There’s been no shortage of studies over the years about the fairness gap between men and women in security, not to mention every other industry.
These studies are well intentioned. But according to several women in the industry who spoke with Naked Security, it’s time to move beyond the studies and focus on actually changing the culture. One of them is Magen Wu, a security consultant with Rapid 7.
She said the latest survey is a great example of awareness on an issue that has been long debated in the industry. But the data reads a lot like a phishing report.
It’s good to have the numbers on who opened the email versus who clicked the link or filled out the form. But unless we do something with that information, it serves little purpose other than to generate awareness that we have a problem.
The latest study
For this latest study, the Center for Cyber Safety and Education and the Executive Women’s Forum surveyed more than 19,000 participants from around the world. It painted the following picture:
- Women are globally underrepresented in the cybersecurity profession at 11%, much lower than the representation of women in the overall global workforce
- Globally men are four times more likely to hold C- and executive-level positions, and nine times more likely to hold managerial positions than women.
- 51% of women report various forms of discrimination in the cybersecurity workforce
- Women who feel valued in the workplace have also benefited from leadership development programs in greater numbers than women who feel undervalued.
- In 2016 women in cybersecurity earned less than men at every level.
Indeed, those statistics resonate for some of the women we interviewed. One San Francisco-based infosec professional, who asked that her name not be used because of potential repercussions at work, explained how she was encouraged to apply for a position within her company on an all-male team only to be told later that those who encouraged her didn’t really think she’d fit in. She pressed them for examples of why she wouldn’t work out and got no answer. She believes the real issue was gender.
A call to action
Those interviewed said it’s time to move beyond studies and surveys that merely illustrate an already understood problem and start focusing on some action items that’ll lead to meaningful progress.
Wu would like to see reports and articles that are more a call to action on what can be done at the individual, corporate, and community level to positively impact the numbers:
For example, do the women who are in the industry today get into it because of a mentor? If so, we should try and be more proactive about reaching out to people about mentorships or establishing mentorship programs at conferences and work. We are asking some of the right questions, but it may be time to shift focus from why there are so few women to why do the women who are here stay.
As the industry grows, so does female representation
Some say surveys like this are flawed for a variety of reasons. The questions don’t dig deep enough into the respondent’s skills or match up with the actual roles they have in their companies. It also doesn’t paint a full picture of areas where progress has been made.
Allison Miller has seen the good and bad in the industry over her career, which includes technical and leadership roles in several industries and now product strategy for Google Security. With a seat on the (ISC)2 board of directors and on selection committees for popular security industry events, she has an even broader view. She said:
As the industry overall has expanded, the representation of women has kept up and in some sectors even grown.
There is far greater awareness than there was when I was going to school, but the tide has not shifted completely. Women often face other issues that men traditionally have not faced like family care and being stretched too thin on all sides personally and professionally. Culturally, I think that is changing some as well.
The way forward
My strategy for women in any industry is, compete and win. Really go for greatness. What we need is people who want to be here [in cybersecurity] and are really willing to work hard, set the bar higher. Only by being competitive can we get a seat at the table.