There’s a shortage of women in security roles — and this is just one of the many challenges the cybersecurity industry is facing. There will also be 3.5 million unfilled cybersecurity positions by 2021, according to a 2017 report from Cybersecurity Ventures.

There’s a significant underrepresentation of women in the security field. Forrester published a study in February 2018, Best Practices: Recruiting And Retaining Women In Cybersecurity, which found that women represent just 11 percent of cybersecurity professionals worldwide.

So, how can industry leaders recruit and retain women to fill these crucial positions?

What Problems Do Women Face in Cybersecurity?

One reason organizations continue to struggle to fill roles with female candidates is an ongoing problem with sexism and discrimination, stressed Claire O’Malley, analyst and co-author of the 2018 Forrester study, in a Forrester blog post.

Other research from the field backs up this assertion. The Frost & Sullivan white paper, 2017 Global Information Security Workforce Study: Women in Cybersecurity, asked nearly 20,000 information security professionals around the world about discrimination and inclusion and found that 51 percent of women (and 15 percent of men) had experienced one or more forms of discrimination. These types of discrimination included unexplained denial of or delay in career advancement, exaggerated highlighting of mistakes or errors and tokenism.

How to Recruit and Retain Women in Security

Forrester Research offered suggestions for recruiting and retaining women in the security industry. The report provided actionable tips for organizations seeking to add more women to their ranks by creating an inclusive culture.

“The industry is making enormous strides, but with women occupying only 11 percent of cybersecurity positions, the playing field is still not close to level,” said O’Malley in her blog post. “The industry needs to change its recruiting and retainment efforts to better the workplace for women and all employees as it fills the millions of open jobs.”

As recruitment continues to lose pace with workforce demand, companies will have to deliberately change gears into taking more proactive steps to lift the roadblocks to equal representation.

With these hurdles in mind, Forrester recommends:

  1. Partnering with educational institutions: Partner with colleges and universities with high female enrollment. Seek candidates from schools with known partnerships with professional development programs, such as Women in Science and Engineering.
  2. Looking internally for change-seekers: Look internally to women who may be eager for a career change. You may not find what you’re looking for if you’re only looking externally to fill a role. Internal female employees who show the aptitude and attitude to take on new challenges may be worth considering when hiring.
  3. Seeing beyond STEM: Think beyond science, technology, engineering and mathematics (STEM) backgrounds when recruiting. With so many security roles to fill, it only makes sense to consider non-traditional candidates with other backgrounds that go beyond the usual computer science and engineering degrees.
  4. Making HR an ally: Work with human resources (HR) on your diversity efforts. Develop a plan with human resources to help them understand your diversity goals and ensure you’re on the same page.
  5. Establishing mentoring programs: Develop mentoring programs within your organization. Strong employees are more likely to stay if they feel they have the support and mentoring that deepens their connections to the organization.
  6. Prioritizing event recruitment: Make an effort to get to and recruit from industry events where there is significant female attendance.

To date, the pace of change has been too slow, according to Joyce Brocaglia, CEO of cyber executive search firm Alta Associates and founder of the Executive Women’s Forum.

“Diversity of thought isn’t something the cybersecurity industry can be successful without,” Brocaglia said to Slate. “Why would you eliminate the brilliance of 50 percent of the population?”

More from CISO

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Do You Really Need a CISO?

2 min read - Cybersecurity has never been more challenging or vital. Every organization needs strong leadership on cybersecurity policy, procurement and execution — such as a CISO, or chief information security officer. A CISO is a senior executive in charge of an organization’s information, cyber and technology security. CISOs need a complete understanding of cybersecurity as well as the business, the board, the C-suite and how to speak in the language of senior leadership. It’s a changing role in a changing world. But…

2 min read

What “Beginner” Skills do Security Leaders Need to Refresh?

4 min read - The chief information security officer (CISO) was once a highly technical role primarily focused on security. But now, the role is evolving. Modern security leaders must work across divisions to secure technology and help meet business objectives. To stay relevant, the CISO must have a broad range of skills to maintain adequate security and collaborate with teams of varying technical expertise. Learning is essential to simply keep pace in security. In a CISO Series podcast, Skillsoft CISO Okey Obudulu recently said,…

4 min read

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read