As a result of the ongoing pandemic, the cybersecurity industry has continued to accelerate and has no indication of slowing down anytime soon. With new and innovative methods of hacking affecting businesses of all kinds, the number of cyberattacks is also increasing.
The industry predominantly remains male-dominated, and this lack of diversity, in turn, means less available talent to help keep up with the rise in mounting cyber threats. Women currently represent about 20% of people working in the field of cybersecurity.
Cybersecurity – the diversity problem
At the very beginning of a tech-based career pathway, a woman’s success is already limited. Females make up only 28% of the workforce in science, technology, engineering and maths subjects (STEM), and are systematically tracked away from these subjects throughout their learning, and pushed towards written and creative arts, narrowing their training and potential positions to go into these fields later in life.
STEM subjects are traditionally considered masculine by many. All too often, teachers and parents may steer girls away from pursuing such areas – with females making up just 26% of STEM graduates in 2019. Additionally, there is a need for more female STEM teachers, as young girls may feel that they cannot be what they can’t see. Because fewer women study and work in STEM, these fields tend to create exclusionary male-dominated cultures that are not inclusive of or appealing to women.
Barriers into the cybersecurity industry already exist, such as often requiring a minimum of two years of experience for entry-level positions. This proposes the question, how do you get those two years without being offered an opportunity to gain the necessary skills or lessons? This requirement leads to talented, tech-savvy young women entering non-tech sectors, further enhancing the pattern of fewer women in cyber security, as well as technology as a whole, even if they have trained in that subject.
Additionally, females who have been successful in entering the industry often receive different treatment compared to males who work in technology, and can occasionally be mistaken for having a less ‘dominant’ role.
Another VIPRE colleague, Angela, who has been a Support Engineer at VIPRE for over ten years is still asked to put people through to an engineer on the phone – as it is perceived that as a woman, she can’t be one herself, despite having over a decade of experience. These stereotypes can discourage young women from entering the field and diminish the accomplishments and self-esteem of those already in it.
Obstacles and challenges to diversity in cybersecurity
From engineers to analysts, consultants and technologists, the roles are unlimited in cybersecurity. It is clear for women entering the industry that the profession is not limited to just one type of job, and requires a range of skill sets, most of which can now be done remotely – which has been heightened due to COVID-19.
However, research demonstrates that 66% of women reported that there is no path of progression for them in their career at their current tech companies, suggesting the very reason why women tend to end up in the more ‘customer facing’ roles, such as marketing, sales or customer support. How can females continue to advance once they have a foot in the door into more technical or product-focused roles?
Despite girls outperforming boys across a range of STEM subjects, including maths and science, the presumption remains that women are not equipped to take on ‘complex’ tasks and roles.
To support this, research reveals those who attend an ‘all-girls’ school and see their female peers also participating in technology subjects do not have lower esteem when pursuing that industry and are in a learning environment free from gender stereotyping, unconscious bias and social pressure. And even if a female is successful within these areas, we continue to see a lack of women represented in senior leadership roles. We need to dispel the myths that women cannot take on ‘tech-heavy’ jobs.
Maternity leave or taking a break to raise a family is another challenge women face later on in their careers. Employers might question the gap in their CV when they eventually want to return to work after taking a break from such a demanding industry to start and raise a family.
A recent study shows that three in five professional women return to lower-paid or lower-skilled jobs following their career breaks. Additionally, the challenges faced by women returning to the workplace costs the UK an estimated £1.7 billion a year in lost economic output.
“It’s almost considered career suicide to leave,” explains the former senior director of the Anita Borg Institute for Women and Technology, Claudia Galvan. These women find it “almost impossible to go back to work, or if they do go back to work, they have to take totally different jobs from what their career was, a demotion, of course, pay cuts — and that’s if they get the opportunity to get back into the workforce.”
Based on my personal experience at a previous employer, whilst it was agreed that I could work fewer days a week after returning from maternity leave, this arguably caused more problems. The ‘compromise’ that was reached was that I could work four days but I still needed to have the same target as people in the same position who worked five days a week. They also reduced my pay by 20% in line with the four day week and actually created a more stressful environment as I found myself working longer hours over the four days.
Everyone is the target – so why not get everyone involved?
To ensure that women gain equal footing in stereotypically male-dominated industries, there is an often-overlooked factor – men need equality too. Businesses need to offer the same level of paternity leave and support to men as they do to women when it comes to looking after a family. This then leads to the need for flexibility within working hours for school runs, for example, as it needs to be understood that men have children too, and women are not always the number one caregiver.
For example, my husband received more questions about taking time off if our child was unwell than I ever did. He was constantly asked of my whereabouts as if it was my sole responsibility to look after our child, not both of us. Ultimately, the debate here is not just that there need to be more women in cybersecurity and technology, but that workforces must have diversity within them.
Having a diverse workforce allows there to be a balance of input, more creativity, new perspectives and fresh ideas. From different learning paths to ways of approaching problems, and bringing in wider viewpoints, women bring an array of different skills, attributes and experiences to cybersecurity roles.
Working in an industry like cybersecurity where everyone is impacted and everyone is a target – we need everyone to be involved in developing solutions that work to solve the problem. This is not just limited to gender but also includes age, culture, race and religion. To truly mitigate the risk of cybercrime, we need a solution relevant to all the people impacted by the problem.
To begin with, whether this is from a younger age during school studies or university courses, offering varied entry pathways into the industry, or making it easier to return after a break, women must be encouraged into the field of cybersecurity. These hurdles in the sector have to be addressed.
Each business has a part to play when it comes to ensuring that its organisation meets the requirements of all of its employees. From remote or hybrid working, reduced hours or adequate maternity and paternity support, working hours should be more flexible to suit the needs of the employee.
A “return to work scheme” would greatly benefit women if companies were to implement them. This can help those who have had a break from the industry get back into work – and this doesn’t necessarily mean limiting them to roles such as customer support, sales and marketing.
HR teams must also do better when it comes to job descriptions, ensuring they appeal to a wider audience, offer flexibility and that the recruitment pool is as diverse as can be.
Setting up the Cyber Security Skill strategy, the Government has started taking action. Businesses themselves have also started to enforce programmes to support those with gaps in their CV’s and are eager to return to their careers, such as Ziff Davis’s Restart Programme. This programme is committed to those who have a gap in their experience and are keen to return to their careers, providing them with an employment opportunity that emphasises growth and training, helping professionals return to the workforce.
Cybersecurity remains an attractive and lucrative career path, but more should be done to direct female students in the right way to pursue a job role within STEM and to support those returning to work. There is more need than ever before for diverse teams as cybersecurity threats are increasingly varied. But only when businesses step up and take matters into their own hands can there be more available paths into the industry for everyone.
Andrea Babbs is Head of Sales UK & Ireland at VIPRE Security.