The cybersecurity industry has a problem: In 2019, women made up only 20 percent of the cybersecurity workforce. This statistic would be alarming in any industry given the amount of research that espouses the benefits of more balanced, diverse workforces. But it is especially troublesome in cybersecurity, where we already face a serious skills shortage.
So, if we know we stand to gain so much from a more inclusive workforce, what can we do about it? At the end of last year, I made a commitment to myself and my team that we would take focused action to help combat the gender gap in cybersecurity in three areas: representation, promotion and mentorship.
1. Tackle Representation
We are taking a critical look at who we hire and how we hire. I have no doubt that when hiring someone for a job in cybersecurity, candidates who apply are fairly evaluated. But what about those who didn’t apply? You may know the finding from a 2014 Hewlett Packard report: Men will apply for a job if they meet 60 percent of the qualifications, while women will only apply if they meet 100 percent.
While progress might have happened since then, it’s still likely that there are great, qualified and talented women who aren’t applying for a position on my team, or your team. Widen your aperture when looking for candidates internally and externally, think about how you write job requirements, encourage women to go for stretch opportunities and remember the research when a stack of resumes comes across your desk — there are likely talented, qualified female candidates who aren’t in that pile.
2. Help Women Progress in the Organization
My team is committed not only to hiring qualified women in cybersecurity, but also to reviewing all candidates fairly when it comes to promotion. We are committed to looking at the pipeline for success and providing an opportunity to create a diverse slate for review. In addition, we are committed not only to reviewing those who are coming forward, but also prompting others based on their skills, performance and expertise. And we’re using data to do it.
Our leaders are reviewing progression and promotion data and asking the right questions, encouraging women to consider roles that they don’t feel 100 percent qualified for. Remember the Hewlett Packard research mentioned above — women may be less likely to raise their hand for a promotion, so look beyond those who are asking.
3. Become a Mentor
This is a commitment our leadership team made: Every executive, including myself, must commit to mentoring. This is particularly important for upcoming women. Mentors should be both men and women. Sometimes, we focus on finding women mentors for talented women, and that’s great. But as Aarti Borkar, vice president of IBM Security Offering Management, shared with me, “Female mentors taught me I had it in me to fight to win. Male mentors made me realize that I belong.” Both male and female mentors can help women progress in their careers through coaching, support and guidance.
Being a sponsor for women in cybersecurity is also important, though different. Sponsors should be senior leaders who advocate on behalf of their sponsee, helping to advance their career. Anyone and everyone can be a mentor in the organization, starting today. If you’re more senior, up the ante and take on both mentor and sponsor roles for women and men in your organization. You could also benefit hugely from this investment of time — I’ve learned so much from my mentees. Being a mentor can broaden your network and increase your access to information across your organization, so there’s no reason not to get started today.
There are many ways to combat the gender gap in cybersecurity. Business resource groups and diversity and inclusion programs are making great strides to move the needle. But I’m also taking personal ownership for the things that I can do for my team and organization, and doing them today. And you can too — our industry, and the businesses we protect, need it.
Vice President of IBM Security