21 Jul Women Represent 20 Percent Of The Global Cybersecurity Workforce In 2019
Number of women in the cybersecurity field is recalculated and rising Press Release
– Steve Morgan, Editor-in-Chief
Sausalito, Calif. – Mar. 28, 2019
Cyber has a gender problem, if our industry continues to regurgitate numbers from a 6-year-old report that states an alarmingly low percentage of women hold security positions.
Research firm Frost and Sullivan authored a report in 2013, which states that women make up 11 percent of the global cybersecurity workforce. The report is co-branded with (ISC)2 foundation, now a part of The Center for Cyber Safety and Education, and widely circulated in the media.
In the absence of any new research data published by another source, the 11 percent figure continues to show up in the media — despite a substantial rise in the number of women in the cybersecurity field — perpetuating the stigma of too few women in cybersecurity.
Research from Cybersecurity Ventures, which first appeared in the media early last year, predicts that women will represent more than 20 percent of the global cybersecurity workforce by the end of 2019. This is based on in-depth discussions with numerous industry experts in cybersecurity and human talent, vetting, analyzing and synthesizing third-party reports, surveys, and media sources, and conducting our own list compilation.
The 20 percent figure is still way too low, and our industry needs to continue pushing for more women in cyber. But, heightened awareness on the topic — led by numerous women in cyber associations and initiatives — has helped move the needle in a positive direction.
We are recalculating the number of women in cyber based on a broader definition of positions covered. We’ve evolved the roll call from traditional “IT security (a.k.a. Information security)” titles found mainly in mid-sized to large organizations, to the “cybersecurity” roles in a much larger and fast-growing industry.
“I started out often being the only woman in the room — and now I’m seeing not only more women in the room, but also women of color. That makes me happy on so many levels.” — Rosa Smothers, SVP of Cyber Operations at KnowBe4
Rosa Smothers took a path different from most people to the upper echelons of cybersecurity. She started out as a sales engineer — and then was a technical intelligence officer at the CIA for over a decade, also doing a rotation at the NSA. The benefit of solving problems with diverse perspectives was a lesson she learned at the CIA, and she’s happy to have this same experience in her role at KnowBe4.
IT security is in fact a subset of cybersecurity. Cybersecurity Ventures looks beyond securing corporate networks (which has seen a rise in the number of women), and includes IoT security, IIoT and ICS security, medical device security, automotive cybersecurity, aviation cybersecurity, military cyber defense technology, and others. Further, we cover the cybersecurity service provider ecosystem, which also includes women-owned small businesses, and broadens to include digital forensics and other jobs.
We include Israel, the world’s second-largest exporter of cyber technology (behind the U.S.), which bolsters an impressive and growing headcount of female cybersecurity founders and professionals. In 2018, TechCrunch reported that for the most recent year tracked, 15 percent of newly established Israeli cybersecurity startups had a female founder, an increase from 5 percent the previous year.
Women are participating in Australia’s cybersecurity workforce at much higher rates than the purported 11 percent global figure. The 2018 McAfee Cybersecurity Talent Study states that Australia’s cybersecurity workforce is 25 percent female.
According to industry body National Association of Software and Services Companies, the strength of the women workforce in the information technology and services industry in India currently stands at 34 percent. “There is certainly a rising trend among women to take up the cybersecurity domain for their profession,” stated Jamuna Swamy, an award-winning CISO based in India. Last year, Microsoft India and Data Security Council of India (DSCI) launched CyberShikshaa, a three-year program to create a pool of skilled cybersecurity women professionals in the country.
BeecherMadden, a leading, award-winning U.K. and U.S. cybersecurity recruitment business, conducted research which showed that the U.K. cybersecurity industry is now 18 percent female. “Given that increasing the number of women in cybersecurity is a goal that many companies hold, we should all be pleased that we have started making progress,” states Karla Reffold, COO and founder of BeecherMadden. “18 percent still doesn’t go far enough, and while 50 percent may seem far away, there are some companies at this level already.”
Cybersecurity Ventures isn’t the only research firm noticing an uptick of women in cybersecurity. Forrester Research analyst Stephanie Balaouras, who co-authored a recent report with fellow analyst Claire O’Malley, told DarkReading that she believes women now represent somewhere between 15-20 percent of the industry if you include security and risk, privacy, and compliance and audit functions.
Forrester also predicts that the number of women CISOs at Fortune 500 companies will rise to 20 percent in 2019, compared with 13 percent in 2017. This is consistent with new research from Boardroom Insiders which states that 20 percent of Fortune 500 global chief information officers (CIOs) are now women — the largest percentage ever.
In a survey of 300 women that were employed in cybersecurity, less than 50 percent of the respondents said that they had entered the field via IT or Computer Science. The respondents are diverse in their backgrounds, coming from Compliance, Psychology, Internal Audit, Entrepreneurship, Sales, Art, and more. The pipeline of women entering the cybersecurity field is as far and wide as employers are willing to imagine.
