Why Cybersecurity needs more women

Sam Moody

The need for more diversity is not limited to women, we are an industry with a global skill shortage and we require diversity of all forms. With a diverse workforce we get a diverse viewpoint – we can consider things from various points of views and provide solutions to problems that consider a variety of factors.

The industry is aware of the skill shortage and disparity in gender and I’ve seen some really effective approaches to attracting more women to cyber security. The same goes for public institutions who have launched programmes to help increase girls and women’s interest in STEM-related fields – even when they’re in their primary and secondary schooling.

What I am hoping to do in this article is lay out some of the core reasons why more women in cybersecurity is a necessity, talk a bit about how I personally got involved in the industry and share my thoughts on how we can work together to increase diversity and equal representation in the cybersecurity space. I hope it can be the starting point for a conversation about the future of cybersecurity and would love to hear your thoughts and ideas on the subject.

The Many Reasons

The argument for greater gender equality in the cybersecurity industry is not a case of men versus women.

Diversity has a proven positive influence on solutions, company growth and group dynamics. The more different kinds of experience and expertise you can add to your business, the better the results tend to become.

Our adversaries are people who have a variety of skills and backgrounds and so our industry must also be made up of people with a variety of skills and backgrounds. Otherwise, we are limited in how well we can plan for and respond to cyber threats.

For example, statistics indicate that women are more at risk of online identity theft than men. Understanding the victim experience is crucial for cybercrime investigation and creating proactive security measures.

Then there is the fact that the industry is facing a stark shortage of employees. Although it can be difficult to fill positions now, analysis from Cybersecurity Ventures predicts it will become harder in the near future. By 2021, there will be almost 3.5 million open cybersecurity jobs worldwide.

So, getting more women to pursue a career in an industry that could be worth more than $170 billion by 2020 is crucially important.

The most important reason is that this is an exciting field – I believe more people in general would consider pursuing a role in the field if they had greater awareness of the opportunity available, as well as the wide variety of work they can do in their cyber career.

The role a cyber security professional has been redefined – and we need to redefine how we share this.

My Journey

Cybersecurity has an image of being an industry that is reserved for people with extremely good programming or technical skills. In other words, you almost have to be an engineer or penetration tester to get any sort of good position.  Don’t get me wrong – there are people in the industry who will treat you like this, and sometimes getting others to accept and acknowledge what you have to offer isn’t easy, especially if you do make up the minority of the workforce. It isn’t impossible though – and for many of us it’s been a rewarding career where the positives far outweigh the negatives.

I would like to believe that I’m an example of someone who completely violates the idea of what a traditional cyber security professional is meant to be. I created my own job and my own career path. I saw that the cyber security industry presented an opportunity for me to execute on my ideas and I had the drive and commitment to make it happen. Before that, I was working in a senior position for a large software company when I was returning from a business trip.  I purchased a true crime book to read on my flight home and it is ultimately what lead me into the industry. I was twenty one at the time I and was meant to feel proud of the career that I’d already worked myself into. To have already obtained the jobs I’d had by that point, and to do so in a male dominated field was no small achievement.

I knew that what I was doing at the time didn’t set my soul on fire though. I simply wasn’t interested in what I was doing, because I didn’t feel that I was helping. I wasn’t passionate about helping accountants revolutionise their business through the software I specialised in, and not having that intrinsic motivator limited me.

It wasn’t until I opened this true crime book on my flight home - only to realise that it was a cyber-crime book, that I discovered what I was really interested in, and that was information security.

This accidental purchase of a book changed my life, and I used what I learnt from the experience to change my situation. In the months that followed, I was employed with a cyber start up and the rest is history. My learning began that day and it’s never stopped or slowed down.

I’m passionate about creating solutions to problems – especially ways that have never been attempted before, and the cyber security industry has a strong need for that.

If you’re entrepreneurial, curious, or even just passionate about making a difference to the way we deal with complex issues – the security industry is a place where you can achieve your goals or at least nurture these qualities.

How we get there

To keep on improving diversity in the cybersecurity industry, I think we need to put one idea in particular to rest: that an organisation can fix diversity issues simply by hiring more women. A strategy which kind of puts the onus back on women. Companies should first be assessing whether they can provide a work environment that has something to offer a minority group, along with whether they can appeal to and retain female staff members in their given industry. If the answer is no, the first step should be to ensure that such a culture is developed.

In addition to this, hiring women and expecting them to fix a cultural or leadership issue isn’t going to work. At best, you risk employing them into a team who may not accept them due to their belief that they’ve only been hired to fill a quota -  and you’re also putting an unrealistic expectation on them to fix an issue by merely being there.

The general view of cybersecurity might be that it is a male-dominated industry where you need extensive programming experience to make your mark is just not true – and there are plenty of men and women in our field who are living proof of this. It is a diverse field where companies are hiring broadly. As an industry, we can perhaps be better at showing that – which I believe we have made some steady improvements on in recent years.

Women in the industry also have a pivotal role. We are, in some ways, the role models that are going to be part of marketing and selling these roles to other women. We need to help companies and interested organisations with showing why we chose to work in the industry.