The overlooked cybersecurity talent pool: women
The percentage of women in the cybersecurity field remains ridiculously low. Here’s what needs to change.
This article is part of a special CXO Report on the cybersecurity talent pipeline. Read the entire report.
The global cybersecurity workforce is just 11 percent women. That’s according to a 2017 report from (ISC)², an information security industry group. Additionally, the cybersecurity firm Kaspersky Lab recently found that most women decide against careers in the field before they’re 16 years old. Those are troubling findings that should alarm anyone who cares about the state of cybersecurity in the U.S. and abroad.
Beyond the importance of equity and inclusion that all business leaders should support, if we’re going to secure our connected world, we need the smartest people working on the effort. And that means having gender diversity in the field and working harder to foster girls’ interests in computer science at a young age. How can we ever expect to meet the market’s needs if we aren’t leveraging 50 percent of the population? It’s simply supply and demand.
It’ll take time. But we can begin to increase the number of women in cybersecurity — and the number of girls interested in computer science — when marketers, educators, and the tech industry as a whole stop talking down to girls and women when it comes to all things tech. For starters, everyone should accept that there are simply no biological factors that make women less suited for tech or cybersecurity specifically. Many studies indicate that the gender disparity is driven by cultural norms, not ability.
The industry needs to make some structural changes — and hold the worst offenders accountable. In this #MeToo moment, it’s time for tech companies to reform toxic environments that can make the workplace uncomfortable — and often untenable — for women. There’s one immediate change that can help ease this problem, as sociology professors Frank Dobbin of Harvard University and Alexandra Kalev of Tel Aviv University recently wrote in Harvard Business Review. “We already know how to reduce sexual harassment at work, and the answer is actually pretty simple: Hire and promote more women,” they wrote. “Reducing power differentials can help, not only because women are less likely than men to harass, but also because their presence in management can change workplace culture.”
Tech industry leaders — not just in cybersecurity — can also press for changes at our industry conventions and conferences, making sure women are a prominent part of the conversation. Brenda Darden Wilkerson, president of the tech advocacy group AnitaB.org, pointed out in Recode that none of the keynote speakers at this year’s Consumer Electronics Show were women. “It’s well past time for this venerable show to grow up and start treating female executives and other women technologists with the respect they deserve,” she wrote.
It’s hard to choose a career path where no one up the chain looks like you. That’s why retention and advancement of women are critical for addressing the longer-term gender gap.
It’s also key that girls become more confident with technology. Parents and teachers can encourage that by buying girls video games, showing them all the cool stuff on the computer, and explaining why digital privacy matters. You don’t have to wrap tech in a pink bow to get girls involved. Mattel tried that in 2010 with Computer Engineer Barbie. The toymaker assumed that to make girls interested in anything computer-related, you had to make it much less about tech and more about fashion accessories. Computer Engineer Barbie couldn’t even write code!
If we relegate talking to girls about tech only when it’s wrapped in pink — or somehow dumbing it down compared with the way boys are exposed to technology — they’ll feel that computing is just something that’s not really for them. And that feeling of not belonging is what keeps girls from developing an interest in tech and drives many professional women from the field, too.
Thankfully, there are encouraging efforts underway. Recently, the Girl Scouts announced a cybersecurity badge to help eliminate “traditional barriers to industry access, such as gender and geography” and to help ensure that “even the youngest girls have a foundation primed for future life and career success.” According to the Kaspersky Lab study, the perception of cybersecurity jobs as being only for “the solitary hacker hunched over a computer in a dark room” turns many girls off from the field. The industry can help change that perception, according to the Kaspersky, by “not only introducing more female role models … but also by adjusting the terminology and imagery used.”
At the college level, the number of women studying computer science is on the decline. In part, experts blame the unwelcoming culture. In 1984, women made up 37 percent of CS students. In 2016, they represented less than 20 percent. Some educators are making strides in persuading women to study CS, which is a critical step for getting women into cybersecurity. Maria Klawe, president of Harvey Mudd College in Claremont, California, increased the percentage of women in computer science from 10 percent to 40 percent by creating a friendlier culture within her college’s technical programs.
“When you start to make the argument that computer science is worth studying because of the things you can do with it, you attract not only more women but also a lot of men who wouldn’t have been interested in the usual approaches,” Klawe told Wired magazine.
At Northeastern University, Carla Brodley, dean of the College of Computer and Information Science, aims to increase the number of women studying computer science so that undergraduate and masters programs are 50 percent women by 2021. Currently, 29 percent of the students in CS undergraduate courses are women and 30 percent of the MS students are women. “It’s the fastest growing field in the country, and we shouldn’t have half the population sitting out of it economically,” Brodley told TechRepublic.
So, there are signs of progress. But more needs to happen, and quickly. There are also simple things everyone can do to help. If you have a daughter, don’t automatically opt for the pink computer or gaming system (unless she loves pink), and don’t act like you’ve seen a ghost if you meet a woman who’s a computer scientist. Trust me, we exist.
Nadya T. Bliss is the director of the Global Security Initiative at Arizona State University. She is also a member of the Computing Community Consortium council and serves on its Cybersecurity Task Force. Before joining ASU in 2012, Bliss spent 10 years at MIT Lincoln Laboratory, most recently as the founding group leader of the Computing and Analytics Group.
CXO Magazine is a publication founded at Northeastern University to chart the ideas, events, and people shaping the future of work. Learn more.
