A new report found women in cybersecurity continually fight obstacles to their career advancement. But organizations can help eliminate them, says the leader of a women’s IT group.
Even as the tech industry grows, women continue to face significant challenges entering the cybersecurity workforce due to pay gaps, missed promotions, and discrimination.
While women comprise 43 percent of the global workforce, they only fill 11 percent of cybersecurity positions, according to the new 2017 Women in Cybersecurity Report from the Executive Women’s Forum on Information Security, Risk Management and Privacy (EWF) and the Center for Cyber Safety and Education.
“The under-representation and under-utilization of female talent is both a critical business issue and a hindrance to the development of world class cybersecurity organizations and resilient companies, as well as the overall safety and protection of our country,” EWF Executive Director Lynn Terwoerds said in a press release.
In addition, the report—based on a survey of 19,000 information security professionals by security association (ISC)² —found men earn more money, are four times more likely to hold executive positions, and are nine times more likely to hold managerial roles, even though women tend to have higher levels of education and certification.
You’ve got to evaluate unconscious and conscious biases all the way through the recruiting and hiring and performance evaluations.
Terwoerds attributed this situation to a lack of a pipeline for women in cybersecurity. To create one, she recommends organizations establish objective measurements to ensure men and women are entering and moving up in the industry equally.
“Just like [organizations] would solve any other business problem, there needs to be quantitative key performance indicators,” she said in an interview with Associations Now. “You’ve got to evaluate unconscious and conscious biases all the way through the recruiting and hiring and performance evaluations. You need to look at that when you’re identifying high potentials in your company.”
KPIs could also reduce discrimination in the field by allowing management to make hiring and promotional decisions based on data, a necessary change considering 51 percent of the survey’s female respondents said they had experienced discrimination in the workplace, with most of the incidences involving unconscious discrimination or unexplained delays in career advancement.
Having indicators also creates natural checkpoints at which organizations can review their general diversity and inclusion status, Terwoerds said. For instance, if an association is looking to hire from the inside and the candidate pool “is of similar background or the same gender or the same ethnicity, the same anything, I think there has to be a checkpoint that says that you’re guarding against that.”
Leadership and professional development programs also help build the pipeline as women who’ve completed these programs feel more valued at work, the report found. Terwoerds said organizations should provide such opportunities to support employees, whether helping them adjust to a new role, connect with mentors within and outside the organization, or simply develop their skills.
Following the report, EWF is reviewing its own programs—which focus on supporting women’s cybersecurity careers—to ensure they are benefiting members of all ages and ethnicities. “We’re looking at ourselves and saying, ‘Do we meet the needs of our diverse membership?’” Terwoerds said.
Lastly, women in cybersecurity should seek out sponsors, someone in a more senior level position who can identify the individual for opportunities. “It might be a stretch assignment, it may be recommending you for a high potential program,” she said. “It could be just giving you a higher level of visibility in meetings and in various projects, or even talking about you to his or her peers.”