March 10, 2020 By Justin Youngblood 3 min read

The cybersecurity industry has a problem: In 2019, women made up only 20 percent of the cybersecurity workforce. This statistic would be alarming in any industry given the amount of research that espouses the benefits of more balanced, diverse workforces. But it is especially troublesome in cybersecurity, where we already face a serious skills shortage.

So, if we know we stand to gain so much from a more inclusive workforce, what can we do about it? At the end of last year, I made a commitment to myself and my team that we would take focused action to help combat the gender gap in cybersecurity in three areas: representation, promotion and mentorship.

1. Tackle Representation

We are taking a critical look at who we hire and how we hire. I have no doubt that when hiring someone for a job in cybersecurity, candidates who apply are fairly evaluated. But what about those who didn’t apply? You may know the finding from a 2014 Hewlett Packard report: Men will apply for a job if they meet 60 percent of the qualifications, while women will only apply if they meet 100 percent.

While progress might have happened since then, it’s still likely that there are great, qualified and talented women who aren’t applying for a position on my team, or your team. Widen your aperture when looking for candidates internally and externally, think about how you write job requirements, encourage women to go for stretch opportunities and remember the research when a stack of resumes comes across your desk — there are likely talented, qualified female candidates who aren’t in that pile.

2. Help Women Progress in the Organization

My team is committed not only to hiring qualified women in cybersecurity, but also to reviewing all candidates fairly when it comes to promotion. We are committed to looking at the pipeline for success and providing an opportunity to create a diverse slate for review. In addition, we are committed not only to reviewing those who are coming forward, but also prompting others based on their skills, performance and expertise. And we’re using data to do it.

Our leaders are reviewing progression and promotion data and asking the right questions, encouraging women to consider roles that they don’t feel 100 percent qualified for. Remember the Hewlett Packard research mentioned above — women may be less likely to raise their hand for a promotion, so look beyond those who are asking.

3. Become a Mentor

This is a commitment our leadership team made: Every executive, including myself, must commit to mentoring. This is particularly important for upcoming women. Mentors should be both men and women. Sometimes, we focus on finding women mentors for talented women, and that’s great. But as Aarti Borkar, vice president of IBM Security Offering Management, shared with me, “Female mentors taught me I had it in me to fight to win. Male mentors made me realize that I belong.” Both male and female mentors can help women progress in their careers through coaching, support and guidance.

Being a sponsor for women in cybersecurity is also important, though different. Sponsors should be senior leaders who advocate on behalf of their sponsee, helping to advance their career. Anyone and everyone can be a mentor in the organization, starting today. If you’re more senior, up the ante and take on both mentor and sponsor roles for women and men in your organization. You could also benefit hugely from this investment of time — I’ve learned so much from my mentees. Being a mentor can broaden your network and increase your access to information across your organization, so there’s no reason not to get started today.

There are many ways to combat the gender gap in cybersecurity. Business resource groups and diversity and inclusion programs are making great strides to move the needle. But I’m also taking personal ownership for the things that I can do for my team and organization, and doing them today. And you can too — our industry, and the businesses we protect, need it.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today