IT’S NO SECRET that IT continues to be a man’s world. The same is even more true for cybersecurity, where women make up just 24% of the industry, according to (ISC)², the association best known for the CISSP (Certified Information Systems Security Professional) certification. Increasing that number to 50%, the goal of (ISC)², will require greater access to education and training, mentorship, and a more inclusive workplace.
“Universally, what we found is that education and experience get in the way of people moving into the profession,” says Clar Rosso, CEO of Alexandria, Va.-based (ISC)². Job postings, for example, often list three to five years of experience for entry-level positions. This is a surefire way to deter anyone who has just graduated from school from applying.
Clar Rosso
While technical skills are important, she suggests that employers should also consider a candidate’s “soft” skills such as critical thinking, analytical abilities, communication, creativity, and collaboration. “We have to demystify cybersecurity careers from being these highly technical, backroom jobs to very dynamic jobs that are focused on problem-solving,” she says.
Be Willing to Upskill
Another tactic is to weigh what qualifications you need right away versus what skills you can train for later. For instance, (ISC)² is piloting its Entry-Level Cybersecurity Certification, designed to enable individuals to gain basic cybersecurity knowledge. With this certification, Rosso says, the organization aims to help job candidates land entry-level cybersecurity positions, in hopes that employers will then upskill them according to their requirements.
Angela Hogaboom, sales director at SugarShot, an IT services firm headquartered in Los Angeles, urges employers to upskill existing employees, particularly women, with an interest in pursuing cybersecurity careers and provide them a path for growth. “That will work out much better in the long run, rather than trying to go after the seasoned professional who may get a bigger offer someplace else, shortly after they come on board,” says Hogaboom, who is also president of the Colorado chapter of Women in CyberSecurity (WiCyS), a global organization focused on advancing women in cybersecurity, headquartered in Cookeville, Tenn.
Angela Hogaboom
Recruiting cybersecurity talent internally and providing the necessary training not only saves money, Hogaboom notes, but addresses the overarching hiring challenges all companies are facing. “It’s a lot more cost-effective to train up and to upskill your current employees then to hire new ones, sometimes,” she says. “There may be a good pool of talent sitting there, waiting for the opportunity.”
Promote Mentorship and Inclusion
Another reason women are underrepresented in the cybersecurity industry is that many who enter the field don’t stay, notes Rosso. However, she adds, those women who have access to mentors––even on an informal basis––are more likely to continue growing their cybersecurity careers. “Having somebody that you can share ideas with and ask questions [of] turns out to be very valuable and important in people staying in organizations,” says Rosso.
Lynn Dohm
An inclusive work environment is also key to retaining female cybersecurity professionals, notes Lynn Dohm, executive director of WiCyS. This means that business leaders need to make sure that women are given equal time to share thoughts during meetings; that they enjoy equal opportunities for advancement; and that they receive equal pay for equal work.
“These are all equitable actions that create that space of trust, and then belonging—and diversity stems from that,” Dohm says. “People remain because they feel respected and valued.”
For Dohm, successful cybersecurity teams require a mix of genders, identities, ethnicities, cultures, and lived experiences.
“We need to be able to have that diversity of thought and all hands on deck to solve the challenges as they’re coming in,” she says. As malicious parties continue to grow increasingly sophisticated in their attacks, having access to different viewpoints is crucial. “You need a multidimensional/multiperspective attitude to come up with a solution to remediate and move forward.”
For more resources and content on diversity, equity, and inclusion from ChannelPro and CompTIA, go here.
Image: iStock
