Women don’t have an equal share of cyber-security jobs - variously put at some 11 percent globally according to the UK government, or at best 24 percent using the wider ISC2 definition which goes beyond tech roles.
On top of justice and equality of opportunity, it has been estimated* that closing the gender gap in cyber-security could boost the UK economy by £12.6 billion - so why is it not happening?
The reasons most often cited include - fewer girls do STEM, those who do don’t pursue it to university, those who do don’t opt for tech jobs, and particularly not cyber, partly because of perceptions and reality of it being male dominated, and those who do are more likely to leave than men for the same reason, along with societal issues related to women baring the major burden of childcare, both of which also mitigate against women securing leadership roles.
Yet girls now make up just over half of A level entries for the three core science subjects, according to a recent statement by the Education Secretary Gavin Williamson who added: “Making sure that the next generation has the scientific skills to meet the world’s needs – from developing green technologies to curing illnesses – couldn’t be more important. That’s why we continue to invest in science programmes in our schools and ensure that anyone, regardless of their background, can participate.”
The situation is less bright at University, but here too there are some hopeful signs, with recent research figures from Theknowledgeacademy.com showing a 3.1 percent increase in women enrolling in science subjects from 2017/2018 to 2018/19. More promising is that the degree which sees the highest percentage increase in female students is computer sciences at 11.6 percent . But in absolute numbers they are up from 18,880 to 21,080 last year with 13,085 more male students than female. And that’s still way behind the 229,895 women who chose to study subjects allied to medicine, with total science subjects enrollments by women for 2018/19 at 578,430.
Tableand research figures above from Theknowledgeacademy.com
While women remain under-represented in science, it's clearly not an ability issue as a Guardian report notes there are 66,840 more women than men on degree courses in the UK and as there are more men than women in the population there should be about five percent more male students than female in each subject. Women are the largest under-represented group, a far larger number than some other underepresented groups including ethnic minorities, but their exclusion is the more surprising given their academic success, with Mary Curnock Cook, the Ucas chief executive quoted saying: “Girls are doing better throughout primary, secondary and higher education than boys; poor, white boys are the most disadvantaged group in entry to higher education and the gap is getting bigger."
Since academic prowess of girls is not an issue, why is it not being deployed in computer science, especially in the higher levels of academia, and when it is, why are those outcomes not reflected in the world of employment?
Eurostat figures show that women make up 41 percent of people in science and tech in the EU; the UK is just below that average with 40.7 percent women in the industry.
According to a new report from The Centre for Economics and Business Research (CEBR) and Tessian, to be published on the 11th March, core findings include just 37 percent of UK respondents saying that their organisation is doing enough to recruit women into security roles. In addition 82 percent of female cyber-security professionals in the US, and 49 percent of those in the UK believe that cyber-security has a gender bias problem.
But there is also the issue of perceptions and attractiveness of the industry to women with the same report finding that 47 percent of UK respondents think a cyber-security skills gap exists because the industry isn’t considered ‘cool’ or ‘exciting’. This opinion was most commonly shared by millennials - 49 percent versus 33 percent of 45-54 year olds.
Many of the roles in cyber-security and skills required today are not tech focused, and Amanda Finch, CEO of The Chartered Institute of Information Security (CIISec), comments: "It’s an unfortunate truth that the security industry is often described as “pale, male and stale”. According to CIISec’s 2019 annual survey 89 percent of workers in the industry were male, and 89 percent were over 35 – meaning the profession is still very much in the hands of older men.
"Organisations’ insistence on only hiring from a narrow range of technical backgrounds has driven this. Too often there is the expectation that security is a technical subject: meaning only people with an aptitude for tech, or the right technical qualifications, should be considered. Yet many more individuals will have the skills needed to thrive in the industry, from attention to detail and identifying unusual patterns of behaviour, to the “soft” skills needed to drive security awareness in others.
"There is often talk of a perceived skills shortage but my belief is that the true issue isn’t a shortage of the skills we need. It’s an inability to identify those skills in people and find them the right roles where they can thrive. By quantifying and recording these skills, businesses can broaden their horizons and look for the best people whatever their backgrounds or indeed gender."
Another survey, by the SANS Institute, found that over a third of women said gender was the biggest challenge faced to upward mobility in their career path. Some 41 percent of respondents credited being in the right place at the right time for their rise into a senior or leadership position, and 25 percent of women in cyber-security say they have never been mentored.
Heather Mahalik, SANS analyst and author of the survey, which targeted women working in cyber-security in a senior or leadership position, says: “Women can have a tremendous amount of impact in their organisations regardless of their title. Your title and time in the field do not define what you know and the impact you can provide to this community. They do not define your impact or even narrow in on your capabilities—your actions do!”
This is borne out by the 41 percent of respondents who credited being in the right place at the right time for their rise into senior or leadership positions. Which Mahalik says means they had to make themselves visible to decision makers. Others credited having varied experiences (38 percent) or pursuing certifications (34 percent) with their rise into a senior or leadership positions, both of which are within the control of the individual.
Mentorships are often part of the process of growing into leadership positions and continuing to grow once taking on such a role. However, only seven percent of women in cyber-security have been mentored by another woman, with 37 percent mentored by both men and women and 31 percent by men alone, which leaves 25 percent who have never benefited from being mentored at all.
