Latest News

As we celebrate International Women's Day, it is important to acknowledge that the field of cyber security, like most information technology fields, could still benefit from more women in key roles.

As a business owner in the field, a cyber security professional and a woman, I've got some first-hand experience of the imbalances in the sector more broadly. Women are underrepresented and this is an imbalance that can and should be corrected. Why? Because it has tangible benefits. Having diverse perspectives is critical in the cyber security industry as it helps organisations to identify and mitigate different types of risks.

Countless academic and research studies have proven a key fact beyond doubt: diverse teams perform better.

In this blog, I'll explore the importance of increasing the representation of women in the cyber security industry and the benefits that come with having a diverse workforce.

The Current State of Gender Diversity in Cyber Security

Historically, the IT industry has been a male-dominated field, and this trend has carried over to the cyber security industry as well. Statistics from the United States suggest that women only make up 26% of the IT workforce. As cyber security goes hand in hand, it’s reasonable to assume those numbers are very similar in our field.

There are several factors that have contributed to this disparity, including a lack of female role models, subtle gender biases in hiring and promotion practices, and policies and programs that could be tailored better to attract talented women.

And when it comes to the cyber security industry specifically, women face several challenges. These include a lack of access to peer mentorship and networking opportunities because of the fact that they are likely to be a minority in any organisation they join. The cyber security industry has a reputation for being a male-dominated profession, which can also be a factor that discourages participation from some women who are interested in pursuing a career in the field.

Another factor is the perception that technical roles require advanced degrees in math, computer science or engineering, which are degrees that have traditionally been male-dominated. This perception can discourage women from pursuing technical careers, even if they have the necessary skills and aptitude.

However, there is evidence that these perceptions are changing in the younger generation. 46% of advanced math test takers at the high school level in 2021 were girls. The number was lower when it came to computer science, at 30%, but that figure has trended up in recent years.

But here's a secret you don't need to be great at maths or do computer science to work in cyber security! Cyber security roles are vast, and individuals with non-technical backgrounds can and do transition into cyber security. Security awareness programs need an understanding of organisational culture and soft skills. These skills are often superior in female employees. What's more mitigating cyber risk is a large aspect of security practices, previous experience with governance, risk, psychology or legal is invaluable in understanding a hacker's rationale and defending against cyber incidents.

The Benefits of Women in Cyber Security

Increasing the representation of women in the cyber security industry has several benefits for organisations. Here are some that I’ve observed:

1. Diverse perspectives: Women bring different experiences and perspectives to the table, which can lead to more innovative solutions to complex problems. This can help to identify and mitigate different types of risks, improving overall cyber security.
2. Improved problem-solving skills: Dozens of studies have shown empirically that diverse teams tend to be better at problem-solving than homogenous teams. Why does this occur though? It’s theorised that individuals with different backgrounds and experiences can approach problems from different angles, leading to more creative and effective solutions as those perspectives combine.
3. Enhanced innovation: Similarly, when teams are diverse, they are more likely to come up with innovative ideas to tackle current challenges and even anticipate future threats, which is crucial to cyber security.
4. Improved company culture: By promoting diversity in the workforce, organisations can create a more positive and welcoming work environment. This can lead to higher employee satisfaction and retention rates, as well as improved brand reputation. In turn, this can help attract high performers and positive contributors to company culture, which begins a positive feedback loop.

The Solutions: Attracting More Talented Women to the Field

I’ve always preferred a solutions-focused mindset. So, from my experience, and from talking to many others in the field, here are some of my thoughts on how to improve the number of talented women who choose cyber security as a career:

1. Mentorship programs: continue establishing mentorship programs that pair women in cyber security with more experienced professionals in the field. I'm honoured to be a mentor for the AWSN's Women in Security Mentoring Program, the program is in partnership with the Australian Signals Directorate (ASD).
2. Networking opportunities: cyber security firms, universities, TAFEs, and peak bodies can host networking events that bring together women in cyber security to connect, share best practices, and build relationships.
3. STEM programs: the more girls that enrol in STEM programs at school the better. We need to start young and make sure girls are empowered to learn more about science, technology, engineering, and maths. Females can change the world.
4. Traineeship programs: you are never too old to change your career. Traineeship programs are designed to bring existing knowledge and are looking to retrain in security. We need to encourage more women to join us and businesses to sponsor these programs.
5. Inclusive hiring and promotion practices: businesses should work to eliminate any explicit and implicit gender biases in their hiring and promotions. One bias that needs to stop now relates to women leaving the workforce to start families, that woman is now an expert multitasker; move on. Also, a practical way to vet candidates without incurring any additional cost is by using blinded resume reviews so that candidates are assessed solely on their merits.

Key Takeaways

I firmly believe that by attracting and retaining more women to the fast-growing and exciting field of cyber security, businesses of all kinds will benefit from diverse perspectives, innovative solutions, and improved problem-solving skills.

By continuing to invest in mentorship programs, networking opportunities, STEM programs, traineeship programs, and inclusive hiring and promotion practices we can help to ensure that women who choose a career in this exciting and growing field have the support and resources they need to succeed in cyber security.

If you are interested in hearing more on women in cyber security, please get in contact and ask for Sarah.