July 20, 2018 By Joan Goodchild 3 min read

There’s a shortage of women in security roles — and this is just one of the many challenges the cybersecurity industry is facing. There will also be 3.5 million unfilled cybersecurity positions by 2021, according to a 2017 report from Cybersecurity Ventures.

There’s a significant underrepresentation of women in the security field. Forrester published a study in February 2018, Best Practices: Recruiting And Retaining Women In Cybersecurity, which found that women represent just 11 percent of cybersecurity professionals worldwide.

So, how can industry leaders recruit and retain women to fill these crucial positions?

What Problems Do Women Face in Cybersecurity?

One reason organizations continue to struggle to fill roles with female candidates is an ongoing problem with sexism and discrimination, stressed Claire O’Malley, analyst and co-author of the 2018 Forrester study, in a Forrester blog post.

Other research from the field backs up this assertion. The Frost & Sullivan white paper, 2017 Global Information Security Workforce Study: Women in Cybersecurity, asked nearly 20,000 information security professionals around the world about discrimination and inclusion and found that 51 percent of women (and 15 percent of men) had experienced one or more forms of discrimination. These types of discrimination included unexplained denial of or delay in career advancement, exaggerated highlighting of mistakes or errors and tokenism.

How to Recruit and Retain Women in Security

Forrester Research offered suggestions for recruiting and retaining women in the security industry. The report provided actionable tips for organizations seeking to add more women to their ranks by creating an inclusive culture.

“The industry is making enormous strides, but with women occupying only 11 percent of cybersecurity positions, the playing field is still not close to level,” said O’Malley in her blog post. “The industry needs to change its recruiting and retainment efforts to better the workplace for women and all employees as it fills the millions of open jobs.”

As recruitment continues to lose pace with workforce demand, companies will have to deliberately change gears into taking more proactive steps to lift the roadblocks to equal representation.

With these hurdles in mind, Forrester recommends:

  1. Partnering with educational institutions: Partner with colleges and universities with high female enrollment. Seek candidates from schools with known partnerships with professional development programs, such as Women in Science and Engineering.
  2. Looking internally for change-seekers: Look internally to women who may be eager for a career change. You may not find what you’re looking for if you’re only looking externally to fill a role. Internal female employees who show the aptitude and attitude to take on new challenges may be worth considering when hiring.
  3. Seeing beyond STEM: Think beyond science, technology, engineering and mathematics (STEM) backgrounds when recruiting. With so many security roles to fill, it only makes sense to consider non-traditional candidates with other backgrounds that go beyond the usual computer science and engineering degrees.
  4. Making HR an ally: Work with human resources (HR) on your diversity efforts. Develop a plan with human resources to help them understand your diversity goals and ensure you’re on the same page.
  5. Establishing mentoring programs: Develop mentoring programs within your organization. Strong employees are more likely to stay if they feel they have the support and mentoring that deepens their connections to the organization.
  6. Prioritizing event recruitment: Make an effort to get to and recruit from industry events where there is significant female attendance.

To date, the pace of change has been too slow, according to Joyce Brocaglia, CEO of cyber executive search firm Alta Associates and founder of the Executive Women’s Forum.

“Diversity of thought isn’t something the cybersecurity industry can be successful without,” Brocaglia said to Slate. “Why would you eliminate the brilliance of 50 percent of the population?”

More from CISO

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

The CISO’s guide to accelerating quantum-safe readiness

3 min read - Quantum computing presents both opportunities and challenges for the modern enterprise. While quantum computers are expected to help solve some of the world’s most complex problems, they also pose a risk to traditional cryptographic systems, particularly public-key encryption. To ensure their organization’s data remains secure now and in the future, chief information security officers (CISOs) should educate themselves about quantum computing, proactively address the coming quantum risks to cybersecurity and work to establish cryptographic agility in their enterprise.A future cryptographically…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today