“The future of cyber-security is the responsibility of everyone,” continues Mahalik. “We need to reach out and become a mentor.”
Just a quarter of respondents were not participating in a mentorship relationship. The vast majority (57 percent) report mentoring both men and women, a positive sign for growing the leadership role of women in cyber-security.
(Full results of the SANS survey are out Tuesday, March 17 webcast at 1 PM US Eastern time, sponsored by LogRhythm, ThreatConnect, and Threat Quotient, via registration)
Then comes societal pressures. Commenting on the current state of affairs, Christine Brewis, head of digital marketing, Studio Graphene observed: “International Women’s Day rolls around every year, and although it serves to highlight the inequalities that women continue to face, I believe there needs to be more day to day consciousness to inspire real progress. The call for accelerating gender parity should ring loudly regardless of what day it is.
“Countless people have written on how achieving gender equality is more complex than it might first appear. The private and public sectors have been focused on celebrating women in senior level positions and promoting role models, while also looking at issues such as equal pay. Undoubtedly these are all positive initiatives and I don't want to take away from that, but we should not forget that women are also impacted by far more subtle and pervasive forms of inequality.
“In businesses, for instance, the emotional labour that women are - arguably subconsciously - expected to carry in the workplace often greatly exceeds that of their male counterparts. Women are still looked to as the primary nurturing figures, and with that comes the expectation that female team members are readier shoulders to cry on, and more 'suited' to addressing personal and emotional concerns of employees. We can also find ourselves responsible for arranging the personal personnel activities in the office such as birthday and leaving presents - why is this? Is it lazy sexism in action; "well, you'll just be able to pick a better present than I could"?.
“It is awareness and questioning of these subtle behavioural nuances that I believe needs greater championing. Time and time again studies have proven that when the gender equality gap is narrower, everyone benefits. Whilst great steps have been made, and will continue to be made around broader issues, addressing the minutiae of the everyday should have a firm seat at the table. Why I am being asked or expected to do this, and not a male colleague? Would I have had that reaction if I were male? These are magical, perception-altering questions, and we should be asking them.”
How do women overcome these barriers and succeed in cyber-security? Ekaterina Khrustaleva, COO of web security company ImmuniWeb suggests: "It's really important to be sufficiently motivated and relentlessly driven to learn, work hard and deliver. Those who don’t dare implement their novel ideas or enterprising plans, usually don’t succeed. It is likewise crucial not to be afraid to make a mistake, all of the greatest entrepreneurs and global leaders made some mistakes on their way to success. Today, the cyber-security industry is incrementally open and women-friendly, and the main barrier and obstacle I frequently observe is lack of self-confidence.”
When it comes to specific advice for female entrepreneurs to succeed in the tech sector Khrustaleva advises: "Continuous education is essential to remain competitive, and is required to deliver something valuable to your colleagues, clients and partners. Thus I try to spend at least four hours a week reading cyber-security books and professional magazines, in addition to various online classes and courses. Reasonable persistence in what you do will certainly help, many female leaders give up on their first attempt, and eventually miss amazing opportunities. Try harder, keep your spirit open and positive, make new connections and share your success with others – these simple steps will enable your bright future in cybersecurity."
Private sector initiatives include the launch of the Women In Cyber Academy, commencing April 2020 in Central Bristol, a collaboration between TechTalent Academy’s ‘Women In Cyber Academy’ and Immersive Labs.
Janice Rae, Founder of TechTalent Academy said: “The sector as a whole is struggling to fill the number of open roles whilst trying to become an employer of diverse talent. We believe passionately in the power of diversity to improve organisations and individual lives. So we’re creating a new talent pipeline that helps businesses build diverse tech teams - and individuals with diverse backgrounds build rewarding careers in Cyber Security”.
Women In Cyber Academy is inviting applications for the April intake of its full time and part time Academy to prepares talent for their first role within Cyber, and says it is targetting motivated women and non-binary folks wanting to embark on a career in Cyber, to develop relevant tech skills as well as fast track their career.
Then on a governmental and regional level, on 5 March the Prime Minister reiterated that the Government has made it obligatory for companies to show discrepancies in pay so there is absolute transparency and said there should be equal pay for equal work irrespective of gender. It was also noted that a third of all board positions in the UK’s FTSE 100 companies are now held by women, a key target of the government-backed Hampton-Alexander Review, which has been met almost one year early.
And the EU Gender Equality Strategy 2020-2025, Renew Europe has welcomed the Commission’s commitment to deliver a gender-equal Europe by: “... proposing binding pay transparency measures to help close the gender pay gap, pledging to unblock the women on boards directive, as well as the inclusion of gender mainstreaming and intersectionality as cross-cutting principles in external and internal EU policy, including taking the gender dimension into account when it comes to new challenges such as digitalisation.”
For the future, female entrepreneurs could contribute £250 billion to the UK economy if they started and scaled their businesses at the same rate as men according to recent government estimates.
To aid the process, the UK’s first dedicated female Science Minister, Amanda Solloway, has announced almost £3 million and a package of business support to help inventions by women and young people, and while it cites clean energy solutions and healthcare services, its clear there are entrepreurial opportunities for women in cyber-security.
The issues are known, they are slowly being addressed, but to increase the glacial pace of change, everyone needs to get on board with addressing the lack of diversity and areas of under-representation in the industry and their own organisation. It starts with women, but doesn't end there - except for today - International Women's day.