Hiring practices
Hiring practices

Women are underrepresented in cybersecurity. But, despite bias and other disadvantages, advances are being made, reports Greg Masters.

It's hardly news that jobs are – and will continue to be – available in the cybersecurity marketplace.

More than half of the executives recently surveyed by ISACA, an association for IT and information systems professionals, noted that their companies are facing a shortfall in capable tech workers. But, the challenge is only compounded by the fact that only one in four technology positions is filled by women – despite the fact that nearly 87 percent of those queried for the study, "The Future Tech Workforce: Breaking Gender Barriers," responded that they were concerned or very concerned about the lack of women in the tech workforce.

Although women make up half the overall global workforce, within the tech sector males rule the roost – particularly at the executive level. "Only 21 percent of executives in tech are women – this despite evidence that more women lead to greater innovation and enhanced profitability," the ISACA study stated. Worse news: that number is declining.

A number of reasons are profferred for the scarcity of females in the tech workforce and the dim outlook for improvement. Females face a number of obstacles participating in the tech sector, not least of which is a bias that begins in grade school with a lack of encouragement for girls to embrace STEM fields. The percentage of women receiving computer science degrees has fallen by half in the last 30 years – from 37 percent in 1984 to 18 percent last year, according to Girls Who Code. And this drop comes at a time when more computer scientists are needed than ever before

And, once in the workforce, there's a lack of mentoring and role models. In fact, nearly half the women surveyed by ISACA responded that they experienced a lack of female mentors (48 percent), a lack of female role models (42 percent) and limited networking opportunities (27 percent).

And the pay that tech women receive, compared with male counterparts, stinks too. While females in the tech sector do earn more than women in other sectors, female tech workers earn 18 to 22 percent less than their male counterparts, according to a study from Payscale, an online compensation information company.

Bias against women can be insidious, the ISACA report explained. "It can take subtle forms – from being overlooked in meetings, to having ideas dismissed only to be usurped by male colleagues later, to inexplicably being passed over for promotions."


Domini Clark, principal, executive & technical recruitment, Blackmere Consulting
Maxine Holt, principal analyst, Information Security Forum (ISF)
Rinki Sethi, senior director, information security, Palo Alto Networks

The meager numbers of women in the tech sector disincentivizes other women from entering the field, the ISACA study found. At the same time, women who are in tech positions often feel disempowered to engage with female role models, find mentors or participate in networking.

But, there are solutions to turn the tide. Companies can pump up their efforts in encouraging more women to apply for tech jobs, as well as do more outreach in providing appropriate training, networking and mentoring for their female workers, ISACA suggested. As well, compensation packages that are fairer and incentives to evolve in the position must be offered, the study concluded.

Challenges women face

The problem begins with the fact that hiring managers often – but not always – hire people like themselves and/or like the previous job holder, says Maxine Holt, principal analyst at the Information Security Forum (ISF). "Cognitive biases mean that we gravitate toward people who are like us," she says. "Given that there is such a high proportion of men in information security – 89 percent according to the latest (ISC)2 survey – and that men are four times more likely to occupy senior positions than women in cybersecurity, the likelihood is that more men will be hired."

The (ISC)2 survey also pointed out a projected global cybersecurity workforce shortage of 1.8 million people by 2022 – surely the projected shortage could be addressed at least in part if the sector encouraged more women to join, she adds.