Women In Cybersecurity. PHOTO: Cybercrime Magazine.

Women To Hold 30 Percent Of Cybersecurity Jobs Globally By 2025

Female representation expected to reach 35 percent by 2031

Charlie Osborne, Cybercrime Magazine Editor-at-Large

London – Sep. 27, 2023

Women In Cybersecurity Report is sponsored by KnowBe4.

Women held 25 percent of cybersecurity jobs globally in 2022, up from 20 percent in 2019 and around 10 percent in 2013. Cybersecurity Ventures predicts that women will represent 30 percent of the global cybersecurity workforce by 2025, increasing to 35 percent by 2031.

As cyber threats escalate worldwide, government agencies and the enterprise alike are fighting to recruit enough talent to defend against today’s cybercriminals.

Threat actor tactics, techniques, and procedures (TTPs) are constantly evolving and the odds are often stacked against organizations lacking enough in-house assistance.

Consequently, cybercrime is predicted to inflict damages reaching $8 trillion USD globally this year, according to Cybersecurity Ventures.

Cybercrime doesn’t just impact us on an individual level. Companies, whether SMBs or Fortune 500s, must handle threats ranging from phishing, Business Email Compromise (BEC) scams, ransomware, zero-day exploitation, cyberespionage, and even, in select cases, the behemoths of cybercrime: nation-state-sponsored groups.

Our data and assets need protection. But everyone is facing the same problem: a lack of diversity and talent in the cybersecurity industry.



There are millions of unfulfilled cybersecurity roles worldwide, a scarcity predicted to persist for years to come. To compound the challenge, our current, skilled teams are under tremendous pressure, increasing the risk of burnout. Such strain has led some — particularly security leaders — to opt for short tenures before changing roles, or leaving the industry entirely.

The solution is right in front of us. By becoming more inclusive and attracting more women into the cybersecurity field, we can tap into a pool of skilled individuals with vast potential that has, so far, been underutilized.

As with many industries, a lack of diversity and inclusion persists in cybersecurity. While the problem has been recognized and the situation is gradually improving, there is more work to be done.

It has become imperative to break down barriers to entry. The industry as a whole must be promoted at all levels (and not just for technical roles), and we need to change the cultural conversation to ensure more female and inclusive talent decides on cybersecurity as their preferred career.

The Women In Cybersecurity 2023 Report explores the existing cybersecurity skills gap, recruitment drives, how trailblazing women in the space are paving the way for our future female fighters, and how you can support new initiatives focused on expanding STEM careers to women and underrepresented groups.

HACKING THE CYBERSECURITY SKILLS SHORTAGE

Companies are desperately seeking skilled help. Unfortunately, the number of unfulfilled cybersecurity roles has grown at an astonishing rate: Cybersecurity Ventures estimates that since 2013, job vacancies have grown by 350 percent.

In 2023, 3.5 million positions will remain vacant, and this shortage is expected to hold steady through 2025.

According to estimates provided by the United States Bureau of Labor Statistics, information security analysts — of which cybersecurity roles are included — will be among the fastest-growing roles in the United States over the next decade.

Typically, the average growth rate for all occupations is five percent, but between 2021 and 2031, the growth rate for information security analysts is expected to hold at approximately 35 percent.

Women, unfortunately, are vastly underrepresented in cybersecurity and the IT industry as a whole. Cybersecurity Ventures found that women held approximately a quarter of cybersecurity roles worldwide in 2022, and although this marks a positive shift from around 10 percent in 2013, much more progress needs to be made.

Cybersecurity Ventures predicts women will hold 30 percent of cybersecurity jobs globally by 2025.



FEMALE LEADERSHIP

A lack of diversity and female talent is prevalent in cybersecurity, and nowhere more obvious is the gender gap shown as by who holds the top roles in cybersecurity.

Cybersecurity Ventures found that women held only 17 percent of chief information security officer (CISO) roles at Fortune 500 companies. Said otherwise, women held only 85 of 500 available CISO positions.

