Addressing complex problems often generates opportunities to make significant impact, now and in the future. In the cybersecurity space, we’re confronting two important challenges: the projected shortage of labor in the profession and the persistence of gender underrepresentation. The Center for Cyber Safety and Education™ (formerly known as (ISC)2) and the Executive Women’s Forum on Information Security, Risk Management & Privacy recently completed the first-ever 2017 Global Information Security Workforce Study: Women in Cybersecurity, cosponsored by PwC. The data from this study highlights the lack of progress in attracting and retaining women in the cybersecurity field as well as some of the unique challenges women face in this field — and it’s not unlike similar issues in the STEM (science, technology, engineering and mathematics) industries. At PwC, we solve important problems — and sometimes what others may consider intractable issues. There’s a lot to think about in the study — and much to be encouraged by.
Synergistically, addressing one of these challenges could contribute to the resolution to the other one. In other words, if the issues that cause women to be severely underrepresented in the cybersecurity profession can be mitigated, the pool of highly skilled potential workers could increase dramatically. We could also see an overall increase in the quality of cybersecurity work — and for all organizations, that’s a net benefit. Of course, while simply explained, the reasons why women are underrepresented — and may even avoid cybersecurity as a career — are much more complicated.
This paper reveals entrenched issues. The study — which had over 19,000 cybersecurity respondents in 170 nations — found that women make up just 11% of the industry’s global workforce. That’s 12% lower than the global workforce in general. The percentage of women in the workforce continues to decline as the cybersecurity professional ascends the career ladder, resulting in just 5% women at the executive and 4% at the C-level, globally. Adding to that, the survey finds that women are paid an average of 29% less than their cybersecurity male counterparts — despite the fact that 51% of women have master’s degrees compared to just 45% of the men. In addition, 51% of the women surveyed said they have experienced some form of discrimination in the workplace. Fittingly, many women seem to be asking: Why work in a profession that doesn’t embrace you?
As women cybersecurity professionals ourselves, we can speak first hand to some of the challenges noted in the study, and we also appreciate that we have been lucky enough to have had female CISO and cybersecurity executive-level clients with whom we have worked over the years. Most women in this field recognize that we stand on the shoulders of those who came before us — and we also can envision a bright future ahead with some clarity. We can assure the skeptics that building a more diverse cybersecurity workforce will yield positive bottom-line results, as we see client after client demanding diverse perspectives from our engagements. From our viewpoint, you won’t get in the door if you don’t offer the diversity of perspectives produced, in turn, by a diverse workforce.
So how do we achieve this vision? We don’t have all the answers here at PwC. But we’re making progress in this area by taking concrete steps towards attracting diverse talent. Many highly skilled, much-sought-after cybersecurity professionals also often happen to be women. So employers need to rethink how they are recruiting and retaining women cybersecurity professionals.
Here are our key considerations for closing this talent gap:
Sheryl Sandberg’s Lean In: Women, Work and the Will to Lead bestseller struck a chord with many women at PwC, which led to the creation of LeanIn circles inspired by the LeanIn nonprofit organization. We used this momentum to create and support these circles, encouraging professionals to take the next big steps in their careers. The transformation of PwC from a buttoned-down, office-centric workplace to a flexible one has made dramatically positive differences in the work lives of all our employees — and has also enhanced our recruiting efforts.
In our organization, we are now hiring entry-level female employees at a minimum 50% rate. But our higher ranks still struggle to find, hire and retain women. Make no mistake: we’ve been focused on this for a while, and there’s no question that fixing it will take time.
Yet in the near future, we hope to relegate gender disparity in cybersecurity to the past. Gender’s role is already becoming less and less relevant as this profession becomes increasingly virtualized. What matters now — and will even more in the future — is how the job is done, and for that, the cybersecurity professional should need only competence, not a particular gender. So as we look ahead, we think the cybersecurity talent gap can be solved by engineering a workplace that helps attract and retain highly skilled female employees who would otherwise work elsewhere, and by changing the overall view of these valuable professionals. To that end, the cybersecurity workforce paradox should really just be a solution.