Cybersecurity suffers from a critical talent gap. Each day's news reports seem to turn up another survey, another news story or another executive focused on the gender gap and cybersecurity. It's reported that women represent only 10 percent of the information security workforce and the industry will face a shortfall of 1.5 million workers in five years. With such an imbalance in the supply and demand equation, the cybersecurity industry does itself a disservice if companies don't focus on how to recruit more women.
Faced with a dramatic workforce shortage and gender gap, it is critical that organizations invest in training, recruiting and retaining women in information technology as one approach to addressing the staffing shortfall. Of course, that is often times easier said than done.
The field must start with building awareness of what a career in cybersecurity actually looks like, enticing students and current members of the workforce alike to see this field as a viable path. If a prospective employee doesn't know what such a career entails, the task of recruiting them to it can be nearly insurmountable.
"It doesn't take a background in hacking
Let's take my journey to a career in cybersecurity as an example. I don't come from a traditional engineering background, and I did not pursue an education in STEM-related careers. I grew up before cell phones were widely available, when personal computers were just coming on the scene. I went to college to study accounting and business, and worked nearly 10 years before I had my first job with a computer. As I learned more skills, more opportunities opened up. Over the next 15 years, I used my growing knowledge of IT and security research (which can be described as a niche within cybersecurity) to find new, consumable ways to talk about deeply technical topics.
I have an amazing career and work with some of the most incredible people in the industry. It's also a career that I never knew was available to non-engineers. It's the same for a lot of women who don't realize many of the skills they have now – skills seemingly unrelated to cybersecurity – can translate into this field.
It's this lack of knowledge that will only serve to expand the talent gap the industry faces. We must be vocal and clear with today's workforce: It doesn't take a background in hacking or coding to succeed in this industry. There are a wide variety of skills needed, and a career in cybersecurity can be as broad as the imagination allows. Experts in engineering, public policy, law, risk and compliance, privacy, application development, communications, project management, analytics and more – each and every one of these skillsets are needed by companies to improve and enhance their security posture today and in the future.
Recipients of the Scholarship for Women Studying Information Security (SWSIS) award, a program sponsored by Hewlett Packard Enterprise, have come from very diverse backgrounds, including education, politics, the humanities and even the film industry. The security industry needs smart people to bring their passion and talent to do that thing if organizations are going to win the asymmetric war against cybercriminals. Cybersecurity is full of hard problems and organizations need passionate people working to solve them.
Innovation is intrinsically gender-neutral, but in this era of mounting challenges, humanity will need to do a better job of tapping the full potential of all people – for their brainpower, their creativity and their sense of possibility. The talent gap isn't an easy challenge to address, nor is there a singular overnight fix. It will take years of committed effort – perhaps more than we even imagine – to close it. This is a commitment that organizations across the board need to make to thrive in the long term.
Jewel Timpe is senior manager, HPE Security Research at Hewlett Packard Enterprise.