Chief information security officers are often responsible for more than the management of organizational and network security. The responsibilities of these high-level executives can be vast: implementing security strategies, handling compliance, managing staff training, conducting risk assessments, and more.

However, CISOs are also pivotal as forces for cultural change, and can become role models able to entice more talent into the field.

We must change the perception and awareness of STEM fields to encourage gender diversity. More awareness is required to show young girls — and women considering a change in their career paths — that there are women present in cybersecurity leadership, as this may encourage them to follow in their footsteps.

A 2022 paper published by the Peterson Institute for International Economics indicates that the presence of women in executive and board-level roles correlates to increased corporate profitability. Therefore, overlooking female talent and failing to consider women for leadership roles can also impact a company’s bottom line.

According to Harvard Business Review, women consistently score higher than men in the majority of leadership skills, and furthermore, according to Anne Marie Zettlemoyer, CyCognito CISO and a fellow at the National Security Institute, “The idea that women are natural risk modelers and managers has gained traction,” — making them excellent candidates for top cybersecurity jobs.

As Zettlemoyer says, “In the field of cybersecurity, which is fraught with uncertainty and risk, more women in the cybersecurity workforce has become a must-have, not a nice-to-have.”

TODAY’S TRAILBLAZERS

“Cyber is so important because the digital age is recreating everything around us. And women are not at the table or behind the computer screen, rewriting the world around us. We’re half of the population,” says Sylvia Acevedo, rocket scientist, Qualcomm board member, former CEO at Girl Scouts of the USA, and one of Forbes’ Top Women in Tech.

Many women in cybersecurity are trailblazers who have radically transformed the industry and made invaluable contributions. Some of them appear in the book, “Women Know Cyber: 100 Fascinating Females Fighting Cybercrime.”

“I’m so inspired by these pioneering women and encouraged by their stories,” adds Acevedo. “Because of out-of-the-box thinkers, innovators, and leaders like them, the fight against cybercrime is entering a new era where women are confidently adding their voices to the mix — not just creating a path for themselves, but opening up opportunities for others forging ahead in their wake.”

10 of the Who’s Who (full list):

  • Alissa (Dr Jay) Abdullah, PhD – Deputy Chief Security Officer & SVP of Emerging Corporate Security Solutions at Mastercard
  • Leslie Carhart – Director of Incident Response at Dragos, Inc.
  • Joy Chik – President, Identity & Network Access at Microsoft
  • Deneen DeFiore – VP & CISO at United Airlines, former SVP & CISO at GE Aviation
  • Kyla Guru – Founder, Bits N’ Bytes Cybersecurity Education, student at Stanford University, Apple Intern
  • Theresa Payton – Former CIO at The White House, author, speaker, cybersecurity expert, CEO of Fortalice Solutions
  • Nicole Perlroth – Author of “This Is How They Tell Me The World Ends,” CISA advisor
  • Rinki Sethi – VP & CISO at Bill.com. former VP & CISO at Twitter (now known as X).
  • Wendi Whitmore – SVP, Unit 42 at Palo Alto Networks
  • Kim Zetter – Author of “Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon”

The second edition of “Women Know Cyber: 150 Fascinating Females Fighting Cybercrime” is due out at the end of this year.



HELP WANTED: FEMALE CYBERFIGHTERS

Women understand cyber. They understand technology. They are no less capable than men. But discrimination, a lack of awareness, and a societal failure to encourage the next generation to consider cybersecurity as an attractive career path all contribute to fewer women entering the field.

So, what are we doing wrong?

Unfortunately, there has long been negative commentary and perspectives surrounding girls and women entering and participating in the Science, Technology, Engineering, and Math (STEM) fields. The issue is systemic across the West, with women either discouraged from pursuing STEM careers entirely, facing barriers to progression, or facing discrimination in education and in the workplace.

