As cyber threats have become more sophisticated, networks more complex and cybersecurity issues of greater concern at the board level, the demand for skilled cybersecurity professionals has soared. Unfortunately, there simply isn’t enough talent to fill all of the roles.
According to the 2015“Global Information Security Workforce Study” (GISWS) published by the(ISC)² Foundation, the information security workforce will see a 1.5 million shortfall by 2020. Another study by (ISC)² on women in security revealed that in 2015,90 percent of the information security positions worldwide were filled by men. This is despite women nearly closing the gap between men and women in terms of relevant undergraduate degrees and holding higher academic degrees than their male counterparts.
Somewhere between graduation and career path, women are turning away (or being turned away) from roles in information security. Closing the cybersecurity skills gap will depend heavily on the inclusion and participation of an untapped pool of talented women. To get there, it will require a mix of practicality and inspiration.
Show Them the Money
Gartner predicts that by the end of 2016 information security spending worldwide will reach $81.6 billion, of which India will contribute $4 billion. And according to the Data Security Council of India, that number will grow nine fold in the next decade, reaching $35-$40 billion by 2025.
This is expected to drive the generation of one million jobs in the country by 2025, as per NASSCOM. That potential, along with the opportunity for stable employment in a field with continued growth and high wages, will help bolster participation by women in information security.
In fact, they are already taking advantage of high-growth divisions in the industry. According to (ISC)2, 20 percent of women hold roles in governance, risk and compliance (GRC), which the foundation sees as a division with solid projected growth and importance.
“Women, therefore, have positioned themselves wisely in an InfoSec profession that should not be defined by sheer headcount, but in the roles of those that are shaping the future practice of InfoSec,” says the organization.
We Need You
Solving cybersecurity issues requires a mix of talent, including: STEM skills, technical knowledge, critical thinking, product management, understanding of organizational behaviour, planning and communication. In an age where networks and threat landscapes are changing constantly, organizations must also seek out fresh perspectives and creative approaches that can help combat current challenges while also laying the foundation to meet future ones.
The industry is slowly awakening to this realization, with NASSCOM launching a cyber-security certification course for women in India this year — but more needs to be done.
Job descriptions that outline “softer” skills, such as collaboration, objectives management and openness to new methods, make clear that organizations are seeking something beyond simply technical knowledge. This is especially important considering women are less likely to apply to positions for which they are not 100 percent qualified (men put that threshold at about 60 percent).
End the Token Speech
Increasing the visibility of women in cybersecurity can improve community within the industry. It will also influence younger women who perhaps have the right skills, but are undecided in their career path. Many cybersecurity conferences have a few speaking opportunities for women to give insight on establishing their career in this male-dominated field. Unfortunately, too often these are some of the only presentations given by women at such conferences.
What would be more impactful is women presenting on their work rather than their career. This is not to suggest career talks given by women for women should be eliminated; rather, they should not be used as a sort of “affirmative action check box” for conferences.
Women need to see that though they are underrepresented in cybersecurity, they are not an anomaly. They, like women before them, have value to contribute to the industry and their efforts can shape it for years to come.
About the Author
Michelle Johnson Cobb is Vice President of Worldwide Marketing for Skybox® Security, a global leader in cybersecurity analytics. She helps to lead the company’s growth in more than 50 countries. For more than 15 years, Michelle has held executive roles in computer security, networking and enterprise software companies, including Asempra Technologies, McAfee, Tumbleweed Communications and several start-ups. She received her MBA with high distinction from the University of Michigan, Ross School of Business and a Bachelor of Science in Computer Science also from the University of Michigan. ¬
