For quite some time, the number of women in the cybersecurity industry has hovered around 11 percent of the overall workforce. However, recent statistics show a modest uptick with the number now estimated to be about 24 percent − a bit of heartening progress.
Some other interesting trends are emerging, which we explore further in our annual “Women in IT Security” coverage. For instance, (ISC)2’s Cybersecurity Workforce Study found more women generally taking up leadership roles than men − among them, CTO, VP, director and C-level positions in IT and IT security. Other researchers are finding that the ranks of women filling CISO roles in large enterprises will continue to grow.
We’ve also seen organizations of all stripes giving some heavy attention to ensuring that the concept of diversity is palpably applied across their enterprises. Not only are they looking to ensure their employee makeup is composed of pros with appropriate experience and know-how, but they’re making strides to ensure the ranks see a variety of nationalities and sexes. Of these, some are taking concerted efforts to close gender pay gaps and releasing annual or bi-annual reports to employees to showcase what they’re doing.
Beyond this, STEM events for young girls and women are on the rise. IT/IT security and other technology- and science-based programs across high schools and colleges actively are recruiting women and minorities. Many industry conferences have implemented diversity and inclusion programs.
For all the steps forward, however, the trek ahead still is fraught with challenges. Just in the last several months, we saw in a 500-member-strong Facebook group some high-level, mostly male cybersecurity pros disparaging women, trans people and others often underrepresented in the field. And last year, some 4Chan users campaigned to hack the results of a nationwide high school NASA science competition, specifically targeting the only all-female, all-black team. NASA opted to shutter public voting.
Despite the lingering impediments, I can’t help but believe that the evolution of this and other industries will continue to become evermore inclusive − maybe so much so that such a term as “inclusive” won’t need to be uttered.
Is my adherence to the so-called Pollyanna Principle in overdrive? Sure, maybe. But in a vibrant, ever-adaptable and still maturing infosec industry comprised of an army of valuable, intelligent and diverse people I’m going to stick with Pollyanna for awhile. The stories of the fictional orphan and her “Glad Game,” though old-school, reveal a lot of wisdom. Even now, given all of her trials and the perseverance she mined to overcome them, it seems Pollyanna was a pretty badass chick. Who knows? With additional education and some dedicated training, in a setting befitting our world today, she too could become an accomplished CISO.
Illena Armstrong is VP, editorial of