The AAUW estimates that women represent only 28 percent of the STEM workforce. Furthermore, men “vastly outnumber” women majoring in most college STEM fields. The gender gap is most prevalent in computer science and engineering — many of which are home to the highest-paying roles in STEM.

As AAUW notes, girls are “systematically tracked away from science and math throughout their education, limiting their access, preparation, and opportunities to go into these fields as adults.”

There is another barrier to entry we must consider. Encouragement is only one part of the story: there are also challenges associated with funding.

Learners, without access to the right equipment or connectivity, are facing a disadvantage from the start.

During the COVID-19 pandemic, the lack of connectivity in many homes became apparent. Indeed, some children were unable to learn remotely as there was no way in which they could attend virtual classes, being without PCs and stable internet connections.

In underrepresented groups, especially those from underprivileged backgrounds, there may be no way for aspiring entrants to practice their craft from a young age and eventually enter STEM, regardless of their gender, color, or whether or not they have a disability. Indeed, social pressures and the need to assist their families may also play a role in talented individuals leaving education.

Furthermore, perception matters. A BCG survey of female STEM graduates reveals that 68 percent took a cybersecurity-related course during their studies, but 37 percent regard cybersecurity as a difficult field for maintaining a work-life balance.

If you scrutinize media reports, you see dark stock images of men in hoodies, typing away in basements. Logos, wording, branding, and even colors in cybersecurity are often what many would consider “masculine.” This is also even found in threat terminology — an example being the phrase “Man-in-The-Middle” (MITM) attack.

“A lot of what drives who’s interested in cybersecurity has to do with how we talk about it,” says Emily Mossburg, Deloitte global cyber leader. “If you look at the way role definitions are written and how it’s portrayed in the world, it is portrayed in a very specific light. And that light is highly technical (and there’s nothing wrong with that), but it’s written in words that don’t always appeal to a broader audience.”

Cybersecurity must be seen as an exciting and fulfilling career for more than just the logical and technically minded.

We should be promoting how rich and diverse the cybersecurity field is, and we need to emphasize that it is an area that is constantly evolving.

As such, cybersecurity urgently requires people with different skill sets, backgrounds, and perspectives.

Technically minded individuals are very important to the field, but the industry also needs creative and inventive people in other areas: designers, communicators, academics, and those trained in business, law, risk management, and with an understanding of corporate culture.

It is possible to find roles in cybersecurity ranging from data analysis to teaching, consultancy to compliance  — suitable for both hard and soft skills — as long as individuals know these opportunities are available.

Thankfully, the disproportion of men and women in cybersecurity roles has not gone unnoticed. As a result, scores of initiatives and grant programs targeting underrepresented groups in our field are now active.



INDUSTRY INITIATIVES 

Cybersecurity Ventures has compiled a list of more than 50 Women in Cybersecurity Associations and Groups To Follow.

Here’s 10 movements and initiatives having to do with cybersecurity that we’ve been following, and you should too:

Cybercrime Magazine also publishes a list of more than 100 Women Owned Cybersecurity Companies in the U.S. and internationally.

BALANCING THE NUMBERS

“Cyber has a lot of different facets,” says Teresa Zielinski, senior vice president, GE Gas Power Global CISO & Product Security. “I think it’s important to take a step back and introduce folks to this world and what the opportunities are as it’s not so scary. They think it’s just someone coding on a computer in the background in their basement and there’s a lot more to it we have to add.”

Cybersecurity isn’t just about coding and becoming a master programmer or problem-solver. Many roles are available that can appeal to a broader group — male, female, technical, creative, or otherwise — and the industry needs to eradicate stereotypical viewpoints and bias to attract talent, to tackle hiring shortages, and to keep up with today’s cybercriminals.

Cybercrime is the fastest-growing type of crime globally. What sets cybercrime apart from many other forms of crime, whether violent or otherwise, is the human factor — and this is a resource we can capitalize upon if we promote more modern and inclusive ways of thought.

Inclusion and diversity aren’t just buzzwords. They are essential to connecting all the dots in defense and beyond.

