March 10, 2020 By Justin Youngblood 3 min read

The cybersecurity industry has a problem: In 2019, women made up only 20 percent of the cybersecurity workforce. This statistic would be alarming in any industry given the amount of research that espouses the benefits of more balanced, diverse workforces. But it is especially troublesome in cybersecurity, where we already face a serious skills shortage.

So, if we know we stand to gain so much from a more inclusive workforce, what can we do about it? At the end of last year, I made a commitment to myself and my team that we would take focused action to help combat the gender gap in cybersecurity in three areas: representation, promotion and mentorship.

1. Tackle Representation

We are taking a critical look at who we hire and how we hire. I have no doubt that when hiring someone for a job in cybersecurity, candidates who apply are fairly evaluated. But what about those who didn’t apply? You may know the finding from a 2014 Hewlett Packard report: Men will apply for a job if they meet 60 percent of the qualifications, while women will only apply if they meet 100 percent.

While progress might have happened since then, it’s still likely that there are great, qualified and talented women who aren’t applying for a position on my team, or your team. Widen your aperture when looking for candidates internally and externally, think about how you write job requirements, encourage women to go for stretch opportunities and remember the research when a stack of resumes comes across your desk — there are likely talented, qualified female candidates who aren’t in that pile.

2. Help Women Progress in the Organization

My team is committed not only to hiring qualified women in cybersecurity, but also to reviewing all candidates fairly when it comes to promotion. We are committed to looking at the pipeline for success and providing an opportunity to create a diverse slate for review. In addition, we are committed not only to reviewing those who are coming forward, but also prompting others based on their skills, performance and expertise. And we’re using data to do it.

Our leaders are reviewing progression and promotion data and asking the right questions, encouraging women to consider roles that they don’t feel 100 percent qualified for. Remember the Hewlett Packard research mentioned above — women may be less likely to raise their hand for a promotion, so look beyond those who are asking.

3. Become a Mentor

This is a commitment our leadership team made: Every executive, including myself, must commit to mentoring. This is particularly important for upcoming women. Mentors should be both men and women. Sometimes, we focus on finding women mentors for talented women, and that’s great. But as Aarti Borkar, vice president of IBM Security Offering Management, shared with me, “Female mentors taught me I had it in me to fight to win. Male mentors made me realize that I belong.” Both male and female mentors can help women progress in their careers through coaching, support and guidance.

Being a sponsor for women in cybersecurity is also important, though different. Sponsors should be senior leaders who advocate on behalf of their sponsee, helping to advance their career. Anyone and everyone can be a mentor in the organization, starting today. If you’re more senior, up the ante and take on both mentor and sponsor roles for women and men in your organization. You could also benefit hugely from this investment of time — I’ve learned so much from my mentees. Being a mentor can broaden your network and increase your access to information across your organization, so there’s no reason not to get started today.

There are many ways to combat the gender gap in cybersecurity. Business resource groups and diversity and inclusion programs are making great strides to move the needle. But I’m also taking personal ownership for the things that I can do for my team and organization, and doing them today. And you can too — our industry, and the businesses we protect, need it.

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today