The number of women in cyber-security roles has more than doubled over the past year, from 11 percent to 24 percent of the workforce according to the latest (ISC)² Cybersecurity Workforce Study: Women in Cybersecurity report, albeit using new methodology.
And women are outpacing men in some categories, with a higher percentage of women achieving leadership roles, but progress aside there are still areas that could use improvement, and a further doubling of numbers would be needed to achieve parity.
Despite being outnumbered three to one, the (ISC)² study found more women are joining the field of cybersecurity and are subsequently gunning for leadership roles.
On average, women in the sector have higher levels of education and more certifications than their male counterparts with 52 percent of women holding post graduate degrees compared to only 44 percent of their male counterparts. This may partly be a reflection of the older male workers entering the sector when fewer people gained degrees as women cyber-security professionals were also found to be younger on average – 45 percent of are millennials compared to 33 for men. However, men make up the majority of Generation X cyber-security pros at 44 percent compared to 25 percent women.
The study also found that higher numbers of women are forging paths to leadership with seven percent of women cyber-security professionals reaching the level of chief technology officer compared to two percent of men, nine percent of women cyber-security professionals are reaching the title of vice president versus five percent of men, and 18 percent of women reaching the title of IT director as opposed to 14 percent of men.
"According to the survey, women working in cyber-security currently account for about one quarter (24 percent) of the overall workforce," researchers said in the report. "This is a significantly higher finding than from 2017, when only 11 percent of study respondents were women. It should be noted that this study used a revised research methodology, which likely accounts for the larger representation of women."
The change could be attributed to researchers counting certified cyber-security professionals in official cyber-security functions as well as IT/ICT professionals who spend at least 25 percent of their time working on cyber-security responsibilities in an effort to better define the cyber-security workforce.
The study did however, find issues concerning pay as researches found on average women reported earning less than men although some of this could be explained by age and tenure.
"If women cyber-security professionals as a group are younger than men, fewer have worked in the field as long as most male counterparts, so that may be a cause for some discrepancy," the report said. "But this doesn’t erase the reality revealed in previous research that women in cybersecurity managerial positions earn about US$ 5,000 less than men, indicating there is still an issue that needs to be addressed."
However, at a SASIG event in London late last year, one recruitment company reported salaries for male CISOs at major international banks averaging £390k per year compared to £460k for women.
A separate study conducted by Cybersecurity Ventures and other firms predicted what ISC(2) says has already been achieved, that women will represent more than a fifth of the global cybersecurity workforce by the end of the year, according to a March 29 press release.
The new data also predicted the number of women CISOs at Fortune 500 companies will rise to 20 percent in 2019, compared with 13 percent in 2017, figures that are consistent with new research from Boardroom Insiders which states that 20 percent of Fortune 500 global chief information officers (CIOs) are now women.
"Given that increasing the number of women in cyber-security is a goal that many companies hold, we should all be pleased that we have started making progress," BeecherMadden chief operations officer and founder Karla Reffold said in the release. "18 percent still doesn’t go far enough, and while 50 percent may seem far away, there are some companies at this level already."
An earlier version of his article was originally published on SC Media US.