Skip to content ↓ | Skip to navigation ↓

Over the years, there have been many news headlines, policy reports, white papers, and corporate newsletters that have highlighted cybersecurity workforce challenges; namely, the global shortage of cybersecurity professionals. Some of the challenges involved in achieving a more desirable cyber workforce include addressing the barriers to entry for marginalized individuals, gender disparities including the gender pay gap, and employer assertions of cyber workforce shortages due to unskilled, or low-skilled, individuals interested in working in the cybersecurity field.

In 2019, the Center for Strategic & International Studies (CSIS) published The Cybersecurity Workforce Gap. It summarizes the results of a survey that looked at the cyber workforce shortages across eight countries. The survey results revealed that 82% of employers reported a shortage of cybersecurity skills and that 71% believed the shortage created significant risk for their organizations. One explanation for challenges in hiring cybersecurity professionals is the lack of technology skills that employers believe are most desirable for the roles that they seek to fill. 

In addition to looking at the lack of technology skill set argument, it may be possible to address the shortage of cyber security professionals through the lens of the recruiting, hiring, and retention process as well as diversity, inclusion, and equity (DI&E) efforts.

Cybersecurity and DI&E Initiatives

In 2020, many cybersecurity companies publicly prioritized, or re-committed to, their DE&I initiatives. After last year’s social protests following several instances of injustice, civil unrest, and the new work-from-home status that many of us found ourselves in due to the Covid-19 pandemic, there was a significant uptick in public commitments to DI&E initiatives. Article after article and social media post after social media post, the world witnessed not only a renewed focus on DI&E programs but also an expansion of DI&E to include the concept of belonging. Hence the acronym DIE&B, which stands for the phrase “diversity, Inclusion, equity and belonging.” 

Thought leaders in the DI&E space often advocate for strong, well-funded initiatives by citing data that demonstrates how diversity in the workplace leads to greater productivity, expanded creativity, greater problem solving, enhanced employee engagement, and higher retention rates. Karima Mariama-Arthur, Esq., founder and CEO at WordSmithRapport, notes that bringing otherwise marginalized communities to the table as valued stakeholders and developing a culture that values the unfettered contributions of all are key to advancing these objectives and building goodwill that not only changes perspectives but also transforms interpersonal dynamics for the long haul. Organizations that recognize the need to increase their DI&E efforts is commendable, indeed. 

While diversity in the workplace can be described in many different ways, gender diversity will be the focus for this article.

Global Recruiting and Hiring Challenges

Cyber Women Ireland, an organization focused on the advancement of women in the security community in Ireland, noticed a DIE&B gap in the cybersecurity community. In response to a finding included in the Cyber Ireland 2021 Cyber Skills Report stating that 27% of companies reported difficulty retaining women in their cybersecurity team, the organization created the Diver{Se}curity Project and published a report that addresses recruiting, hiring and retention, DIE&B, and the gender pay gap.

Gender Diversity and Efforts to Recruit Women

Organizations focused on gender diversity in the cyber workforce must pinpoint why they are unable to recruit more women cyber professionals. They must also consider whether they truly understand the sentiment of a prospective candidate and employee as it relates to inclusiveness and belonging? 

On the topic of attracting more women to the cyber workforce, Joanne O’Connor, project lead of Diver{se}curity Report, founder of Cyber Women Ireland, and founder of Cyber Awareness Interdisciplinary Consortium Ireland (CAICI), believes that we don’t encourage enough diversity on our cyber panels and webinars. She points out what many women across industries, but especially in cybersecurity, have remarked about, and that is the term ‘manels.’ Evident on social media platforms like LinkedIn and Twitter prior to the COVID-19 pandemic, manels is a word used to describe all-male panels usually speaking at a technology or cybersecurity conference. Joanne posed a thoughtful question, which was “How can we inspire more women to join our industry when all they see is the men being allowed to speak on public platforms?” She logically concluded that “They might think, why would I join an industry that clearly doesn’t see women making it to the top?”

Based on the survey results, organizations may be able to improve their chances of recruiting more women if due consideration is given to the following:

  • A clear and visible career progression path
  • Improved, more thoughtful, gendered language in job postings
  • An inclusive recruitment process (e.g., one that considers people with neurodiversity needs)

Another way to improve the cyber workforce gender gap is to focus efforts on retaining those women. 

Hiring and Retention

The Diver{Se}curity Report asked respondents about the use of gender quotas for interview panels as well as quotas to meet an organization’s hiring needs. The survey results show that 25% of respondents indicated that their organizations use gender quotas for panel interviews, and 10% of respondents indicated that their organizations have gender quotas in place to support hiring a diverse cyber workforce. 

The report noted the issue of low retention numbers among women cybersecurity professionals and highlighted the need to dig deeper to identify the root cause of an organization’s inability to retain women cyber professionals. Digging deeper requires thoughtful questions that will help narrow in on exactly what prompted disengagement from the employer. Many times, this type of insight is provided in an exit interview. Interestingly, the report states that 66% of respondents did not participate in an exit interview at the time they left their employer. Failing to perform an exit interview puts the organization at a huge disadvantage, as they miss out on valuable data that they are unlikely to have an opportunity to obtain at any other point during their re-engagement with the employee. 

Some respondents provided suggestions for what they believe will contribute to improving retention numbers for women in the cyber workforce; they include:

  • Ensuring equal pay between men and women
  • Providing workplace flexibility
  • Fostering a family-friendly culture
  • Ensuring that the organization’s environment is one where women feel comfortable being their authentic self

Another necessary consideration for organizations is whether women feel that their unique experience is supported by the organization’s leadership. Some survey respondents stated that experiencing burnout during their work-from-home status due to Covid-19 was not openly discussed and that discussing it was “seen as a weakness” in women more so than men. In fact, in response to whether their organization encouraged taking time for mental health safety reasons, 42.7% answered “no.” Joanne O’Connor shared that “The onus is on the leaders to create that culture of openness around burnout.” 

Conclusion 

Resolving the gender disparities that continue to persist will require increased thoughtfulness, additional, diverse insights, and new strategies. It’s clear that in addition to the leadership within an organization and well-funded DI&E programs, the profession will also need to rely on those individuals who are in the best position to influence recruiting, hiring, and retention. They need to do their part to make the cybersecurity space a more rewarding and welcoming one for everyone.


About the Author: Ambler is an attorney with a background in corporate governance, regulatory compliance and data privacy. She currently consults on governance, risk and compliance, enterprise data management as well as data privacy and security matters in Washington, DC.  

LinkedIn: https://www.linkedin.com/in/amblertjackson/

Twitter: @amblerjackson

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.