An old school accounting of women in cybersecurity focuses mainly on “corporate IT security” and excludes (or substantially limits) start-ups and companies with less than 500 employees; large swaths of risk, compliance and privacy; and other roles, and concludes that women are barely represented in cyber — sending the wrong message to young girls that may be open to pursuing an education and future career in our field. It’s time to go new school on this topic — and send out a new and accurate message about the number of women in cybersecurity.
“You know what, I see the change firsthand,” says Robert Herjavec, founder and CEO of Herjavec Group, a $300 million cybersecurity company with offices in the U.S., Canada, and Europe. “The number of women I meet every day in our industry has gone way up — not to mention in the boardroom and technical, high-level positions. And I have to say — as a “Cyber CEO,” it’s great to see organizations actively working towards this change.”
Amy Hess, executive assistant director (EAD) of the Criminal, Cyber, Response and Services Branch at the Federal Bureau of Investigation (FBI), and Tonya Ugoretz, deputy assistant director of the FBI’s Cyber Division, are the first women to occupy their respective posts — in a field, and agency — that has been dominated by men, according to an article in The Wall Street Journal.
“Over time what I’ve seen is that it’s helpful for young women and girls in school to see somebody that looks like them in these (cybersecurity) spots,” Hess told Cybercrime Magazine in an interview at FBI headquarters in Washington, D.C. recently. “That’s something that I’ve grown to appreciate more and more so in the past several years — to say and to see that you can achieve this too, I’m no different than any of them.”
“My company employs 42 people (and growing), 40 percent of them women,” says Theresa Payton, CEO at Fortalice Solutions and the former White House CIO. “Also, fraud prevention and cybersecurity are now converging. And there are a lot of women who are in fraud operations — which was previously paper-based and is now digital — who can come work in cybersecurity.”
Payton, a visible spokesperson for the industry and the founder of a fledgling cybersecurity company, and the women working for her, would not count in the old 11 percent report. They aren’t employed by mid-sized or large corporations, and they aren’t coders — despite the fact that they are highly accomplished cyber fighters.
“When I first started hosting cybersecurity conferences (more than a decade ago) it was very rare, maybe out of the audience you’d have 2 or 3 women; now I’d say sometimes almost half the audience, maybe not quite half, but almost,” says Kim Hakim, a U.S. Navy veteran and founder of FutureCon, which produces events in 24 North American cities this year. “It’s great to see all the women that are now in the industry and it’s a great career for all of our daughters. The limits are endless. I mean, you can go very far in this industry.”
“I am seeing more women attending conferences now than ever before,” adds Payton. “And I don’t mean all women conferences where the events were based around discussing ways to fight the unfair balance of men and women in the cybersecurity space. I see a lot more women at the big cyber conferences. There are a lot more women involved than ever before.”
The RSA Conference USA 2019 held recently in San Francisco — which is the world’s largest cybersecurity event with more than 40,000 people and 740 speakers — is another measuring stick for representation of women in our field. “At this year’s Conference 46 percent of all keynote speakers were women,” according to Sandra Toms, VP and curator, RSA Conference, in a blog she posted on the last day of this year’s event. “While RSAC keynotes saw near gender parity this year, women made up 32 percent of our overall speakers,” noted Toms.
Cybercrime will more than triple the number of job openings over the next 5 years. Cybersecurity Ventures predicts there will be 3.5 million cybersecurity job openings by 2021. To fill the world’s open security positions, we’ll need to aim for 50 percent of women in cyber over the next decade. While some people may view that as an overly ambitious goal, it’s one that the cybersecurity industry must aim for.
“Cybersecurity is one of the only professions that has almost every job within it.” — Shamla Naidoo, Global CISO at IBM
Shamla Naidoo says that you can be an engineer, a communications person, or a developer, and find your place in the cybersecurity field. She points out opportunities for women to write policy, get involved with corporate governance, or to do hard-core forensics.
Cybersecurity Ventures concurs with Naidoo. Our @WomenKnowCyber list contains thousands of women in cybersecurity — many of them with strong cybersecurity technical skills and yet would not qualify to be counted into the old 11 percent survey.
Can we all agree to disagree with the notion that the cybersecurity field hasn’t made any progress over the past 6 years and we’re still stuck at 11 percent of women in cybersecurity – when there are so many experienced experts, analysts and data pointing to more female representation than ever before?
Out with the old 11 percent, in with the new 20 percent.
Related: (ISC)2 Aligns To Cybersecurity Ventures’ Women In Cybersecurity Prediction Of 20 Percent (includes analysis of the 11 percent figure).
– Steve Morgan is founder and Editor-in-Chief at Cybersecurity Ventures.
Sponsored by KnowBe4
KnowBe4 is the world’s largest security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering. We are a leader in the Gartner Magic Quadrant and the fastest-growing vendor in this space. We are proud of the fact that more than 50 percent of our team are women.