June 30, 2017 By Douglas Bonderud 3 min read

Women are underrepresented in IT. Estimates vary — as noted by Information Security Buzz, women make up 8 percent of the U.K. cybersecurity workforce, while Information Age reported that they represent only 11 percent of security professionals worldwide.

Numbers are slightly better in the technology market at large, where 25 percent of all IT staff are women. However, the Center for Cyber Safety and Education and ISC2’s “2017 Global Information Security Workforce Study” put the shortfall of cybersecurity experts at 1.8 million positions by 2022.

In a digital world crying out for more experts and trying to bridge the emerging cybersecurity skills gap, there’s a strong case for finding, training and hiring women to tackle tough IT jobs. In fact, there’s evidence that the XX factor offers significant advantages for the industry.

The Cybersecurity Gender Gap

While women are getting more traction in the workplace, they still face real challenges, from corporate cultures steeped in an old boys’ club mentality to earning less pay than male colleagues for the same work. But a study by Russia’s National Research University Higher School of Economics Neurolinguistic Laboratory, published in Human Physiology, revealed a critical advantage for women when it comes to multitasking.

According to the study’s author, Svetlana Kuptsova, “Our findings suggest that women might find it easier than men to switch attention.” While the exact mechanism isn’t known, the researchers hypothesized that women tend to spend more time thinking before diving into tasks, while men are often more impulsive. For cybersecurity professionals confronted with the need to handle multiple high-priority tasks at the same time, this XX advantage could prove invaluable.

Talking the Talk

As noted by Fortune, women are also, on average, better at communicating complex subjects in a clear and concise manner. Given the rise of IT as a line-of-business initiative, and the vested interest of C-suite members in knowing the details, potential pitfalls and outcomes of any cybersecurity plan, IT experts must now be able to both manage the technical jargon of vendors and deliver clear, high-level reports to stakeholders when the need arises. This helps ensure that IT departments and management are on the same page when it comes to security budgets, expectations and response strategies.

Target Market

Cybersecurity strategies are no longer confined to the local network. IT professionals are increasingly part of the front-facing discussion about onboarding stakeholders and consumers to ensure both personal and corporate data is secure. According to Tech.co, this offers a key opportunity for women: effective market targeting.

Consider a company rolling out new cybersecurity and user access protocols to keep financial data safe. Assuming an equal proportion of male and female clients, there’s a difference in how they behave.

The Harvard Business Review noted that repeated studies have demonstrated that women are less inclined to take risks than men. An all-male IT team might insist that that new two-factor authentication won’t hamper the user experience, for example, while female security professionals could provide the critical push to focus on risk-mitigating aspects of technology, such as reduced chances for identity theft, more control over personal data and protection from collection agencies if fraudsters breach online accounts.

Problem Solving From Different Perspectives

Niloofar Razi Howe has spent two and a half decades working with technology companies and is now the chief strategy officer at RSA. While she acknowledged the unique challenges facing women as they climb the cybersecurity ladder, she also pointed to a key advantage: a different approach to problem-solving.

“Women do tend to approach and solve problems differently than men — not better or worse, just differently — and when you’re trying to solve problems, why wouldn’t you want all options on the table?” she wrote on the official RSA Conference blog.

Women’s experience in the world is fundamentally different from men, leading to a different perspective when it comes to problem-solving. In cybersecurity situations, this could be as simple as having another opinion, which could open a new line of thought and ultimately lead to better-protected data and more proactive IT defense.

To counter the increasingly agile attacks of cybercriminals, it pays for companies to think outside the box. By adding more women to security teams, getting outside the box takes less time and yields better results.

New Initiatives to Close the Cybersecurity Skills Gap

There’s a shift underway in the cybersecurity industry. Infosecurity Magazine reported that more than 100 executive women in security recently participated in the very first Executive Women’s Forum (EWF) Cybersecurity Women on Capitol Hill Public/Private Symposium.

Beyond simply closing the cybersecurity skills gap, conference attendee Cindy Miceli of Alta Associates argued that “the skills and perspectives that women bring to cybersecurity teams are invaluable.” Specifically, adding the XX factor to existing security efforts can help improve overall efficiency, enhance communication, effectively deploy new access policies and shed new light on existing security issues.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today