Women in Cybersecurity

Written by Akmaral Abdiyeva

The question I ask myself every time I go to cybersecurity related conferences, or training sessions, meetups or lectures is where are the women? As flattering as it is to be one of just a couple of females presenting there and to think of yourself as one of the smartest of your gender, it is disturbing to witness such an imbalance in the 21st century.

It’s not a secret that cybersecurity, as well as the wider IT industry, has a huge gender gap that is not getting any narrower, while the demand for workforce is growing exponentially day by day.

It is predicted that Cybersecurity will have 3.5 million job openings by 2021 with an estimated shortage of 2 million security professionals by 2020. The percentage of unfilled jobs is already rising and is predicted to rise even higher. So, the problem that we are trying to solve is not that the industry is overpopulated by males, but rather it is underpopulated by females. Currently around 24% of cybersecurity professionals are women, so simple maths tells us we need the same number of women again to enter the industry to reach gender equality within cybersecurity.

In the past few years, there have been more and more articles and research pointing to a so-called impostor phenomenon or syndrome. Essentially, this is undervaluing your own skills and abilities, and perceiving yourself as a “fraud”. Many statistics and research underpin the fact that females suffer from this psychological syndrome more than males do. This can be explained by a few factors:

The first of these is the deeply rooted belief that STEM professions are not for women. Generally, women do not go to university to study degrees like physics, mathematics, engineering and computer science. According to UNESCO in 2017 the percentage of girls in STEM degrees was 35%. This perception results in the initial percentage of women eligible to work in male-dominated industries being lower than what equality needs. This form of stereotyping goes further than that by calling into question the abilities of those 35% that choose to be in STEM. This results in them doubting the choice of career and undervaluing their abilities, thus causing them to suffer from impostor syndrome. It is, therefore, crucial to appreciate and motivate those females already educated to stay within the industry and start or continue to pursue their career in STEM. There are ways that companies can evaluate their own abilities by providing the following benefits to their female employees: revisit the stigmas and stereotypes within the company regarding gender and eliminate them; bridge the pay gap; fill the management gap; provide constructive criticism; establish an inclusive environment; suggest competitive maternity packages and most importantly undertake a personalised approach to each female employee. Personalised approaches to everyone are crucial in any environment, however it is a key factor in retaining female workers. Many studies have proven that women are less likely to ask for a promotion, a pay rise, or for a consideration of personal circumstances. Simply asking women what they need in order to prosper in their roles would change things tremendously and mean a lot, especially for those silently suffering from impostor syndrome.

Beyond this, we see that images of hackers and engineers created by the industry and the media are not gender-neutral. No one imagines a girl in a hoodie hacking someone’s bank account, or a geeky female engineer in her room working on software that will change the world. The message that the industry is sending should be altered so that women feel like they belong.

If security was a person, it would be described as a people-person, rather than a techy-person, and unfortunately not many people understand or are aware of that. There is a big misconception regarding the requirements of cybersecurity roles. Even when I was entering the industry, I was not aware of this and was misled by the technical descriptions in the job adverts. Little did I know that soft skills are as important as hard skills. Most probably my cover letter, CV and approach to my applications would have changed had I known that my soft skills would be an asset for the job. And that puts off a wide range of female applicants who could be a perfect fit for roles in cyber security. The majority of cybersecurity companies invest a lot in their employees by providing them an annual allowance for competitive training and certifications, giving opportunities for those lacking crucial technical skills. This, and many other factors, such as provision of a lot of support from management teams, mentoring programmes and career progression plans need to be properly communicated when reaching out to prospective employees, so they do not shy away thinking they do not possess the full technical skill set, when they actually possess a great many soft skills.

There are plenty of ways women can assist themselves and each other in achieving the goal of gender equality in the IT industry. These days there are many organisations that are designed to support and help women, not only in tech, but in all industries as well as helping them to navigate and balance between career and family goals. It is important to take advantage of those organisations, spread the word and take a pro-active stance.  Nothing will change in the industry if we don’t start putting ourselves forward as a contributor first and not only asking questions like “What benefit will I get out of this?” but also, “How can I contribute, in order to benefit others like myself?”

Women like Cheryl Sandberg and Arianna Huffington are the first names that pop up in millennial girls’ minds when they hear words like “empowering women”. In a way I think this should change. We should associate role models not only with women who have achieved c-level positions or founded multi-million-dollar companies. Every woman should think of herself, she should think of her colleague who recently came back from maternity leave or of her mum, who may have not reached the highest step on the ladder, but navigated through the hurdles of a career while raising children and managing the household at the same time. We are all empowering women. Empowering women that can fill the gender gap within IT.