July 20, 2018 By Joan Goodchild 3 min read

There’s a shortage of women in security roles — and this is just one of the many challenges the cybersecurity industry is facing. There will also be 3.5 million unfilled cybersecurity positions by 2021, according to a 2017 report from Cybersecurity Ventures.

There’s a significant underrepresentation of women in the security field. Forrester published a study in February 2018, Best Practices: Recruiting And Retaining Women In Cybersecurity, which found that women represent just 11 percent of cybersecurity professionals worldwide.

So, how can industry leaders recruit and retain women to fill these crucial positions?

What Problems Do Women Face in Cybersecurity?

One reason organizations continue to struggle to fill roles with female candidates is an ongoing problem with sexism and discrimination, stressed Claire O’Malley, analyst and co-author of the 2018 Forrester study, in a Forrester blog post.

Other research from the field backs up this assertion. The Frost & Sullivan white paper, 2017 Global Information Security Workforce Study: Women in Cybersecurity, asked nearly 20,000 information security professionals around the world about discrimination and inclusion and found that 51 percent of women (and 15 percent of men) had experienced one or more forms of discrimination. These types of discrimination included unexplained denial of or delay in career advancement, exaggerated highlighting of mistakes or errors and tokenism.

How to Recruit and Retain Women in Security

Forrester Research offered suggestions for recruiting and retaining women in the security industry. The report provided actionable tips for organizations seeking to add more women to their ranks by creating an inclusive culture.

“The industry is making enormous strides, but with women occupying only 11 percent of cybersecurity positions, the playing field is still not close to level,” said O’Malley in her blog post. “The industry needs to change its recruiting and retainment efforts to better the workplace for women and all employees as it fills the millions of open jobs.”

As recruitment continues to lose pace with workforce demand, companies will have to deliberately change gears into taking more proactive steps to lift the roadblocks to equal representation.

With these hurdles in mind, Forrester recommends:

  1. Partnering with educational institutions: Partner with colleges and universities with high female enrollment. Seek candidates from schools with known partnerships with professional development programs, such as Women in Science and Engineering.
  2. Looking internally for change-seekers: Look internally to women who may be eager for a career change. You may not find what you’re looking for if you’re only looking externally to fill a role. Internal female employees who show the aptitude and attitude to take on new challenges may be worth considering when hiring.
  3. Seeing beyond STEM: Think beyond science, technology, engineering and mathematics (STEM) backgrounds when recruiting. With so many security roles to fill, it only makes sense to consider non-traditional candidates with other backgrounds that go beyond the usual computer science and engineering degrees.
  4. Making HR an ally: Work with human resources (HR) on your diversity efforts. Develop a plan with human resources to help them understand your diversity goals and ensure you’re on the same page.
  5. Establishing mentoring programs: Develop mentoring programs within your organization. Strong employees are more likely to stay if they feel they have the support and mentoring that deepens their connections to the organization.
  6. Prioritizing event recruitment: Make an effort to get to and recruit from industry events where there is significant female attendance.

To date, the pace of change has been too slow, according to Joyce Brocaglia, CEO of cyber executive search firm Alta Associates and founder of the Executive Women’s Forum.

“Diversity of thought isn’t something the cybersecurity industry can be successful without,” Brocaglia said to Slate. “Why would you eliminate the brilliance of 50 percent of the population?”

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today