April 12, 2019

Cracking the gender code in cybersecurity

Last week at Forcepoint’s Cybersecurity Leadership Forum I had the pleasure of moderating the panel entitled The Workforce’s Way Forward, which focused on how we as cybersecurity professionals can close the skill and gender gap in cybersecurity.  As someone who has worked in the industry for 25+ years I have personally witnessed more women entering the cybersecurity field in recent years; however, the statistics and data continue to show that cybersecurity is still overwhelmingly dominated by men. Women account for less than a quarter of the cybersecurity workforce and are five times less likely to hold leadership positions.

During the panel, I was joined by a dynamic group of women working in cybersecurity including Stacy Dawn, CISO & Chief Privacy Officer of EXIM, Wanda Jones-Heath, CISO of the U.S. Air Force and Ashley Rose, Founder & CEO of Living Security. Our discussion focused less around why there aren’t more women in the field and more on what new ideas and new approaches can be leveraged to promote the field to women. Ashley Rose remarked “Diversity and inclusion is simply not just an optics issue, but it is a business issue which impacts innovation.”

I personally believe that we can’t get ahead of the problem by simply supporting the existing women in the cybersecurity workforce. We must build the pipe by reaching out to younger women in high school and encourage them to pursue cyber-based opportunities. I am heartened by initiatives such as Girls Go CyberStart which was created by the SANS Institute and 27 state governors. This interactive digital challenges series is designed to introduce young women to the field of cybersecurity. In 2018, 6,554 high school girls registered in the program in just 17 days, and while 35.6% of the girls had an interest in cybersecurity before playing, 69.8% said that they will consider a career in the field after playing Girls Go CyberStart. Efforts such as these must be more widespread and encouraged. We were joined by special guest Cara Cornel, graduate student from Brigham Young University, who is also a regional winner of the DoE’s national cybersecurity contest.  When the question was posed to Cara, “What motivated you to be in Cybersecurity?” she had a very intriguing response. She was motivated by Hollywood’s view of cybersecurity, and really loved the challenge of cracking the puzzle. After all, Hollywood can play a very influential role in closing the gender gap!

Beyond introducing cybersecurity as a career option earlier on, we also discussed other initiatives such as encouraging women to explore cybersecurity as a second or third career. For example, in a recent study by New America entitled New Ways to Bring Women Into and Up Through Cybersecurity Careers, a cybersecurity “returnship” boot camp program is proposed which could target and recruit groups such as stay at home mothers or women who have had to drop out of the workforce. Stacy Dawn shared her experience creating career rotation opportunities for women with non-security backgrounds into her team, which not only brought more gender diversity, but also enriched the cognitive diversity of the entire organization.

In closing the panel, we all agreed that building a culture of mentorship amongst women in cybersecurity is also key to cracking the gender gap code. These mentor roles, however, should not just be limited to women mentoring women and should include efforts from our male allies to teach and share their expertise with women. Wanda Jones-Heath is a living example of fostering formal and informal mentorship in an organization challenged with gender diversity. 

I truly enjoyed the lively panel discussion during the session, but more than that I appreciate the commitment from each of the women who spoke to do what they can move our cyberworkforce forward!

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.