The cybersecurity workforce: an opportunity paradox

Start adding items to your reading lists:
Save this item to:
This item has been saved to your reading list.

Addressing complex problems often generates opportunities to make significant impact, now and in the future. In the cybersecurity space, we’re confronting two important challenges: the projected shortage of labor in the profession and the persistence of gender underrepresentation. The Center for Cyber Safety and Education™ (formerly known as (ISC)2) and the Executive Women’s Forum on Information Security, Risk Management & Privacy recently completed the first-ever 2017 Global Information Security Workforce Study: Women in Cybersecurity, cosponsored by PwC. The data from this study highlights the lack of progress in attracting and retaining women in the cybersecurity field as well as some of the unique challenges women face in this field — and it’s not unlike similar issues in the STEM (science, technology, engineering and mathematics) industries. At PwC, we solve important problems — and sometimes what others may consider intractable issues. There’s a lot to think about in the study — and much to be encouraged by.

Synergistically, addressing one of these challenges could contribute to the resolution to the other one. In other words, if the issues that cause women to be severely underrepresented in the cybersecurity profession can be mitigated, the pool of highly skilled potential workers could increase dramatically. We could also see an overall increase in the quality of cybersecurity work — and for all organizations, that’s a net benefit. Of course, while simply explained, the reasons why women are underrepresented — and may even avoid cybersecurity as a career — are much more complicated.

This paper reveals entrenched issues. The study — which had over 19,000 cybersecurity respondents in 170 nations — found that women make up just 11% of the industry’s global workforce. That’s 12% lower than the global workforce in general. The percentage of women in the workforce continues to decline as the cybersecurity professional ascends the career ladder, resulting in just 5% women at the executive and 4% at the C-level, globally. Adding to that, the survey finds that women are paid an average of 29% less than their cybersecurity male counterparts — despite the fact that 51% of women have master’s degrees compared to just 45% of the men. In addition, 51% of the women surveyed said they have experienced some form of discrimination in the workplace. Fittingly, many women seem to be asking: Why work in a profession that doesn’t embrace you?

As women cybersecurity professionals ourselves, we can speak first hand to some of the challenges noted in the study, and we also appreciate that we have been lucky enough to have had female CISO and cybersecurity executive-level clients with whom we have worked over the years. Most women in this field recognize that we stand on the shoulders of those who came before us — and we also can envision a bright future ahead with some clarity. We can assure the skeptics that building a more diverse cybersecurity workforce will yield positive bottom-line results, as we see client after client demanding diverse perspectives from our engagements. From our viewpoint, you won’t get in the door if you don’t offer the diversity of perspectives produced, in turn, by a diverse workforce.

So how do we achieve this vision? We don’t have all the answers here at PwC. But we’re making progress in this area by taking concrete steps towards attracting diverse talent. Many highly skilled, much-sought-after cybersecurity professionals also often happen to be women. So employers need to rethink how they are recruiting and retaining women cybersecurity professionals.

Here are our key considerations for closing this talent gap:

  • Engage in unconstrained opportunity. Are your career development programs open to the workforce, creating solutions and opportunities to address the challenge? Do you have clearly defined career paths to the executive level with an emphasis on diversity? Do you share your point of view on these challenges with current and future employees? You can’t change your culture without actively communicating about your values.
  • Hiring and wage practices. How transparent are your hiring practices for women? Do you have women cybersecurity professionals as part of your interviewing process? Are you actively and transparently eliminating disparities in pay between men and women of the same ranks and skillsets?
  • Mentorship. None of us got where we are –male or female– without help and support. Retaining employees requires more than just good pay — people need to feel valued and to know they’re part of a community. Do you have one-on-one mentorship programs to create a culture of support at individual levels? Do you map your brightest leaders with your rising stars, regardless of gender? We see great value in fostering these support systems.
  • HeforShe. Has your organization considered participating in this global awareness program? Men pledge their support for women in the workplace through this United Nations program. With this pledge of solidarity, men and boys work towards confronting the inequalities that they witness. PwC has found this program effective at personalizing the mission of inclusiveness and gender equality, regardless of profession.
  • Recruit from the best. There’s no question that if you recruit from a rich source of diversity, you will have a diverse candidate pool. Young women who are still in school, starting to discover their talents, or, later, picking their majors, must be encouraged to look at and perceive the cybersecurity industry as an attractive career. Are you identifying the universities with equal and diverse graduates in the cybersecurity profession? Are you passionately identifying the talent that will create the diverse workforce of tomorrow?
  • Flexible work environment. Attracting any high-quality talent requires more than just great pay these days. What flexible opportunities to maximize contributions while working in an innovative environment have you put into action?

Sheryl Sandberg’s Lean In: Women, Work and the Will to Lead bestseller struck a chord with many women at PwC, which led to the creation of LeanIn circles inspired by the LeanIn nonprofit organization. We used this momentum to create and support these circles, encouraging professionals to take the next big steps in their careers. The transformation of PwC from a buttoned-down, office-centric workplace to a flexible one has made dramatically positive differences in the work lives of all our employees — and has also enhanced our recruiting efforts.

In our organization, we are now hiring entry-level female employees at a minimum 50% rate. But our higher ranks still struggle to find, hire and retain women. Make no mistake: we’ve been focused on this for a while, and there’s no question that fixing it will take time.

Yet in the near future, we hope to relegate gender disparity in cybersecurity to the past. Gender’s role is already becoming less and less relevant as this profession becomes increasingly virtualized. What matters now — and will even more in the future — is how the job is done, and for that, the cybersecurity professional should need only competence, not a particular gender. So as we look ahead, we think the cybersecurity talent gap can be solved by engineering a workplace that helps attract and retain highly skilled female employees who would otherwise work elsewhere, and by changing the overall view of these valuable professionals. To that end, the cybersecurity workforce paradox should really just be a solution.

Contact us

Sloane Menkes

Principal, Cybersecurity & Privacy, PwC US

Emily Stapf

Cybersecurity, Privacy & Forensics Integrated Solutions Leader, PwC US

Follow us