Despite growing threats from hackers and a talent shortage in the information security industry, women and minorities remain significantly underrepresented in the cybersecurity profession.
Women make up just 11 percent and minorities are slightly less than 12 percent of the cyber workforce, noted Amjed Saffarini, CEO of Arlington, Va.-based CyberVista, a cybersecurity workforce development firm.
"With a potential shortfall of qualified cybersecurity professionals estimated at 1.5 million by 2019, the industry simply can't afford to ignore such a large pool of potential talent," said Saffarini, who cited these global industry figures in a release as he announced that his company will provide cybersecurity certification training funds to women and minorities.
Industry unemployment stood at 0 percent last year, with 1 million open jobs, Cybersecurity Ventures reported. The cyber economy research firm, based in Menlo Park, Calif., has predicted that global spending on cybersecurity products and services will surpass $1 trillion cumulatively between 2017 and 2021 and that annual cybercrime costs will reach $6 trillion in 2021. Cybercrime costs, according to the company, come from "damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm."
"Cybercrime fueled a cybersecurity market explosion over the past five years, leading to 1 million cybersecurity job openings [at the beginning of] 2016. All signs point toward a prolonged cybersecurity workforce shortage through at least 2021," said Steve Morgan, Cybersecurity Ventures founder and CEO, in a jobs report last year.
The Arlington, Va.-based Women's Society of Cyberjutsu (WSC) recently joined with Carnegie Mellon University to provide scholarships to WSC members. WSC is a nonprofit organization aiming to help women advance in the cybersecurity field.
"It is our responsibility to do all we can to enable and encourage women to advance in the cybersecurity field," said Jessica Gulick, vice president of the WSC national board.
'More companies are realizing that the only way to get great people is to invest in workforce, diversity and social responsibility.'
Obstacles to Gender Diversity
Deborah Hurley, associate faculty director for data privacy in Brown University's cybersecurity program, told SHRM Online that girls tend to self-select out of math and science professions by middle school.
"The situation assumes disastrous proportions when you consider that, by self-selecting out of science and technology, women have closed themselves off from the biggest engines of wealth creation in our era," Hurley said.
"The women who do go into science and technology fields encounter a virtually all-male environment or a cliff of discrimination," added Hurley, noting the "miniscule" percentage of women working in Silicon Valley. "Some women drop out. Others hang in there but do not receive the same recognition, training or opportunities as their male colleagues."
Corporate culture and retention are part of the problem. The attrition rate for women in the science, technology, engineering and math (STEM) professions "remains high and has resulted in a critical shortage of women in technical leadership positions," the Society of Women Engineers noted last year. Thirty percent of women who have left engineering cited organizational climate as the reason, the group stated. Some attribute the dearth of women in the field to a "frat mentality" or "bro-grammer culture"—that is, a culture that is dominated by an attitude of machismo.
Female representation in the tech industry has been declining for 25 years, even as technology has surged and tech workers' salaries have surpassed average private-sector pay, according to trade association CompTIA, based in Downers Grove, Ill.
"The industry has done a historically poor job in recruiting women and, among those that do join the workforce, [a poor job in] offering them a clear path for advancement and promotion," CompTIA spokesman Steven Ostrowski told SHRM Online.
"More companies are realizing that the only way to get great people is to invest in workforce, diversity and social responsibility," he said. "Companies seeking to become more inclusive in their hiring should examine and question their own assumptions and unintentional biases in their hiring process."
Employers should also look beyond traditional job boards, Ostrowski suggested.
"What are you doing with colleges, community colleges, high schools, community groups and local workforce boards?" he asked. In addition, providing each new employee with support, mentorship and training during his or her first six to 12 months "will pay off with a more productive and loyal employee," he said.
"Having a more diverse workforce creates a more diverse culture within the company. That's good for business," Ostrowski said.
Wanted: Diverse Role Models
Women and members of racial and ethnic minorities also need to recognize their potential in the field.
Lisa Kimball, vice president of identity management at Ashburn, Va.-based cybersecurity firm Telos Corp., said she recently spoke to a young female call center technician who is also a Navy Reserve intelligence specialist who initially assumed that her less-than-perfect high school math scores would preclude a successful cyber or intelligence career.
"Once she began on-the-job training, however, it quickly became clear that she was more than equal to the task, and today she's a tech rock star," said Kimball.
Ray McKenzie, founder of Los Angeles management consulting group Red Beach Advisors and a former cybersecurity executive, traces the industry's lack of diversity to the lack of "direct influencers" in the field for minority students.
"I make an effort to speak to schools in minority environments and try to increase exposure to the cybersecurity industry," McKenzie, who is black, told SHRM Online.
"There are not as many minority cybersecurity professionals in the community or in movies to depict those roles. The minority cybersecurity professionals that I know made a career switch to pursue technology after leaving another industry."
He suggested that those in the cyber workforce connect with schools and nonprofits to show young people that they can pursue a career in the profession.
By Dinah Brin