The cybersecurity skills gap continues to pose challenges for organizations of all sizes and across all industries. And changes to the economy as a result of the COVID-19 pandemic are compounding the skills gap. In fact, the pandemic has made it clearer than ever before that the security skills gap is a severe problem. The rapid shift to remote work that companies around the globe undertook laid that bare.
By Sandra Wheatley, Senior Vice President, Threat Intelligence, Customer Marketing and Influencer Communications, Fortinet
As the model of remote work becomes the norm and infrastructures become more distributed, the need for IT professionals who have timely security skills and knowledge will only grow. More than ever before, organizations need to be creative and look to new solutions to address the cybersecurity skills gap. It has been a major problem for years, and it’s one that everyone talks about but that no one seems to know how to fix.
In parallel, there are still relatively few women in the industry. According to (ISC)2’s Women in Cybersecurity report, men outnumber women three to one. These two problems can be addressed in tandem; the skill shortage can be partially addressed by getting more women involved.
Getting women into cybersecurity
Women are half of the total population but only 24% of current cybersecurity professionals, according to recent surveys. Prior research by (ISC)2 showed women occupied only 11% of cybersecurity roles, so the number is growing, but it’s still not keeping up with the percentages of men in the workforce. Cybersecurity presents a valuable career opportunity for women, and it gives organizations a viable option for filling the skills gap that currently plagues the industry.
Women bring a broader skill diversity to cybersecurity roles. Recruiting and including more women in this space will not only fill some of the gaps, but research shows these actions will simultaneously create higher-performing organizations.
The Women in Cybersecurity report found that women who work in cybersecurity tend to have higher education levels and are in the beginning of their careers. The latter detail matters because the industry needs a continued pipeline of skilled security professionals who can rise up the ranks as others retire.
The report also found that 44% of men in cyber hold a post-graduate degree while 52% of women do. This means women tend to be more educated, which bodes well for a strong cyber future. In addition, 45% of women in cyber are millennials, compared to 33% of men. This is significant because in the previous generation, Gen X, men comprise a larger percentage of the workforce (44%) than women (25%). Clearly, this younger generation of women is moving into cybersecurity.
It starts at the beginning – early-career and students
Building the talent pipeline for cybersecurity means starting earlier, with programs through high schools, colleges, and universities as well as apprenticeships and internships. There needs to be increased focus on promoting these programs to young women. Organizations should work with the public education sector to incorporate training and certification programs at the pre-career level.
Cybersecurity providers play an invaluable role here, as they are on the cutting edge of technology and current threats; they can provide up-to-date training that would be obsolete by the time someone obtained a four-year degree.
Creating a culture of mentorship and continued support
It can’t end at getting women into entry-level cybersecurity roles – there needs to be continued support and mentorship, not to mention equitable compensation. The aforementioned report found that women’s salaries still lag behind men’s. A 2020 report by Exabeam found that U.S. male respondents took home an average annual salary of $91,000, compared to $62,000 for women.
The good news is that the more women we see in cyber positions, the more likely it is that other women will start getting into this field – because cybersecurity will no longer be perceived as male-dominated or for men only. Biden’s selection of Anne Neuberger as deputy national security advisor for cybersecurity on the National Security Council will likely serve as a major inspiration for women of all ages.
At the same time, the onus isn’t only on women to bring other women into the field. Men have to be a part of the solution since they still dominate the cybersecurity workforce. They can help by serving as supportive allies as they recognize the need for a diversity of voices and skillsets within the industry.
Two birds, one stone
There’s nothing quite as satisfying as overcoming two problems with one solution. That’s the case with the cybersecurity skills shortage and the low number of women in cybersecurity. The global shift to remote work has significantly increased the threat landscape at a time when there already aren’t enough skilled professionals to keep networks secure. But by making strategic efforts to educate, mentor and ally with women, the cybersecurity industry moves closer to bridging the skills gap and benefiting from the education and particular skill sets that women bring it.
About the Author
Sandra Wheatley is responsible for Fortinet’s threat intelligence, customer marketing, security academy, and veteran’s training programs. Sandra has served on multiple non-profit boards and is a founding board member of US2020, a White House Initiative to improve STEM learning and increase the pipeline of STEM workers in the U.S. She holds a B.S. degree from Santa Clara University, a diploma in Community Leadership from Boston College, and a diploma in Corporate Responsibility from U.C. Berkeley.
CISO MAG does not endorse any of the claims made by the writer. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same. Views expressed in this article are personal.
CISO MAG’s March issue on Women in Cybersecurity is out. Preview here. Subscribe now!