Though overall female representation in the cybersecurity workforce has remained relatively unchanged for the last two years, according to a new (ISC)² study, women are taking on more important roles as information security professionals.
Though the number of women in the information security profession is growing, the “Global Information Security Workforce Study” finds that increase in step with the growth of the industry as a whole, resulting in a stagnant 10 percent female segment of the workforce.
Despite that flat growth, (ISC)² found in its report — in partnership with Booz Allen Hamilton and conducted by Frost & Sullivan — that the women in the industry have better skill sets for and are more likely to take on important roles, like governance, risk and compliance (GRC). One in five women in the cybersecurity industry take on GRC roles, the report revealed, while just one in eight of their male counterparts do the same.
The report authors found this important for two reasons.
“First, the GRC role was, until the events of 9/11, a relatively obscure role in InfoSec,” authors wrote. “Now, however, not just women but also men recognize the rising importance of this role and other roles concentrated in managing business risk. Second, women, more than men, seized upon the growth opportunities in GRC early on. Thus, women as a percent in GRC roles is double their percent in all of InfoSec—20% versus 10%.”
In a panel that accompanied the survey, several female cybersecurity leaders also described women as natural fits for these risk management roles, in many cases taking on opportunities that men wouldn’t as a starting point for success.
“I saw an opportunity that no one else saw or wanted: document the systems and processes we were developing,” said Alice Fakir, executive director at Morgan Stanley, according to the report. “Taking on that role led to additional work in project management, which led to being the lead client manager, which led to a successful career in InfoSec consulting.”
Women tend to exhibit different skill sets as well, the report asserts, which make them an important part of the team in an increasingly complex world of cybersecurity.
“Women’s natural tendency is to collaborate, bring teams together and to connect the dots and gain the trust of a diverse set of teams throughout the enterprise,” said Julie Talbot-Hubbard, associate vice president for IT Engineering, Infrastructure & Operations at Nationwide, during the panel.
Dan Waddell, (ISC)² managing director for the North America region and director of U.S. government affairs, said his own experience reflected this notion.
“There were outstanding women that were fantastic around conflict resolution and collaborating and binging people together and being open to different ideas and different perspectives,” Waddell told FedScoop. “That one particular focus area seems to be attracting women above maybe some of the more really hardcore techie types of positions — the keyboard jockeys, if you will.” But that also means there’s an opportunity to encourage women to take on the technical roles as well, he added.
And as the information security industry — especially within the federal government — struggles to maintain a workforce capable of facing evolving challenges in cyberspace, (ISC)² believes bringing more women into the workforce is an absolute imperative.
“The information security field is expected to see a deficit of 1.5 million professionals by 2020 if we don’t take proactive measures to close the gap,” (ISC)² CEO David Shearer said in a statement. “Knowing this, it is rather frustrating to realize that we do not have more women working in the industry. Only 10 percent of information security professionals are women, and that needs to change.”
“We have to do a little bit better job in translating exactly what a career in cybersecurity is,” Waddell said. “It’s a relatively new field, and there’s probably a pretty large portion of folks out there that really don’t know how to break into it.”