As a result of the ongoing pandemic, the cybersecurity industry has continued to accelerate, and has no indication of slowing down anytime soon. With new and innovative methods of hacking affecting businesses of all kinds, the number of cyber attacks is also increasing. A report by DCMS showed that the UK’s cyber security industry is now worth an estimated £8.3 billion – but why do we still see a lack of female representatives for an industry so high in demand?
The industry predominantly remains male-dominated, and this lack of diversity, in turn, means less available talent to help keep up with the rise in mounting cyber threats. Women currently represent about 20% of people working in the field of cybersecurity, says Gartner. Andrea Babbs, Head of Sales UK & Ireland at VIPRE Security, outlines how attracting and embracing more females, and providing equal opportunities within the workplace, is significant for the future of the cybersecurity industry.
Male Dominated Subjects
Even at the very beginning of a ‘tech’ based career pathway, a woman’s success is already limited. Females make up only 28% of the workforce in science, technology, engineering and math subjects (STEM), and are systematically tracked away from these subjects throughout their learning, and pushed towards written and creative arts, narrowing their training and potential positions to go into these fields later in life.
STEM subjects are traditionally considered as masculine by many. All too often, teachers and parents may steer girls away from pursuing such areas – with females making up just 26% of STEM graduates in 2019. Additionally, there is a need for more female STEM teachers, as young girls may feel that they cannot be what they can’t see. Because less women study and work in STEM, these fields tend to create exclusionary male-dominated cultures that are not inclusive of, or appealing to women.
Barriers into the cybersecurity industry already exist, such as often requiring a minimum of two years of experience for entry level positions. This proposes the question, how do you get those two years without being offered an opportunity to gain the necessary skills or lessons? This requirement leads to talented, tech-savvy young women entering non-tech sectors, further enhancing the pattern of fewer women in cyber security, as well as technology as a whole, even if they have trained in that subject.
Additionally, females who have been successful in entering the industry often receive different treatment compared to males who work in technology, and can occasionally be mistaken for having a less ‘dominant’ role. Another VIPRE colleague, Angela, who has been a Support Engineer at VIPRE for over ten years is still asked to put people through to an engineer on the phone – as it is perceived that as a woman, she can’t be one herself, despite having over a decade of experience. These stereotypes can therefore discourage young women from entering the field and diminish the accomplishments and self esteem of those already in it.
Obstacles and Challenges
From engineers to analysts, consultants and technologists, the roles are unlimited in cybersecurity. It is clear for women entering the industry that the profession is not limited to just one type of job, and requires a range of skill sets, most of which can now be done remotely – which has been heightened due to COVID-19.
However, research demonstrates that 66% of women reported that there is no path of progression for them in their career at their current tech companies, suggesting the very reason why women tend to end up in the more ‘customer facing’ roles, such as marketing, sales or customer support. How can females continue to advance once they have a foot in the door into more technical or product focused roles?
Despite girls outperforming boys across a range of STEM subjects, including maths and science, the presumption remains that women are not equipped to take on ‘complex’ tasks and roles. To support this, research reveals those who attend an ‘all-girls’ school and see their female peers also participating in technology subjects, therefore do not have lower-esteem when pursuing that industry, and are in a learning environment free from gender stereotyping, unconscious bias and social pressure. And even if a female is successful within these areas, we continue to see a lack of women represented in senior leadership roles on boards, as CEOs and in STEM careers. We need to dispel the myths that women cannot take on ‘tech-heavy’ jobs.
Maternity leave or taking a break to raise a family is another challenge women face later on in their career. Employers might question the gap in their CV when they eventually want to return to work after taking a break from such a demanding industry to start and raise a family. A recent study shows that three in five professional women return to lower paid or lower-skilled jobs following their career breaks. Additionally, the challenges faced by women returning to the workplace costs the UK an estimated £1.7 billion a year in lost economic output.
“It’s almost considered career suicide to leave,” explains the former senior director of the Anita Borg Institute for Women and Technology, Claudia Galvan. These women find it “almost impossible to go back to work, or if they do go back to work, they have to take totally different jobs from what their career was, a demotion, of course pay cuts — and that’s if they get the opportunity to get back into the workforce.”
Based on my personal experience at a previous employer, whilst it was agreed that I could work fewer days a week after returning from maternity leave, this arguably caused more problems. The ‘compromise’ that was reached was that I could work four days but I still needed to have the same target as people in the same position who worked five days a week. They also reduced my pay by 20% inline with the four day week, and actually created a more stressful environment as I found myself working longer hours over the four days.
Everyone is the target. So why not get everyone involved?
To ensure that women gain equal footing in stereotypically male-dominated industries, there is an often-overlooked factor – men need equality too. Businesses need to offer the same level of paternity leave and support to men as they do women when it comes to looking after a family. This then leads to the need for flexibility within working hours for school runs, for example, as it needs to be understood that men have children too, and women are not always the number one caregiver. For example, my husband received more questions about taking time off if our child was unwell than I ever did. He was constantly asked of my whereabouts as if it was my sole responsibility to look after our child, not both of us. Ultimately, the debate here is not just that there needs to be more women in cybersecurity and technology, but that workforces must have diversity within them.
Having a diverse workforce allows there to be a balance of input, more creativity, new perspectives and fresh ideas. From different learning paths, to ways of approaching problems, and bringing in wider viewpoints, women bring an array of different skills, attributes and experience to cybersecurity roles. Working in an industry like cybersecurity where everyone is impacted and everyone is a target – we need everyone to be involved in developing solutions which work to solve the problem. This is not just limited to gender, but also includes age, culture, race and religion. To truly mitigate the risk of cybercrime, we need a solution relevant to all the people impacted by the problem.
Taking Action
To begin with, whether this is from a younger age during school studies or university courses, offering varied entry pathways into the industry, or making it easier to return after a break, women must be encouraged into the field of cybersecurity. These hurdles into the sector have to be addressed.
Each business has a part to play when it comes to ensuring that their organisation meets the requirements of all of their employees. From remote or hybrid working, reduced hours or adequate maternity and paternity support, working hours should be more flexible to suit the needs of the employee.
A “return to work scheme” would greatly benefit women if companies were to implement them. This can help those who have had a break from the industry get back into work – and this doesn’t necessarily mean limiting them to roles such as customer support, sales and marketing. HR teams must also do better when it comes to job descriptions, ensuring they appeal to a wider audience, offer flexibility and that the recruitment pool is as diverse as can be.
Setting up the Cyber Security Skill strategy, the government has started taking action. Businesses themselves have also started to enforce programmes to support those with gaps in their CV’s and are eager to return to their careers, such as Ziff Davis’s Restart Programme. This programme is committed to those who have a gap in their experience and are keen to return to their careers, providing them with an employment opportunity which emphasises growth and training, helping professionals return to the workforce. When businesses step up and take matters into their own hands, it provides more available paths into the industry for everyone.
Creating a Gender-Balanced Cyber Workforce
The cybersecurity industry remains an attractive and lucrative career path, but more should be done to direct female students in the right way to pursue a job role within STEM and to support those who are returning to work.
There is more of a need than ever before for more diverse teams, as cybersecurity threats become more varied. Becoming part of a gender-balanced cyber workforce is an efficient way to avoid unconscious bias and build a range of solutions to complex problems.
Whilst the latest government initiatives and courses to attract diverse talent, and better the UK’s security and technology sectors is a great start, the only way to progress is more investment and emphasis on STEM as a career path. This will encourage both males and females, who are treated equally and can see themselves reflected in their senior management teams.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.