that occurs within the secondary school system and science, technology, engineering, and math (STEM) programs.<\/p>\n

We are constantly told about the skills shortage in cybersecurity<\/a>, and the fact that such a large potential group of candidates is nowhere to be seen is patently ridiculous. Want to bridge the gap? One solution seems obvious.<\/p>\n

I spoke with organizations supporting the inclusion of women in cybersecurity, I spoke with CISOs both female and male, and there was universal agreement that solutions exist, but the will to enact them is lacking. We must invest time and energy if we wish to change the status quo.<\/p>\n

A wide consensus exists that the pipeline to bring women into the cybersecurity field isn\u2019t starting soon enough. There remains a noticeable gap in how early students, particularly young women, are exposed to cybersecurity as a viable career path.<\/p>\n

The shunting of women away from IT starts early<\/h2>\n

High schools with STEM programs often prioritize biosciences and engineering, with cybersecurity and computer science taking a backseat. This emphasis on more \u201cpractical\u201d fields inadvertently steers students away from technology-focused careers.<\/p>\n

\u201dTo pave the way for the next generation of cybersecurity professionals, we need to incorporate cybersecurity into the education systems before higher education,\u201d says Emily O\u2019Carroll, field CISO at Guidepoint Security. \u201cIt will be critical to expose young women to cybersecurity opportunities early, get them interested, and demonstrate that they can<\/em> work in this highly technical STEM field.\u201d<\/p>\n

To address this, intentional outreach is crucial, says Jackie Mattingly, a senior director of consulting at Clearwater focused on small and medium hospitals.<\/p>\n

\u201cPrograms that introduce cybersecurity concepts in middle school or even earlier can demystify the field and spark interest before students start narrowing their career focus,\u201d Mattingly says. \u201cPartnerships between schools and industry professionals are also crucial \u2014 we need to be visible role models, showing students what a career in cybersecurity looks like and why it\u2019s exciting.\u201d<\/p>\n

I couldn\u2019t agree more.<\/p>\n

I had the distinct pleasure of discussing the topic with Lynn Dohm, executive director of WiCYS (Women in Cybersecurity)<\/a>. \u00a0She says it\u2019s important to ensure young women are exposed to cybersecurity at an early age. But she stressed that teaching leadership skills to young women should go hand-in-hand with vocational training.<\/p>\n

Companies must offer women the support to succeed<\/h2>\n

Mentorship and sponsorship can play important roles in capturing the interest of young women and focusing them on a career path, O\u2019Carroll says. \u201cIn addition to mentorship and sponsorship, we need to look at how women are supported in the home and with their families to pursue cybersecurity roles and leadership positions.\u201d<\/p>\n

That would require companies to consider offering childcare and family care options and expand hybrid and work-from-home flexibility. \u201cAdditionally, we need to continue to support and explore non-traditional gender roles in the home where women share the home and family responsibilities more with their spouse,\u201d O\u2019Carroll says.<\/p>\n

Another challenge particularly pernicious in cybersecurity is that roles tend to be defined too narrowly, says Donna K. Kidwell, acting CIO at the University of Toronto. \u201cThe easy things to define are the technical skills needed for a job,\u201d she says. \u201cThat turns into \u2018get these competencies and certifications.\u2019\u201d<\/p>\n

That\u2019s great, because the job does require technical skills, but it often turns out that bootcamps or competency development courses aren\u2019t sufficient to convince women they have a place in the profession.<\/p>\n

\u201cTalented people find ways to contribute and end up in other sectors, or worse, may say to themselves \u2018I\u2019m not an IT person,\u2019\u201d Kidwell says. \u201cA focus on the skills of learning, listening, translating, pivoting \u2014 those are found in all sorts of sectors and all sorts of people. We can train them on the tools. [We need to] start earlier but end this nonsense of asking, \u2018What do you want to be when you grow up?\u2019 and instead, \u2018What would you like to contribute to have impact?\u201d<\/p>\n

Family shouldn\u2019t be a barrier to entry<\/h2>\n

There isn\u2019t one of us that didn\u2019t come from a mother. The belief that the biology of life has no place in the workplace is hogwash. Women, should they choose, should have the ability to be mothers without the fear that their career path or opportunities will be withheld.<\/p>\n

Appropriate staffing, considerate schedules, and the like can allow mothers (and fathers) to plan the care for their dependents as best suits their situation. It is not extraordinary to seek a work-life balance, yet it is so often elusive, especially in the cybersecurity realm.<\/p>\n

