While the cybersecurity industry faces significant challenges filling in a workforce gap that is estimated to be over 3.4 million people, a recent study sheds light on many of the hurdles that impede women from being retained and promoted in the field.
According to the "State of Inclusion of Women in Cybersecurity" report by the nonprofit organization Women in Cybersecurity (WiCyS), female workers in the cyber industry face a significantly higher level of exclusion than other sectors, despite the representation of women slowly increasing to 24%.
The study surveyed over 300 women who attended a series of cyber workshops in February and collected over 420 anonymously shared workplace experiences. It found lack of opportunities for career growth and respect in the workplace are two major factors that contribute to the existing gender gap in the industry, with over half of the participants reporting these two issues.
As to why these experiences happen, 68% of participants cited leadership being a source of exclusion, 61% cited managers, and 52% cited peers. On the contrary, only 12% of participants cited workplace policy as the cause of their exclusion.
"What is so poignant about this report is that it reflects the most common source of women's feeling of exclusion came from people, not company policies," Lynn Dohm, executive director of WiCyS, told SC Media. "This highlights the fact that we still have a long way to go when it comes to accepting women in the cybersecurity industry."
Like most employees, respect is a critical factor for many women, one that helps determine whether they feel welcome or valued in their workplace or a given field. The WiCyS survey suggests one of the primary reasons women don’t stay or advance through the cybersecurity field is the widespread feeling that they’re not given the respect their backgrounds and accomplishments deserve.
One of the participants interviewed for the study said she experienced disrespectful behavior from her male colleagues, including instances where they played pornographic movies as she arrived at meetings. Another participant said she had a client who did not trust her to navigate technology issues asked to speak to a “guy who works in IT.”
Jessie Auguste, a software engineer at CybSafe and co-founder of Glowing in Tech, a podcast channel that amplifies the voices of black women in tech, echoed the discriminatory experiences featured in the study.
"I was going to do a talk on the unsecured development process at a security panel, and I experienced this awkward and patronizing moment where a male counterpart assumed I didn’t know anything about cybersecurity and tried to explain the topic to me," Auguste told SC Media.
"This, in isolation, seems like a really small incident but can chip away at your confidence over time."
Regarding the career growth challenges highlighted in the report, Renuka Nadkarni, chief product officer at Aryaka, told SC Media that she would avoid framing the conversation as if one's gender is the reason for not getting promoted.
However, she acknowledged that familiar biases could deter women from advancing their careers, considering female leaders are underrepresented in the cyber and tech industry.
"Familiar bias refers to the tendency of people to favor others who are familiar with them in some way, which can contribute to exclusion in the workplace. For example, managers may choose to promote individuals they socialize with or share their interests, which can inadvertently exclude women who may not have the same opportunities to connect with decision-makers," Nadkarni explained.
To promote a more inclusive workplace, Nadkarni said training for unconscious bias within organizations is essential as it helps employees and leaders recognize their biases and develop strategies to mitigate them.
"[The training is] not just about women or minority groups. They are about how you act as a human being and grow as a leader," she said.
Additionally, establishing early career programs can help more girls enter the industry and ultimately promote women's leadership, said Connie Stack, chief executive officer at security firm Next DLP, which collaborates with a nonprofit organization in London to help young girls learn more about cybersecurity careers.
"It is important for organizations to create an environment where women can be comfortable being confident and heard," Stack said.
"On a positive note, we are seeing this trend accelerated, especially over the last five years, as more cybersecurity companies have recognized the importance of diversity and started putting relevant programs in place."
At the same time, Stack encouraged female workers not to be daunted or intimated in putting ideas on the table or expressing their desire for career growth.
"While women certainly face more challenges in this industry, I want to let them know that there are also many great opportunities if they find the right company and confidently present their value regularly and consistently,” she said.