Like many CISOs over the past year, I’ve seen the widespread and sudden transition to remote working complicate processes and introduce weak spots, making organizations vulnerable in brand new ways. As a result, there has been a marked increase in cyber attacks on cloud infrastructure as well as a rise in phishing attempts.
At the same time, the pandemic has wreaked havoc on the gender employment gap. In the United States, women ended 2020 with 5.4 million fewer jobs, compared to February of the same year. Globally, McKinsey estimates that female job losses because of COVID-19 are about 1.8 times higher than male job loss rates. The pandemic has disproportionally affected women and a record number of women are considering leaving the workforce, citing burnout and “double duty” as they are forced to choose between work or child and elder care.
The void of female talent in the industry has become dire and we need all hands on deck to protect against increasingly effective cyberattacks. Many thousands of qualified and talented women will re-enter the workforce in the coming months, posing a great opportunity for enterprises and cybersecurity firms alike to start plugging the talent gap.
Coding not necessary
First, let me bust a popular myth: A cybersecurity professional must be a technical wunderkind, a hoodie-clad prodigy who can crack a password in six seconds with time to spare for an energy drink. Far from it.
While highly technical roles are important to any program, they usually make up less than one-third of a healthy cybersecurity organization. Just look at my own career trajectory. True, I come from a technical background, but I started as software engineer, not a security researcher. I have a breadth of expertise in divergent areas, such as product strategy, security evangelism, business development, and engineering management – and use these skills every day in my role at HP.
Approximately 3.5 million cybersecurity jobs globally are likely to go unfilled in 2021, so there’s much more room under the “big tent” of this industry than people think. To shrink the security talent gap, we need to open the tent up wide enough to include all types of workers. This includes people moving from other industries, historically underserved populations, workers without traditional degrees, those who were forced out of their jobs by the seismic economic shifts brought about by the pandemic – and especially women re-entering the workforce.
New skills needed
The security business has changed. CISOs and their organizations are increasingly called upon to serve as business partners across the enterprise. Today, they have to deal with more educated and discerning customers: Business partners who want to feel confident that B2B connections are safe on both sides, an increasingly complex global regulatory landscape, and an ever-more interconnected supply chain, bringing inherent risk to every organization.
CISOs must have a broad range of talent on hand, including people with expertise in risk management, business analysis, sales and even marketing and communications.
Similarly, we need a variety of experience levels. Just because an individual may not have in-depth cybersecurity-specific knowledge, other capabilities may prove more important. Some people may have knowledge of a given enterprise environment, experience in a complementary field, or creativity in strategic vision and long-term planning.
By looking for these transferrable skills in underserved groups, organizations can tap into a huge pool of diverse talent that will plug the skills gap and give new opportunities to those who need support.
Supporting women starts by hiring more of us. This means organizations must get set up and support initiatives that bust the myth of cybersecurity being a highly technical and masculine profession, and actively hiring diverse talent. From here, organizations should focus on creating an inclusive and equitable workplace designed to foster and retain best-in-class talent.
At HP, we run [email protected], a women’s sponsorship program that aims to advance the careers of women. We also support wider diversity efforts with Historically Black Colleges and Universities (HBCUs), organizations such as Black Girls CODE and Boys and Girls Clubs of America, as well as minority-owned suppliers.
However, even with these nascent programs, I consider HP an outlier. A little less than half of companies participating in the ISACA 2020 Cybersecurity Study said they have diversity and retention programs in place to recruit women and black, indigenous, and people of color (BIPOC) into cybersecurity roles.
Broader perspectives, broader protection
Diversity will make the cybersecurity industry stronger. Security pros are hired to anticipate and combat an extremely broad field of remote attackers, which means that diversity in the field itself has become not just a benefit, but a requirement.
I view creating diversity in our field not only a moral imperative, but a way to expand people’s views on what a cybersecurity professional looks like, helping to attract even more diverse talent.
Cybersecurity has become a pervasive and long-term issue. Let’s leverage the skills of a workforce that reflects the world around us, including women of all ages and backgrounds. We need people with a passion for making the electronic world a safer place – no hoodie required.
Joanna Burkey, chief information security officer, HP Inc.