Cybersecurity has a talent gap that may only get bigger as the industry races to catch up with continually more sophisticated cyber threats. The 2022 (ISC)² Cybersecurity Workforce Study found a global cybersecurity workforce gap of 3.4 million people, with the the number of new skilled workers not meeting the demand.
One problem? Although women are at least as adept in the cybersecurity industry, women in the field feel disrespected, excluded and unable to get ahead, according to phase one of new “State of Inclusion of Women in Cybersecurity” report by the national organization Women in CyberSecurity (WiCyS) and the DEI firm Aleria.
And that could be why the industry overall draws fewer women than it should.
“We know that the representation of women in cybersecurity hovers around 24%, far lower than it should be,” commented Lynn Dohm, executive director of WiCyS, in a statement. “We wanted to find out why this was the case and were somewhat — but not entirely — surprised that the most common source of women’s feelings of exclusion came from people, not company policies. This highlights the fact that we still have a long way to go when it comes to accepting women in the cybersecurity industry.”
More than 300 women were surveyed starting in February 2023 using Aleria’s anonymous online platform. After entering their personal traits, they shared challenging workplace experiences confidentially. The data collected was used to calculate a numerical value that combines prevalence, frequency and severity of the situations they shared to come up with what they call an “exclusion score.”
Lack of respect, from condescending treatment to sexual harassment, has been a common complaint from women in tech workplaces for years. Women in the WiCyS study put disrespect squarely in the #1 spot as the biggest problem they face in the industry.
Second was lack of career growth opportunities, an issue that can make retention challenging in an industry that is facing a talent shortage.
The kicker? These issues have been shown to be unsolved by equitable policies. Policy is not the problem. Participants rated leadership and their direct manager as 10 times more responsible for their difficulties in the industry:
- 68% of participants cited leadership as being a source of experiences of exclusion
- 61% cited managers
- 52% cited peers
- 12% cited policy
As WiCyS concluded: “People, not policies, are the most common sources of experiences of exclusion.”
A whopping 83% of participants shared at least one experience of exclusion. Some examples that participants wrote anonymously, with explicit permission that they could be shared:
- “After introducing myself, I have had individuals ask to speak to a ‘guy who works in IT’ instead of me.”
- “Colleagues would play pornographic movies as I arrived to meetings. One time a colleague played a movie like this when we were meeting with a customer.”
- “I am not given opportunities to advance into a leadership role due to age.”
- “Male peers would have important work conversations at lunch when I was not with them … ignoring my absence, hence my potential contribution.”
- “I was not invited to lunch, whereas other white colleagues were included.”
- “When you come up with an idea, it’s met with silence, then someone else repeats your idea and everyone gets all over it.”
- “My male peers received more pats on the back for far lesser accomplishments than me.”
Some of the experiences that were not shared were described by WiCyS as egregious enough that they would have been grounds for immediate termination.
While 61% cited managers as a cause for a difficult workplace environment, participants who were (woman) managers themselves reported the highest levels of exclusion. Unsurprisingly, new hires reported struggles with exclusion more than their peers who had been with a company for a few years, but as they reached around six years in, those more experienced women were encountering the glass ceiling.
An interesting detail in the study is that, while tech has a reputation for engaging in ageism, older women in general reported less exclusion than younger women.
Since you can’t speed up the aging process for respect points, the study shows that some parts of the cybersecurity industry are less likely to be exposed to things like porn in the meeting room — namely, large companies that enforce their policies and protect their image as opposed to small companies where the offenders may not answer to anyone.
Women owned = less exclusion
Of course, not all small cybersecurity companies are run by men, and while there’s no guarantee that you won’t be stuck with a condescending manager at a woman-owned company, the study showed that odds are better that you’ll face less exclusion and have more room to grown at a woman-owned cybersecurity company.
In case you’re wondering, just some of the woman owned cybersecurity companies in the US include:
- Bulb Security
- Captiva Solutions
- Center point
- MindPoint Group
- Tapestry Technologies
- WhiteHawk Inc.
WiCyS is seeking cybersecurity professionals to participate in phase two of the “State of Inclusion” report. Sign up by June 30.
Knowledge is power!
Subscribe for free today and stay up to date with news and tips you need to grow your career and connect with our vibrant tech community.