The problem is the self-perpetuating one of being under-represented in the industry, and thus in the media that reflect and report upon the sector. Reasons as to why women are so under-represented are many and varied, but the most cited is the perception—both on the part of the industry, and by young women looking at future career options—that information technologists, especially, information security professionals, are informally designated ‘male' occupations.
As our feature (Women in IT security) in this month's print issue makes clear, this was not always the case, and has no logical basis – it's primarily a cultural bias that has been allowed to build up. Given the skills shortages in the sector, it's a bias that is in the industry's interests to overturn.
More recently companies, industry bodies, and government have encouraged women into IT security while promoting the need for a wider range of skills from a broader range of candidates. Women are taking their own initiatives too, such as the Women's Security Society, aware that the primary driver to a more balanced industry needs to be women themselves.
While the worst excesses of discrimination are now thankfully rare, ingrained beliefs about what women can and should do are proving slower to overturn. In this issue SC describes the potential opportunities and paths that can be taken, talking to women in the industry about their experience.
Elsewhere this month we ask whether it could it be that an organisation's data is secure and more likely to meet security compliance requirements when held by a cloud provider?
And talking of compliance, are we ready for the new EU Data Protection Regulation coming our way, under which penalties of up to five percent of global turnover can be levied for failure to comply? Pre-enactment, its impact has already begun.