Women in IT Security Lack Opportunities, Not Talent

Female IT professionals in cybersecurity are as skilled as their male counterparts but still face challenges in career advancement and career opportunities, according to a study by nonprofit organization Women in CyberSecurity (WiCyS) and N2K Networks.

The study, which surveyed nearly 400 WiCyS members, showed that women in cybersecurity have the aptitude, knowledge, and skills for career growth, aligning with the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. The framework categorizes and defines the various roles within the cybersecurity field.

The findings follow an April study by WiCyS and DEI firm Aleria. The study, which surveyed about 1,000 employees from 20 organizations, revealed that women face exclusion at twice the rate of men and encounter multiple obstacles that hinder recruitment, hiring, retention, and career advancement at the same rate as men.

The 2024 Speak Up survey by Ensono, which included 1,500 female tech employees in the United States, UK, and India, reached similar conclusions.

Persistent Barriers to Advancement

"As we enter the second half of 2024, the climate for women in cybersecurity shows both promising advancements and ongoing challenges," said Lynn Dohm, executive director at WiCyS. She noted that while there is increasing recognition of the value of diversity and inclusion, with more organizations actively promoting allyship and implementing supportive policies, women’s representation within cybersecurity remains low.

Related:ITPro Today 2024 IT Salary Survey Report

Dohm highlighted several substantial challenges to career advancement for women in the field:

"These challenges collectively contribute to the difficulty women face in advancing their careers in cybersecurity," Dohm said.

Teresa Rothaar, governance, risk, and compliance analyst at Keeper Security, also pointed to the significant underrepresentation of women in IT security. "Women remain notably outnumbered in cybersecurity roles despite efforts to close the gap, and men continue to dominate the field, particularly in leadership and technical positions," she said.

Related:Getting Into Cybersecurity: A Guide for IT Security Careers

Rothaar added that gender pay gap persists in cybersecurity, with women often earning less than their male counterparts for similar roles.

Mentors and Role Models

Despite the obstacles, Dohm said that female cybersecurity leaders play a crucial role in expanding opportunities for others by serving as mentors and role models. They can guide and support women entering the field or seeking career advancement.

Female leaders are also instrumental in advocating for policies and practices that promote diversity and inclusion, such as equitable hiring practices, sponsorship programs, and family-friendly policies. "By actively working to create a more inclusive environment, female cyber leaders can help pave the way for future generations of women in cybersecurity," Dohm said.

Callie Guenther, senior manager of cyber threat research at Critical Start, agreed that female leaders can significantly impact the industry by mentoring younger professionals. Mentors can provide guidance, share knowledge, and open doors to new opportunities. "Simply by being visible, female leaders help change perceptions about who can be a leader in cybersecurity, thereby inspiring others and normalizing women in high roles," she said.

Related:Closing the Gender Pay Gap in IT: A Step Closer to Clinking Champagne Glasses

However, Guenther noted that women often encounter unconscious biases that affect decisions regarding leadership potential and technical capabilities, particularly as it relates to perception bias. "Women in cybersecurity, as in many other fields, often face double standards in how their actions and words are perceived compared to their male counterparts," she said. For example, assertiveness, decisiveness, and direct communication – qualities praised in male leaders – can be unfairly labeled as aggressive or overly emotional when exhibited by women. This disparity in perception can hinder women from being seen as potential leaders or being evaluated fairly.

"Addressing these biases is crucial for creating a truly equitable workplace where everyone is judged by the same standards and behaviors are interpreted consistently, regardless of gender," Guenther said.

Isabelle Dumont, CMO at DeNexus, also said that women entering cybersecurity need role models to envision career possibilities and build confidence in their path to success and leadership. "Mentoring can make a difference between a slow-moving and an accelerated career," she explained.

Dumont recommended that female cybersecurity leaders:

"Training on executive presence, confidence-building, or negotiation skills remains constant across all sectors to help women take on leadership roles," Dumont said.

Need for Training Opportunities

Rothaar emphasized that women in cybersecurity need more support for continuing education and professional development. She believes that more training opportunities specifically for women are needed.

Offering grants or reimbursement programs for advanced cybersecurity certifications (such as the CISSP, CISM, and CEH) can help ensure that women have equal opportunities to advance their careers. "These certifications are expensive – for example, I recently spent nearly $1,000 to take the CISSP exam – making them inaccessible to women who do not already have high-paying jobs in the industry," Rothaar said.

She also suggested creating more internship opportunities specifically targeted at women to provide practical experience and exposure to real-world cybersecurity challenges.

Guenther stressed the importance of providing women in cybersecurity with specialized training in finance and business management. "These skills are crucial for those aiming to reach senior leadership positions or entrepreneurial roles within the field," she explained. Training initiatives could include workshops, seminars, and courses tailored to integrate core cybersecurity concerns with business financial management.

Understanding financial statements, budget management, and the economic aspects of cybersecurity projects enables women to make informed decisions and contribute strategically to business growth. This knowledge not only enhances their competencies but positions them as valuable stakeholders in their organizations, capable of leading complex projects and driving fiscal decisions.

Guenther acknowledged that even with growing awareness and targeted programs, addressing systemic barriers remains an ongoing challenge. However, she thinks organizations increasingly recognize the value of diversity in enhancing innovation and problem-solving within cybersecurity teams. "The increasing focus on mentorship programs, networking opportunities, and diversity-driven hiring practices indicates a positive trend," she said.