We need to change the way we think about and practice cyber security, and we need women and others from a more diverse professional background to help us do that.
The low number of women in cyber security, and ways that we might encourage more women into the field, has been receiving a lot of attention recently. This led me to ponder why I think it is important that more women become cyber security professionals.
There is certainly little doubt that women are under-represented in cyber security. Research released in 2015 found that, globally, 10% of information security professionals are women. The 2017 version of this research indicates little change with the current percentage at 11%. This latest research also notes that more of those women have advanced degrees but get paid less. Information from AISA puts the number of female members slightly higher at 12%. From the various industry events I attend and my networks of information security colleagues, these numbers are about right.
Upping the number of women in cyber security is often linked to the cyber security skills shortage. Presumably the idea is that more women will increase the total number of cyber security workers and reduce the so-called shortage. This seems to assume that the cyber security skills shortage is a simple problem of supply versus demand: if there were more people in ‘cyber security’ (and that would include women if we could just get more of them interested), they would all be employed because of the pervasive shortage of skilled staff. But is the cyber security skills shortage as simple as that? Recent research I did with AISA suggests that the problem is as much with demand, and the way organisations recruit and develop cyber security specialists and the barriers to entry into the profession, as it is a problem of supply…Click HERE to read full article.
