There are more than two and a half million unfilled cybersecurity positions worldwide and the jobs that are filled are overwhelmingly done by men. Getting more women into cybersecurity would not only improve representation but also help solve a skills crisis. So, how do we do it?
That was the topic of discussion at a recent World Bank seminar ‘Women and Cybersecurity: Creating a More Inclusive Cyberspace’. Participants heard from a range of prominent cybersecurity professionals and industry experts, who described the challenges facing women in the sector and detailed some potential solutions.
Introducing some of those solutions, Francesca Bosco, from the CyberPeace Institute, said: “Diversity in the cybersecurity sector is critical for success, especially when trying to defend against ever more inventive threat actors”.
Estimates vary as to the proportion of women in the cybersecurity field, but most put it somewhere between 10 and 25 percent. As Latha Reddy, co-chair of the Global Commission on the Stability of Cyberspace, put it, “we want to see a world where all that matters is whether you are qualified and can you deliver”.
Stereotypes are still a problem, however. If the ideal cybersecurity professional is seen to be someone with stereotypically male attributes, such as risk-taking or being openly ambitious, then this will not only affect who is hired but also the culture of the workplace itself, from who leads to who gets assigned the big projects.
Gender stereotypes cross every area of society, so the solution needs to be partly social. Some panellists talked of the importance of reaching girls early and making it clear that STEM subjects, computing, and cybersecurity in particular, could be a rewarding career for them.
Panellists also highlighted the importance of training, pointing out that getting into cybersecurity at any age can be done without a formal degree because of the wealth of training available.
For Kerry-Ann Barrett, cybersecurity program manager at the Organization of American States, training should extend beyond employees. Barrett’s organization has recently launched a Massive Open Online Course (MOOC) on digital security with a gender perspective, with 500 women already signed up. Rather than training cybersecurity professionals, the course is designed to help women improve their own digital security, which is an issue of particular concern in the region.
This touches on a vital issue: cyberspace is often a more hostile environment for women. Bullying, stalking, impersonation and other threats are all disproportionately experienced by women, panellists argued, something that needs to be addressed alongside efforts to increase representation of women in cybersecurity.
Getting the right program for the region is vitally important, said Confidence Stavely, founder of the CyberSafe Foundation in Nigeria. She said: “Girls are coming out of school not knowing how to use a computer, so how can they get into cybersecurity?” The first job of her foundation is often to teach girls basic computing before it can move on to cybersecurity.
Ultimately, no one solution will benefit all women. Katharine Millar, Assistant Professor at the London School of Economics, said that interventions need to be tailored to their audience. She said: “Talk to the women the policies are intended to support to ensure they will accomplish what is intended.”