Closing the Cyber Security Skills Gap - Calling All Women

By Michelle Johnson Cobb, Vice President

As cyberthreats have become more sophisticated, networks more complex and cybersecurity issues of greater concern at the board level, the demand for skilled cybersecurity professionals has soared. Unfortunately, there simply isn’t enough talent to fill all of the roles.

According to the 2015“Global Information Security Workforce Study” (GISWS) published bythe(ISC)² Foundation,the information security workforce will see a 1.5 million shortfall by 2020. Another study by (ISC)² on women in security revealed that in 2015,90 percent of the information security positions worldwide were filled by men. This is despite women nearly closing the gap between men and women in terms of relevant undergraduate degrees and holding higher academic degrees than their male counterparts.

Somewhere between graduation and career path, women are turning away (or being turned away) from roles in information security. Closing the cybersecurity skills gap will depend heavily on the inclusion and participation of an untapped pool of talented women. To get there, it will require a mix of practicality and inspiration.

Show Them the Money

Gartner predicts that by the end of 2016 information security spending worldwide will reach $81.6 billion, of which India will contribute $4 billion. And according to the Data Security Council of India, that number will grow ninefold in the next decade, reaching $35-$40 billion by 2025.

This is expected to drive the generation ofone million jobs in the country by 2025, as per NASSCOM. That potential, along with the opportunity for stable employment in a field with continued growth and high wages, will help bolster participation by women ininformation security.

In fact, they are already taking advantage of high-growth divisions in the industry. According to (ISC)2, 20 percent of women hold roles in governance, risk and compliance (GRC), which the foundation sees as a division with solid projected growth and importance.

“Women, therefore, have positioned themselves wisely in an InfoSec profession that should not be defined by sheer headcount, but in the roles of those that are shaping the future practice of InfoSec,” says the organization.

We Need You

Solving cybersecurity issues requires a mix of talent, including: STEMskills, technical knowledge, critical thinking, product management, understanding of organizational behaviour, planning and communication. In an age where networks and threat landscapes are changingconstantly, organizations must alsoseek out fresh perspectives and creative approaches that can helpcombat current challenges while alsolaying the foundation to meet future ones.

The industry is slowly awakening to this realization, with NASSCOM launching a cyber-security certification course for women in India this year — but more needs to be done.

Job descriptions that outline “softer” skills, such as collaboration, objectives management and openness to new methods, make clear that organizations are seeking something beyond simplytechnical knowledge. This is especially important considering women are less likely to apply topositions for which they are not 100 percent qualified (men put that threshold at about 60 percent).

End the Token Speech

Increasing the visibility of women in cybersecurity can improve community within the industry. It will also influence younger women who perhaps have the right skills, but are undecided in their career path. Many cybersecurity conferences havea few speaking opportunities for women to give insight on establishing their career in this male-dominated field. Unfortunately, too often these are some of the only presentations given by women at such conferences.

What would be moreimpactful is women presenting on their work rather than their career. This is not to suggest career talks given by women for women should be eliminated; rather, they should not be used as a sort of “affirmative action check box” for conferences.

Women need to see that though they are underrepresented in cybersecurity, they are not an anomaly. They, like women before them, have value to contribute to the industry and their efforts can shape it for years to come.


Current Issue