\u201cWhen a cyberattack occurs, in-house cybersecurity roles are similar to being a first responder,\u201d O\u2019Carrol says. \u201cAs the CISO, we are often expected to drop everything at a moment\u2019s notice to respond. This can be very disruptive to security leaders\u2019 personal lives, especially as women, when we are often the primary caregivers for our families.\u201d<\/p>\n

Just like they do in hospitals, the police force, or firefighting, companies can better support women in cybersecurity roles by properly staffing teams, developing on-call schedules, and trusting their personnel, policies, and procedures in the event of a cyberattack or incident,\u201d O\u2019Carrol says.<\/p>\n

\u201cIn addition to mentorship and sponsorship, we need to look at how women are supported in the home and with their families to pursue cybersecurity roles and leadership positions,\u201d she adds. \u201dCompanies should consider childcare and family care options and expand hybrid and work-from-home flexibility.\u201d<\/p>\n

Get involved to help correct the situation<\/h2>\n

Numerous initiatives are available for women in every career stage and every female CISO should have connectivity to one or more groups or associations<\/a>.<\/p>\n

I\u2019ve already mentioned the Women in Cybersecurity (WiCyS)<\/a> initiative in the United States and its focus on recruiting, retaining, and advancing women in the field through professional development programs, mentorship, and conferences. Similarly, Craig Newmark\u2019s Foundation<\/a> has invested in programs such as Black Girls Hack<\/a>, Girls Who Code<\/a>, and VetsinTech<\/a>, which focus on training and supporting women and underrepresented groups in cybersecurity.<\/p>\n

In Canada, the Women CyberSecurity Society (WCS2)<\/a> offers flexible training options, scholarships, job placement services, and community support to help women enter and excel in cybersecurity.\u00a0 Within the European Union, Women4Cyber<\/a> promotes gender balance in cybersecurity by creating a registry of European women in the field, offering mentorship programs, and organizing conferences.<\/p>\n

Mattingly concluded, with a piece of advice that I think is spot-on for CISOs, CIOs, and all who are currently in the world of cybersecurity: \u201cThe door is open, but we must do more to help young women walk through it confidently. That means starting earlier, providing the right support, and ensuring they see cybersecurity as an equally promising and rewarding career path.\u201d<\/p>\n

I spoke of how important mentoring is for CISO\u2019s in the past for CISO development<\/a>, especially first-time CISOs and O\u2019Carroll emphasized that \u201cas cybersecurity leaders, we need to get more involved in the non-profits supporting these efforts or prioritize serving in a mentor capacity.\u201d<\/p>\n

Help deserving women break the glass ceiling<\/h2>\n

The door is open. The wherewithal exists, yet it remains difficult for some women to move into the executive ranks. A CISO shared with me how when he pushed forward candidates for promotion to the executive ranks, the resistance was remarkable when it was either a woman or a person of color, and there was no attempt to be discreet.<\/p>\n

While this CISO could have gone with the flow, he opted to be salmon-like and push forward despite the insipid countercurrent. He found that to get his high achievers into executive roles he had to make sure that they had every I dotted and every T crossed.<\/p>\n

Meaning, if there was a leadership class available, they took it. Technical certificate? Get it! The candidate for promotion not only had to be good enough, they also had to be fully documented as better than good enough to forestall the bias within his HR, CIO, and senior executive ranks.\u00a0<\/p>\n

The year is 2025. It seems ridiculous we\u2019re still talking about this. Yet it remains the sad reality.<\/p>\n

We must remove the misogyny from the equation, we must ensure all are availed the same opportunity for entrance into the field of cybersecurity and advancement. We must not expect women to be more prepared than their male peers.<\/p>\n

In addition, we must ensure we aren\u2019t creating an environment in which dreams are drowned and opportunity squelched, or as one senior executive said to me: \u201cIt\u2019s not the talent pipeline that\u2019s the problem; it\u2019s the cesspool at the end of the pipeline.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

The participation of women in cybersecurity is vital, a non-negotiable proposition. Forget any current handwringing over diversity and equity; it\u2019s fundamental that the contribution of women to the profession has made cybersecurity better. The proverbial door was kicked open long ago for women, who have made major contributions to the development of information security. But […]<\/p>\n","protected":false},"author":0,"featured_media":1655,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1654","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1654"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1654"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1654\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1655"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1654"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1654"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1654"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}