When your criminal adversaries are from different cultural and economic backgrounds, you also need a diverse team to effectively counter them.

Cybersecurity Ventures predicts that women will represent 30 percent of the global cybersecurity workforce by 2025, reaching 35 percent by 2031.

Our latest research figures are based on in-depth discussions with numerous industry experts in cybersecurity and human talent, third-party reports, surveys, and media sources — and it reveals that while the situation is improving, it is nowhere near enough.

Failing to engage with and appeal to approximately half of the population means overlooking valuable talent and perspectives that can help you make full, informed decisions in cybersecurity. Comparatively, If you have a diverse team, you enhance your ability to discover blind spots, defend networks, and contribute to defense as a whole. This includes leadership by example, solutions development, education, training, risk management, incident response, and more.

Women should hold as many positions in cybersecurity as their male counterparts. Encouraging more women to enter the cybersecurity field will only propel the industry forward and help businesses secure the top talent they need to fill today’s — and the future’s — critical cybersecurity roles. 

GIRLS, GIRLS, GIRLS

“Girls need to see other women as role models in cybersecurity positions,” says Anna Collard, SVP Content Strategy & evangelist at KnowBe4 Africa. “The reality is that there aren’t enough women in tech, so it’s good to provide platforms that then give a stage to the women in the industry that other girls and the younger generation can look up to — even not just the younger ones, but people from outside of our industry can look at and say, ‘Well, if she can do that, I can also do that.’”

They all know how to use TikTok and WhatsApp as a consumer, but not necessarily how to use technology for good, and particularly from a cybersecurity point of view, what the risks and the threats are. It’s a real issue because we have so many users on mobile devices, and they use it for banking and financial transactions, etc.

So, there is a real need and a drive to bring digital literacy to the schools, the colleges, and the universities. A lot of the girls that I’ve met in schools here haven’t even considered cyber as a career choice because they just write it off as something that’s maybe too geeky or nerdy – I mean, we do have the geeks. I’m quite a nerd myself — but it’s a really fascinating field to get into across so many domains. You can come at it from completely different angles, like, in my case, I didn’t study technology. I came from an economics background. As long as you have an attitude for learning, and an interest, and a curiosity, you’ll love this field because you’ll never stop learning. I guess that’s my message [for young girls] to join us if it sounds interesting.”



HOW TO ATTRACT AND RETAIN FEMALE TALENT

There are four key points towards increasing the number of women in cybersecurity:

Become involved in schools, colleges. In recent years, organizations have begun partnering with schools to improve understanding of STEM careers. Schemes designed to open the gates to jobs in IT, cybersecurity, and related fields can encourage school learners to explore these opportunities further before they select their subject specializations.

Provide internships, scholarships. While obtaining qualifications is important, as with most industries it can be difficult for new entrants to the cybersecurity field to secure their first position. Organizations that provide internships and scholarships can benefit from training their own talent and may be more likely to retain their employees afterward.

Provide training and upskilling opportunities. As there are so many roles going unfulfilled, organizations must show their cybersecurity staff that they are valued or risk talent churn. Providing training and upskilling opportunities, and investing in employees, are now critical to retaining top talent. It is now important to allow employees to progress, or risk them moving onward to seek better opportunities elsewhere.

Encourage an inclusive culture. Carefully crafted PR imagery and the right tick boxes on job application forms are not enough. If companies truly want to be diverse and profit from the wealth of experience underrepresented groups bring, leaders must promote inclusivity from the recruitment stage onwards, and eradicate bias regarding staff development and promotion.

Are you or your organization doing something special or unique in order to grow the base of women in cybersecurity? Tell us about it!

Charlie Osborne is an Editor-at-Large for Cybercrime Magazine.

Go here to read all of Charlie’s Cybercrime Magazine articles. 


Sponsored by KnowBe4

KnowBe4 is the provider of the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering. We help you address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Tens of thousands of organizations like yours rely on us to mobilize your end users as your last line of defense.