One of the most persistent characteristics of the booming cyber security industry has been the continued gender gap. Women are on average underrepresented and earn lower salaries than men. Addressing the gender gap can be one of the most powerful trump cards in dealing with the major talent shortfall in cyber security, which is expected to rise to 1.8 million unfilled positions by 2022. Here are some ways to do it.


The Gender Gap in Numbers

The latest Global Information Security Workforce Study: Women in Cybersecurity released in 2017 shows that women only represent 11% of the cyber security workforce (14% in North America), with over half of women surveyed reporting some form of discrimination at work (compared to only 15% of men). Despite the fact that women on average have more advanced degrees than men in this field, a salary gap of $4,540 for executive and $5,000 for non-managerial positions still exists in favor of men. While the pay gap for women in upper management has decreased slightly, women in non-management positions are now worse off than in 2015. In the computer science field, from which many professionals eventually transition into cyber security, only 25% of the workforce and 12% of the engineers are women.


Causes of the Gender Imbalance

Fighting stereotypes is key to increasing the participation of women in cyber security. When many people think of cyber security, images of a hooded teenager hacking away on a computer in a dark basement surrounded by empty pizza boxes may come to mind. Naturally, it’s a scene that wouldn’t appeal to many women.

Cyber firm Kaspersky Lab came to similar conclusions. In a survey of 4,000 teens and young adults between the ages of 16 and 21, a third of women considered cyber security professionals to be “geeks”, 25% saw them as “nerds”, while one-sixth felt that cyber security itself was dull. The general impression associated cyber security directly with hacking – an illegal activity. The survey found that as a result of these preconceived notions, most girls have already ruled out a future career in cyber security by the time they turn 16.

Other misconceptions include the idea that the cyber security industry is only for people with highly technical skills. In fact, this couldn’t be further from the truth. With the release of new SEC guidelines on cyber breach reporting and the European Union’s GDPR and other regulations set to alter corporate perceptions and engagement with cyber security, more positions will be available than ever before in the legal, marketing and public policy fields – all areas in which women tend to excel.


Direct Action to Address the Gender Gap

According to a recent podcast by Heather Ricciuto of IBM Security, “companies with greater female participation benefit from both greater innovation and financial performance…because women bring a different approach and way of thinking to the table, which leads to varying thought leadership.” Embracing this idea, IBM has been organizing events such as the Women in Cybersecurity Seminar, Women in Cybersecurity Conference and Cyber Day for Girls. The purpose of these initiatives is to encourage women to break into cyber security by providing them with female role models in the cyber security field. The company has also been making determined efforts to hire more female candidates for their security division. Following this trend, companies with cyber security openings should explicitly encourage women to apply for openings, making it clear that they would not be at a disadvantage compared to men. To tackle misconceptions early, youth groups like the Girl Scouts – which created a cyber security badge – Formal educational programs should include at least some exposure to cyber security in high schools and middle schools as the number of programming and web design classes increase. Young students should understand the concepts of information security and ethical hacking from an early age to avoid negative stereotypes in the future.