Breaking the Security Glass Ceiling

A figure crouches over a laptop, furiously trying to crack the code to break into a critical system. While certainly a stereotype, it’s a narrative that many equate with cyber security. While the persona may lure young men into the profession, it’s a huge turn off for women, experts say, exacerbating a talent crunch when cyber security expertise is in peak demand.

“The way Hollywood movies and the media portray cyber security, it’s a bunch of dudes wearing hoodies, eating pizza, and hacking into stuff,” says Ambareen Siraj, a computer science professor and director of the cyber security program, at Tennessee Tech University. “Society in general is not informed about what a career in cyber security means.”

That misperception is a problem, Siraj contends, because there’s a huge gap in talent—right now, in the United States alone, there are about 285,000 cyber security jobs that sit empty because people lack the requisite skill sets. According to (ISC)², a cyber security and IT security professional organization, there will be a projected shortage of 1.8 million information security workers by 2022, an increase of 20% from the 1.5 million worker gap forecast in the 2015 report. To compound the problem, women comprise a small fraction  of the overall cyber security workforce—approximately 11% based on Frost & Sullivan’s 2017 Global Information Security Workforce Study, making it substantially harder to recruit female talent to help fill the pipeline.

“We need more people regardless of color, shape, sex or size, Siraj says. “Cyber security is a field where problems are very unique and challenging so you need people with different backgrounds and skills to consider things from different perspectives.”

Siraj, who has taught cyber security at the university for years, was alarmed when she continuously found herself the only woman in her classes. Concern about the lack of women prompted Siraj to apply for National Science Foundation (NSF) grant to start a program to broaden female participation in the cyber security field and to promote that area of education. Her efforts were the genesis for Women in Cyber Security (WiCyS), a non-profit organization and annual conference charged with introducing students (from college freshmen to PhD candidates) to the field while providing a community of peers for academics and industry professionals.

The model for the conference mandates that at least half of attendees are students and participation is low cost and oftentimes, free for students. The first conference kicked off in 2013 with 100 people; this year’s event registered more than 1,200 women attendees, Siraj says.

“It provides a way to bring academia, industry, and government under one roof to show women in cyber security there are others like you,” she explains. “We provide access to role models, mentors, opportunities, and resources.”

Increasing awareness, expanding mentorship opportunities, and creating women-oriented communities are crucial to amping up female representation in the field. Like other technology-related industries, women have shied away from cyber security roles because they don’t see others like them and are concerned about issues related to unconscious bias and the gender pay gap. Their concerns are well founded: The Frost & Sullivan Global Information Security Workforce Study found women were more likely to feel their opinions weren’t valued (28%), were paid on average 3% less than men in equivalent roles, and were more likely to encounter some form of discrimination, including something that unexpectedly delayed or denied career advancement (53%).

Lisa Jiggets, a long-time cyber security professional who began her career in the military, says there’s a real need for women-focused organizations where members can network and share experiences in a forum that feels comfortable. Jiggets knows of what she speaks: After leaving the military for an IT security role, she got involved in a hacker group to hone her security skills only to drop out because she didn’t feel like she belonged.

Fresh off that experience, Jiggets founded the Women’s Society of Cyber Jutsu, another non-profit seeking to empower women in the field. The group hosts meet ups and sponsors training, workshops, and general events to increase exposure of cyber security to women. Currently, there are 1,500 chapters around the country along with partnerships with industry organizations and businesses to raise awareness.

“We wanted to get like-minded women together so we could geek out and do our stuff in a more friendly environment,” she explains.

SANS Institute, a information security training provider and partner with Jigget’s group, is also invested in changing the dynamic. Since the typical feeders for cyber security posts are the military and gaming community—both heavily male dominated—the institute launched the Cyber Talent Immersion Academy for Women, an intensive, accelerated cyber security training and certification program that is 100% covered by scholarship for qualified candidates. Those accepted into the program are typically seniors in college pursuing a computer science or technical STEM degree or are graduates currently not working in the field, but who are looking to break in.

“We want to help people with passion find a pathway into the cyber security workforce,” says Max Shuftan, cyber talent program director at SAN Institute. “The ultimate goal is to provide the training and skills to help achieve industry recognized certifications and be deployed in the workforce.”

If you found this information useful, you may also enjoy:

• Frost & Sullivan’s 2017 Global Information Security Workforce Study
• Women in Tech
• Woman in Cyber Security