How women can break the cybersecurity glass ceiling - And why we need to help them

<a href='https://www.freepik.com/photos/background'>Background photo created by rawpixel.com - www.freepik.com</a>

A record number of women took the helm at Fortune 500 companies in 2020 helping to steer big brands like Clorox, Gap and UPS through the pandemic and one of the most volatile business climates in history. While companies have been under pressure for years to diversify, this trend also represents a shrewd business decision.

A 2019 S&P Global study found that public companies with women at the helm were more profitable compared to those with men in the CEO and CFO seats. Women are also making big inroads in other fields including science and medicine. Yet in the tech and cybersecurity industries women still lag behind. It’s certainly not because of a lack of jobs. Though the talent shortage did ease last year, the industry as a whole is struggling to fill vacancies. There are a few reasons that women aren’t filling those seats.

The hiring gap

Cybersecurity is still a male-dominated industry and this gender bias leads to a false perception that women don’t have a place. Last year’s Women in Cybersecurity report from (ISC)² found that while younger women are pushing into the industry - nearly half of the female cybersecurity professionals surveyed were millennials - women still make up just 24% of the overall cyber workforce. This impacts who is included in meetings, who gets promoted into leadership roles, and ultimately the entire makeup of an organization’s culture.

A 2020 survey of 200 female cybersecurity professionals across the United States and the United Kingdom reported one of the barriers is a lack of other female role models. When women don’t see themselves at the table, the stereotype that tech jobs are “just for men” becomes a self-fulfilling prophecy. I’m proud to say that 50 percent of Living Security’s team is made up of women, something we think is important to build an inclusive culture that fosters female leadership. Companies that also want to make gender diversity a core value need to start with the hiring process and devote extra time and resources to finding diverse candidates.

Pay inequity

The gender pay gap is certainly not something exclusive to the cybersecurity industry. The 2020 Global Gender Gap Report ranked the United States 53rd in the world for gender equity. To put things in perspective that puts us behind Bangladesh, South Africa and Mexico, among others. The tech industry is one of the worst offenders. When asked about their previous year’s salary, 17% of women in cybersecurity said they earned between $50,000 and $99,999 per year, a full 12 percentage points less than men. Given an already saturated job market, women are unlikely to take jobs in an industry where they know they will be paid a fraction of what their male colleagues make.

Imposter syndrome persists

I ventured into tech in 2014 after years spent in the business world as an entrepreneur. When my husband and I founded Living Security a few years later, starting my own business in a brand-new industry where I was in the minority as a woman felt overwhelming. My first battle was overcoming imposter syndrome. I speak to a lot of women who don’t think that they have the skills necessary to succeed in cybersecurity. That’s a huge misconception.

Even if you don’t have IT experience, there are a multitude of roles available at companies from governance and risk management to marketing and communications. There are also plenty of soft skills that prove invaluable to teams. Living Security grew out of a combination of my and my husband’s strengths. Drew has 13 years of experience in cybersecurity while I brought my business, marketing and product experience to the table and applied it to starting and growing the company.

Women need to be encouraged to break down self-imposed barriers. Industry leaders willing to mentor others and share their knowledge and experience can make a huge difference in building that confidence for others.

Opening up learning and career paths

Though it’s a booming industry that will have an estimated 3.5 million job openings by the end of 2021, cybersecurity is often not on a lot of younger women’s radars. Women currently earn about half of science and engineering degrees, but they make up just 20% of employees in those fields. All of the issues addressed above undoubtedly contribute to this phenomenon. There’s also a lack of awareness surrounding high-paying jobs in this industry that don’t require a degree. There are plenty of tech leaders who don’t have STEM backgrounds.

Getting more women employed in tech and cybersecurity companies requires clearer pathways to thrive. There needs to be greater awareness about ways to break into the industry, and the large range of roles available. Cybersecurity is a challenging, lucrative and rewarding career that women shouldn’t be missing out on.

Diverse and inclusive teams are the driving force behind successful companies. People of different genders, backgrounds, educational experiences and skills bring a wealth of creativity and new ideas to the table. That ultimately leads to profit and growth. Having women in leadership encourages more young women to consider careers in industries that they wouldn’t have otherwise. That leads to diverse teams and an inclusive culture that drives success. These are all things that Fortune 500 companies have clearly figured out. The cybersecurity industry needs to follow suit.

Ashley Rose is the CEO and co-founder of Living Security, and a leader in security awareness training and human risk management.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.