When I started my cybersecurity career in the private sector I found myself navigating through a landscape of meetups, networking events, and conferences. Initially, I failed to comprehend the necessity for dedicated female groups and events, harboring the belief that merit alone would dictate success.
But it didn't take long for me to recognize that I was wrong. Despite the cybersecurity community being widely-regarded as one of the most welcoming in the tech sphere, a significant disparity persisted between offering mentorship and actually hiring women onto security teams, particularly when they were often the inaugural female members, especially in the nascent stages of their careers.
This prompted me to dive into the origins of this challenge, questioning why competent individuals often encounter barriers to employment.
Several factors contribute to the challenges women face in entering the cybersecurity business. Here are three I'd like to shed light on:
- The absence of visible female representation often dissuades women from considering certain positions. When confronted with a conference lineup or team comprised solely of men, it signals a specific mindset within top management. The hesitation to fill the role of the pioneering woman attempting to shift this dynamic does not reflect on the character of the women involved. Many women will hold back in those situations, choosing to look for an organization that exudes a more welcoming culture, one where they can be surrounded by individuals who embrace diverse needs, opinions, and approaches.
- Women frequently exhibit distinct approaches to problem-solving, a discrepancy evident in job applications and hiring processes. While some individuals may confidently check half the requirements, feeling adequately qualified, some women often feel compelled to fulfill all criteria for consideration. Recognizing that job requirements are often aspirational, hiring managers expect to secure around 75% of the desired qualifications. However, women tend to feel the need for extensive experience and knowledge to establish relevance. A similar pattern may emerge during job interviews, where some women may tackle unfamiliar questions, showcasing their thought processes, while others, may apologize and admit uncertainty. Encouraging women to vocalize their thought processes instead of succumbing to the instinct to apologize is crucial for empowerment.
- Navigating a world predominantly shaped by male dynamics poses additional challenges for women. From casual small talk before or after meetings to events like conferences in Las Vegas or dinners with clients, these scenarios can inadvertently make women uncomfortable. The invitation to “whiskey and cigar” events, although not indicative of women's inability to appreciate such indulgences, often carries the wrong historical connotations. The exclusionary nature of these gatherings, reminiscent of times when men congregated in clubs surrounded only by female waitstaff, creates an atmosphere that I consciously choose to avoid. Recognizing and addressing these subtle exclusions is essential for creating an environment where women can confidently participate and contribute without feeling like perpetual minorities.
Undoubtedly, the cybersecurity industry has been grappling with a dire shortage of skilled professionals, requiring an urgent influx of capable individuals irrespective of gender. Moreover, research consistently points to how hiring diverse teams delivers superior results over time. In light of these undeniable facts, I firmly believe that concerted efforts to cultivate safe and diverse workplaces are not only commendable, but imperative. To guide this journey, the industry should consider the following strategies:
- Acknowledge and accommodate the different needs that women have within the workplace. Initiating a conversation on how to make the team or organization more welcoming for women can yield valuable insights. Women forming groups or guilds is not an attempt at exclusion, but rather a pursuit of a sense of belonging and the desire to be part of something more significant. These groups serve as empowering spaces, allowing women to showcase their full potential when they return to their teams.
- Address the inherent natural and cognitive biases we all possess. The discomfort associated with interviewing or integrating a female DevOps engineer into a team unfamiliar with such diversity has been well-documented. However, proactively preparing the team, setting expectations, and delineating boundaries against inappropriate comments or conversation topics can mitigate apprehensions and foster a more inclusive environment.
- Construct a hiring process that recognizes and accommodates diverse application styles and interview approaches. Flexibility in minimal requirements, coupled with an understanding that unconventional backgrounds and experiences can bring unique value to the team, allows for a more open-minded selection process. Embracing diversity in the hiring process broadens the talent pool, and also contributes to a richer and more dynamic team dynamic.
The imperative to address the industry’s staffing shortage and leverage the proven benefits of diversity calls for intentional efforts to create workplaces that embrace inclusivity. By respecting and accommodating the distinct needs of women, addressing biases, and implementing a hiring process attuned to diversity, organizations can pave the way for a cybersecurity industry that’s both well-staffed – and positioned for sustained excellence.
Shira Shamban, co-founder and CEO, Solvo