The cybersecurity industry has a problem: In 2019, women made up only 20 percent of the cybersecurity workforce. This statistic would be alarming in any industry given the amount of research that espouses the benefits of more balanced, diverse workforces. But it is especially troublesome in cybersecurity, where we already face a serious skills shortage.

So, if we know we stand to gain so much from a more inclusive workforce, what can we do about it? At the end of last year, I made a commitment to myself and my team that we would take focused action to help combat the gender gap in cybersecurity in three areas: representation, promotion and mentorship.

1. Tackle Representation

We are taking a critical look at who we hire and how we hire. I have no doubt that when hiring someone for a job in cybersecurity, candidates who apply are fairly evaluated. But what about those who didn’t apply? You may know the finding from a 2014 Hewlett Packard report: Men will apply for a job if they meet 60 percent of the qualifications, while women will only apply if they meet 100 percent.

While progress might have happened since then, it’s still likely that there are great, qualified and talented women who aren’t applying for a position on my team, or your team. Widen your aperture when looking for candidates internally and externally, think about how you write job requirements, encourage women to go for stretch opportunities and remember the research when a stack of resumes comes across your desk — there are likely talented, qualified female candidates who aren’t in that pile.

2. Help Women Progress in the Organization

My team is committed not only to hiring qualified women in cybersecurity, but also to reviewing all candidates fairly when it comes to promotion. We are committed to looking at the pipeline for success and providing an opportunity to create a diverse slate for review. In addition, we are committed not only to reviewing those who are coming forward, but also prompting others based on their skills, performance and expertise. And we’re using data to do it.

Our leaders are reviewing progression and promotion data and asking the right questions, encouraging women to consider roles that they don’t feel 100 percent qualified for. Remember the Hewlett Packard research mentioned above — women may be less likely to raise their hand for a promotion, so look beyond those who are asking.

3. Become a Mentor

This is a commitment our leadership team made: Every executive, including myself, must commit to mentoring. This is particularly important for upcoming women. Mentors should be both men and women. Sometimes, we focus on finding women mentors for talented women, and that’s great. But as Aarti Borkar, vice president of IBM Security Offering Management, shared with me, “Female mentors taught me I had it in me to fight to win. Male mentors made me realize that I belong.” Both male and female mentors can help women progress in their careers through coaching, support and guidance.

Being a sponsor for women in cybersecurity is also important, though different. Sponsors should be senior leaders who advocate on behalf of their sponsee, helping to advance their career. Anyone and everyone can be a mentor in the organization, starting today. If you’re more senior, up the ante and take on both mentor and sponsor roles for women and men in your organization. You could also benefit hugely from this investment of time — I’ve learned so much from my mentees. Being a mentor can broaden your network and increase your access to information across your organization, so there’s no reason not to get started today.

There are many ways to combat the gender gap in cybersecurity. Business resource groups and diversity and inclusion programs are making great strides to move the needle. But I’m also taking personal ownership for the things that I can do for my team and organization, and doing them today. And you can too — our industry, and the businesses we protect, need it.

More from CISO

CEO, CIO or CFO: Who Should Your CISO Report To?

As we move deeper into a digitally dependent future, the growing concern of data breaches and other cyber threats has led to the rise of the Chief Information Security Officer (CISO). This position is essential in almost every company that relies on digital information. They are responsible for developing and implementing strategies to harden the organization's defenses against cyberattacks. However, while many organizations don't question the value of a CISO, there should be more debate over who this important role…

Everyone Wants to Build a Cyber Range: Should You?

In the last few years, IBM X-Force has seen an unprecedented increase in requests to build cyber ranges. By cyber ranges, we mean facilities or online spaces that enable team training and exercises of cyberattack responses. Companies understand the need to drill their plans based on real-world conditions and using real tools, attacks and procedures. What’s driving this increased demand? The increase in remote and hybrid work models emerging from the COVID-19 pandemic has elevated the priority to collaborate and…

Why Quantum Computing Capabilities Are Creating Security Vulnerabilities Today

Quantum computing capabilities are already impacting your organization. While data encryption and operational disruption have long troubled Chief Information Security Officers (CISOs), the threat posed by emerging quantum computing capabilities is far more profound and immediate. Indeed, quantum computing poses an existential risk to the classical encryption protocols that enable virtually all digital transactions. Over the next several years, widespread data encryption mechanisms, such as public-key cryptography (PKC), could become vulnerable. Any classically encrypted communication could be wiretapped and is…

6 Roles That Can Easily Transition to a Cybersecurity Team

With the shortage of qualified tech professionals in the cybersecurity industry and increasing demand for trained experts, it can take time to find the right candidate with the necessary skill set. However, while searching for specific technical skill sets, many professionals in other industries may be an excellent fit for transitioning into a cybersecurity team. In fact, considering their unique, specialized skill sets, some roles are a better match than what is traditionally expected of a cybersecurity professional. This article…