July 20, 2018 By Joan Goodchild 3 min read

There’s a shortage of women in security roles — and this is just one of the many challenges the cybersecurity industry is facing. There will also be 3.5 million unfilled cybersecurity positions by 2021, according to a 2017 report from Cybersecurity Ventures.

There’s a significant underrepresentation of women in the security field. Forrester published a study in February 2018, Best Practices: Recruiting And Retaining Women In Cybersecurity, which found that women represent just 11 percent of cybersecurity professionals worldwide.

So, how can industry leaders recruit and retain women to fill these crucial positions?

What Problems Do Women Face in Cybersecurity?

One reason organizations continue to struggle to fill roles with female candidates is an ongoing problem with sexism and discrimination, stressed Claire O’Malley, analyst and co-author of the 2018 Forrester study, in a Forrester blog post.

Other research from the field backs up this assertion. The Frost & Sullivan white paper, 2017 Global Information Security Workforce Study: Women in Cybersecurity, asked nearly 20,000 information security professionals around the world about discrimination and inclusion and found that 51 percent of women (and 15 percent of men) had experienced one or more forms of discrimination. These types of discrimination included unexplained denial of or delay in career advancement, exaggerated highlighting of mistakes or errors and tokenism.

How to Recruit and Retain Women in Security

Forrester Research offered suggestions for recruiting and retaining women in the security industry. The report provided actionable tips for organizations seeking to add more women to their ranks by creating an inclusive culture.

“The industry is making enormous strides, but with women occupying only 11 percent of cybersecurity positions, the playing field is still not close to level,” said O’Malley in her blog post. “The industry needs to change its recruiting and retainment efforts to better the workplace for women and all employees as it fills the millions of open jobs.”

As recruitment continues to lose pace with workforce demand, companies will have to deliberately change gears into taking more proactive steps to lift the roadblocks to equal representation.

With these hurdles in mind, Forrester recommends:

  1. Partnering with educational institutions: Partner with colleges and universities with high female enrollment. Seek candidates from schools with known partnerships with professional development programs, such as Women in Science and Engineering.
  2. Looking internally for change-seekers: Look internally to women who may be eager for a career change. You may not find what you’re looking for if you’re only looking externally to fill a role. Internal female employees who show the aptitude and attitude to take on new challenges may be worth considering when hiring.
  3. Seeing beyond STEM: Think beyond science, technology, engineering and mathematics (STEM) backgrounds when recruiting. With so many security roles to fill, it only makes sense to consider non-traditional candidates with other backgrounds that go beyond the usual computer science and engineering degrees.
  4. Making HR an ally: Work with human resources (HR) on your diversity efforts. Develop a plan with human resources to help them understand your diversity goals and ensure you’re on the same page.
  5. Establishing mentoring programs: Develop mentoring programs within your organization. Strong employees are more likely to stay if they feel they have the support and mentoring that deepens their connections to the organization.
  6. Prioritizing event recruitment: Make an effort to get to and recruit from industry events where there is significant female attendance.

To date, the pace of change has been too slow, according to Joyce Brocaglia, CEO of cyber executive search firm Alta Associates and founder of the Executive Women’s Forum.

“Diversity of thought isn’t something the cybersecurity industry can be successful without,” Brocaglia said to Slate. “Why would you eliminate the brilliance of 50 percent of the population?”

More from CISO

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today