When it comes to the information security workforce, it’s still a man’s world.
An International Information Systems Security Certification Consortium ((ISC)²) and Booz Allen Hamilton survey found only 10 percent of women make up professionals in this field, dropping from 11 percent in 2013.
In certain sectors such as responsibility in governance and compliance (GRC), women are becoming more prominent, spiking to 20 percent in 2015 from 13 percent in 2013.
The proportion of women to men, however, remains stagnant. While it seems more women are entering the workforce since the numbers are growing globally, the percentage remains the same because it’s only growing with the rate of the cyber industry.
This proves to be an issue for hiring and retention in information security, especially since industry professionals predict a shortfall of 1.5 million cyber workers by 2020.
Dan Waddell, the managing director of the North America Region at (ISC)², said there are a number of factors keeping women out of information security, including an inability to recognize factors other than pay, as a basis for retention.
“Women are not purely motivated by salary, they’re motivated by possibly other things, like work-life balance, training programs, education programs, etc.,” Waddell said during an interview on Federal Drive with Tom Temin.
Almost 80 percent of women who participated in the survey cited flexible schedules as a “very important” factor for retaining personnel. About 75 percent of respondents said the same for IT companies paying for certain professional certifications, and just more than 71 percent felt offering training programs was also a necessity.
Age and education are another set of factors keeping women out of information security, since the average age of entry into the field is 30, with a typical education level of at least a master’s degree.
This, Waddell said, puts women in an uphill battle for job competition if they don’t yet have the workforce skills their older male counterparts have accumulated.
“Cybersecurity is a relatively new career field,” Waddell said. “If you look at a lot of the job descriptions that are out there, they’re pretty basic and they’re pretty generic. To people that may not be familiar with exactly what that means, it may be a little bit hard and a little bit challenging to break into that.”
Numbers in the survey also show that women are leaving government related information security jobs for the private sector at increasing rates, since private sector jobs are more likely to offer the non-monetary benefits women are looking for. That skews the numbers.
“The increase that we saw in the private sector in terms of women came from government and military. It wasn’t new women entering the workforce for the first time, inflating those private sector numbers,” he said. “It was robbing Peter to pay Paul.”
But Waddell said there are ways to promote recruitment and retention for women in the cyber space, primarily by introducing them to the field while they’re still young.
“College is definitely a way to kind of tap into that next generation, and even going back to the high school and middle school level to educate folks on exactly what it is and what it means to be a cyber security professional,” he said. “We always talk about the cyber workforce shortage, now let’s come up with some ideas and some ways and target some demographics to actually get that workforce gap [shrunk] and start to bridge that gap.”
Despite the slow progress, Waddell said he’s always happy to see more women take on leadership positions as time goes by.
“When I go to these meetings, I am seeing more and more women, I am seeing more minorities, not just at the events but in prominent roles, either on the dais or at the podium,” he said. “I think it’s great leadership. Any time you see someone up there in a leadership position that is out front and leading on this issue, it really helps others to join the industry. As these women are gaining steam and progressing through the IT career path, it’s an easier transition over to cybersecurity careers because that IT knowledge and hands on experience is so critical to being a successful cybersecurity professional.”