Cybersecurity has a gender problem, how do we solve it? asks Shamla Naidoo, pictured, Head of Cloud Security at the cyber platform Netskope.
More than ever, enterprises need diversity to ensure they are robust, sustainable and future-driven. Yet men still make up 80 per cent of cybersecurity employees globally. Fixing the gender gap should be top of mind so that the industry is not negatively impacted.
Cybersecurity is a rapidly scaling sector, growing by 12.4 per cent annually across the globe, thanks to a surge in cloud-based enterprise infrastructure and increasingly sophisticated and prevalent cyber attacks. To cater to this trend, the number of cybersecurity jobs will grow by 32pc in the next decade. However, current demand for talent is already at a high, and there are 600,000 unfilled cybersecurity positions in the US today. As a result, 70pc of cybersecurity workers do not feel their organisations have enough staff to defend themselves against attacks.
Worryingly, in addition to the slow onboarding of cyber talent, the few women that work in cybersecurity are leaving their careers at an alarming rate. The State of Inclusion of Women in Cybersecurity report found that women frequently experience situations that impact their ability to grow and advance in their careers, and this experience is strongly linked to poor retention rates.
The talent shortage problem and gender gap problem in cybersecurity are therefore intrinsically linked. If we fix the issue of gender diversity in the workplace, and empower more women to join, maintain and advance in their careers, we’ll naturally solve the talent shortage problem. With such a talent shortage, hiring more women is not about replacing a man with a woman, but rather about adding women to the total workforce. So, how do we approach this?
Hire skill sets, not titles
There is a common, irritating theory that there is a lack of women in cyber because few have STEM educational backgrounds. However, the tendency for hiring managers in cyber to solely hire in their own image (looking for candidates with a similar academic pathway and career history) is the real source of the problem because it excludes people who approach cybersecurity outside typical educational or technical routes (many of those being women). In reality, you don’t need pure cybersecurity experience to be an ideal candidate for cybersecurity roles because, crucially, clever people can learn. There simply needs to be the resources set aside to help with a learning and onboarding process with each new hire.
Unfortunately, even when hired, women in cyber are often labelled as “not technical enough” for their roles; even NVIDIA’s Director of Cyber Defense Operations, Shawn Richardson, has faced this criticism in her career. This forces women in cybersecurity to work a lot harder to prove themselves in comparison to men where, in contrast, knowledge is often assumed. Dismissing women generally in this way is not only sexist, but a total barrier to positive inclusion and company growth. Therefore, every enterprise should be widening the hiring net, dedicating time and resources to thorough, targeted training and working to shift the culture around women in cybersecurity so they are empowered to do their best work.
Take mental health seriously
Cybersecurity employees everywhere can also be better supported by greater care and strategy attributed to mental health awareness. It’s no surprise that cybersecurity is a tough industry, as teams grapple with serial alerts of potential breaches and suspicious activity, and face the risk of creating serious damage with any wrong move. It’s a taxing environment that unfortunately leads to unusual levels of mental health issues.
As cybersecurity demand continues to exponentially increase, it’s imperative that we do our best as an industry to create an environment that people want to work in, particularly for women who are already facing barriers at work. This can be accomplished by offering employees a support programme designed to equip employees with simple tools to use when work-related stress peaks, thus mitigating pain points before they become issues.
Make it work at every level
A successful diverse workforce requires a positive gender divide at all levels of the business, not simply with entry level hires. Currently the gender split within leadership across all business roles is shocking – for example currently just 8 of the FTSE 100 CISOs are women. Yet, according to Harvard Business Review, women consistently score higher than men in the majority of leadership competencies, so there is no adequate reason for this gender skew.
Lack of diversity at board level has a real impact on how diversity is reflected in the breadth of a business. Put simply, if an all male, all white, board addresses a company to discuss the importance of a diverse workforce, they will never be taken seriously. Avoiding this issue has real adverse consequences: according to McKinsey, the most diverse companies are significantly more likely to outperform less diverse peers on profitability. In today’s macroeconomic climate, it’s more important than ever to make sure women have a seat in the boardroom to drive real change across their business and the wider industry.
Address diversity as a whole
It’s common to talk about gender, but there is another aspect to the diversity conversation that is talked about less, and that’s being a woman of colour in the industry. If you consider how few women are in cybersecurity roles, even fewer of those women are women of colour. Striving toward a more inclusive industry means you should take this category into consideration and work out how to make these women in particular feel welcomed and supported in the cybersecurity field.
All in all, cybersecurity is an important and exhilarating place to work. The industry must evolve and grow rapidly to defend against continuous and sophisticated global threats, and we need a strong, diverse talent group to get there. While International Women’s Day is the ideal time of year for enterprise and security leaders to consider how to make cybersecurity a more inclusive place for everyone to meet that need, it will take awareness and investment all year round to start to solve the problem.
About Shamla Naidoo
Shamla Naidoo, Head of Cloud Security at Netskope, is a technology industry veteran with experience of businesses across sectors. She has led digital strategy in executive leadership roles such as Global CISO, CIO, VP, and Managing Partner, at companies like IBM, Anthem (Wellpoint), Marriott (Starwood), and Northern Trust. Shamla has helped organizations in over 20 countries recognize the impact of digital transformation globally and advise their stakeholders on predicting and navigating the necessary changes in laws and regulations. She has worked with intelligence communities to use digital and cyber within their organizations to protect businesses and society from technology misuse.
