Roughly 600,000 cybersecurity jobs remain unfilled today, according to the U.S. Bureau of Labor Statistics. Yet as Lisa Kearney, founder of the training organization Women CyberSecurity Society (WCS2) points out, women still account for just 11% of the cyber workforce. Companies looking to close that gap should be focusing their recruitment efforts on talented women, she says.
In a recent interview for Workflow, Kearney discussed what she’s learned from four years on the job (in addition to two decades in the industry), and what it will take to attract and keep more women in the field. The following has been edited for length and clarity.
It’s mixed. On the one hand, there’s a lot more awareness of the issue now. When I started WCS2, there were no women in cybersecurity organizations talking about barriers for women. Today there’s a plethora of organizations and support groups for women in the field. So, we started a real movement.
On the other hand, the data is disappointing. Globally, or even just here in North America, women still make up only 11% of the cyber workforce. But some reports say representation has doubled or tripled. Those numbers are inaccurate because the reports include women who work in positions like product management or human resources. The true cyber workforce is where people are working directly to protect system data. This is an important distinction because it’s in the cybersecurity workforce where the bias and barriers exist, and where women still only hold 11% of positions. Unfortunately, there are still people—even women!—using inaccurate data to show that we no longer need to bring more women into cybersecurity.
More advancement of women into leadership positions—right now there’s maybe one woman for every 100 leadership roles. We need more representation, more seats at the table, and the ability to retain women when they get there.
Organizations also have to stop thinking of diversity as a checkbox. They need to understand the benefits that diversity brings. Research has shown that diversity increases employer profits, creates new innovation, and improves employee satisfaction and retention.
Training and education of women is also critical. That’s why we have a mentorship program, and we’re even doing something different this year: focusing on the online safety of women and girls. We’re working with our partners to help women can protect themselves online through settings and controls that minimize the level of violence and hate that they receive when interacting online.
There’s our scholarship program, where we paid the full cost for 20 women to take Security+ training, which is recognized globally. We had mentors for the women all the way through, and they had access to learning platforms. Several who obtained their Security+ certification have gotten job promotions, new jobs, salary increases, or a new job title. Some are also renegotiating their salaries as a result of their certification.
We also have our FAST (Females Advancing in Security and Technology) Awards, for women in the early stages of their careers. One finalist started a WCS2 chapter in Gambia. Research has shown that in Canada, 50% of women drop out of IT careers in the first four years. We want to boost their confidence by recognizing their achievements, so they’ll continue in the industry.
If you’re sitting around a boardroom table with 10 men and ask them a question, you’re likely going to get similar answers. Women have different perspectives, which are so valuable, just as diversity is.
You improve the security of an organization when you have diverse mindsets. With new ways of thinking from women, you can add tremendous value to an organization, not to mention the cybersecurity industry as a whole.