Women didn't increase their numbers in security over the past two years, according to a report released by (ISC)², which found that women in the security workforce held steady at 10 percent.
But the Women in Security: Wisely Positioned for the Future of InfoSec report, released at the (ISC)² Security Congress 2015 in Anaheim, California, noted that if the industry takes decisive action to close the gap, women will be well-positioned to meet the swell of demand that's going to create a predicted 1.5 million deficit of security pros.
Although their numbers remained steady overall, women did make gains. They're catching up to men, focusing academically on computer science and engineering. And women on the whole hold a higher concentration of advanced degrees with 58 percent of women having advanced degrees as opposed to 47 percent of the men. That is especially true in governance, risk and compliance, which has grown in importance to information assurance and cyber-security, researchers found. One in five women hold positions that are primarily GRC while only one in eight men claimed the same.
That may be because women took opportunities that arose as the nature of security changed and its definition expanded. The report quoted Renee Hodder, information risk management consultant at Nationwide Mutual Insurance, as saying “At a previous company I got my feet wet with PCI because nobody was interested in leading that function.”
She noted that “people had to get dragged into it.” But companies need to move beyond doing it because they had to meet compliance requirements to a mindset that it “was the right thing to do,” Hodder said. “Leading that mindset shift was both a challenge and a career opportunity.”
Likewise Julie Talbot-Hubbard, associate vice president for IT engineering, infrastructure & operations at Nationwide, said that she “assumed a GCR/continuity planning role at a prior employer due to the need and lack of interest.”
That's a familiar refrain. Women often take on work that no one else is interested in, only to parlay it into an information security career. “I saw an opportunity that no one else saw or wanted: document the systems and processes we were developing,” Alice Fakir, executive director at Morgan Stanley, told researchers. “Taking on that role led to additional work in project management, which led to being the lead client manager, which led to a successful career in InfoSec consulting.”
The (ISC)² report done in partnership with Booz Allen Hamilton and conducted by Frost & Sullivan and which surveyed nearly 14,000 global professionals, found that despite women being well-suited for GRC and holding more of those positions, a salary gap still yawns. The average annual salary of women in GRC was 4.7 percent less than their male counterparts. But the study noted that men value monetary compensation a bit more than women, who typically seek flexible schedules and other incentives.
Executive leadership varied from region to region, the survey revealed with Eastern Europe at 35 percent presenting the most women in senior leadership and the developed APAC (Asian Pacific) region ranking the lowest at 13 percent. Women account for 21 percent and 26 percent of senior management 21 percent and 26 percent in North America and the European Union, respectively.
Women proved to be more progressive when it came to training methods, which prompted researchers to conclude that “offering increased accessibility and wider diversity of information security training opportunities may prove to be increasingly valuable in retention and in elevating professionals' readiness to succeed in new roles.”