The cyber-security industry suffers from a lack of gender diversity with an estimated 10 percent of the global information security workforce being women.
A new report from CREST digs into why diversity is a growing issue of importance, what holds women back from entering the industry, how to make a difference, who to target and how to get the message out. Information was gathered from its 2016 Diversity Workshop from various attendees in the industry, government and academia.
Roughly a quarter (26 percent) of IT professionals worldwide are women and nine percent of engineering professionals in the UK are women.
In the UK, only 18 percent of undergraduate degrees for computer science are awarded to women as a result of low female applicants despite female computer science students being more successful than male students.
The study suggests that perhaps the lack of applicants to IT professions for women can be attributed to how women perceive the cyber-security industry as being a ‘man's world', however this is far from the reality. Most attendees that contributed to the research pointed out that despite the perception of the industry being sexist or inhospitable to women, they never experienced any such issues.
Given the giant skills gap in the industry, it makes sense to double the pool of people that the industry recruits from. One attendee said, “We need more people, so we need more women”. Others pointed out a diverse workforce is more productive and that research shows increased profitability in companies with more women, especially at senior level.
It was also discussed that women bring a different mind-set and set of skills to the workplace that include attention to detail, analytical ability, and problem solving.
Several attendees expressed concern that the industry is too quick to publicise the misconception that one must be a ‘techie' to work in the industry and suggested that the sector puts “technical skills on a pedestal, overlooking the fact that other skills are equally as important”. One of the most concerning comments was that “the cyber-security environment is not poisonous to women, it just looks like that sometimes”.
To make a difference in the sector, collective ideas included:
- Educate: Influence children early in their education to encourage them into the cyber-security industry
- Raise awareness: Portray the sector in an accurate, positive way
- Change industry perception: Ensure the industry is gender-neutral and attracts to both sexes
- Offer support: Support and retain the women currently in the profession through mentoring and improved networking opportunities
- Inspire: Promote female role models and ambassadors to encourage more women to consider entering the industry
- Remove barriers for entry: Support women financially by making loans available or create conversion courses
To increase gender diversity, some target groups that were suggested to reach out to included primary schools, secondary schools, apprentices, general university students, specialist university students, conversions from other academic disciplines, conversions from other industries, career changers/returners, and retention of existing cyber-security professionals.
To get the message out there, one attendee suggested that the media must play a significant role - tv and radio campaigns, print advertising, social media campaigns, and online adverts were all ideas discussed to reach the masses. Others suggested direct marketing and more intimate networking events and infiltrating the message through education.
“Increasing the number of women in cyber-security is not simply for diversity's sake, but for the sake of the industry. One of our attendees put it best, suggesting that by consistently taking people from the same backgrounds, we'll keep coming up with the same approaches and solutions. The first step is to work out why women are not entering the industry. Although most of our workshop attendees agreed that cyber-security is welcoming to women, the perception from outside the industry is much the opposite. It is clear that this is one of the major challenges we face,” said Ian Glover, president of CREST.
He continued, “The workshop was a resounding success and addressed many of the issues preventing gender diversity in cyber-security. These discussions are useless if we do not act and the findings will be used for all future projects.”