Michelle Cohen Quoted on the Underrepresentation of Women in Cybersecurity
Bloomberg BNA Privacy Law Watch
October 27, 2016
Women Underrepresented in Surging Cybersecurity Market
Women are underrepresented in the burgeoning cybersecurity field and companies may be losing out by not having more diversity on their security teams, industry professionals tell Bloomberg BNA.
Michelle Cohen, data privacy member at Ifrah Law in Washington, said that despite an abundance of job openings “women represent only 10 percent of cybersecurity professionals and the industry may reportedly have a staff shortage of 1.5 million people by 2020.” The lack of candidates can be traced to “women being underrepresented in intelligence, the military and security,” she said.
The cybersecurity industry is fast growing and offers high paying jobs. According to a 2015 Dice report, the average cybersecurity engineer earns $170,000 annually.
According to a 2015 Raytheon Corp. report, 52 percent of women job-seekers surveyed believed that “cybersecurity programs or activities aren’t available.” Paul Crichard, head of cybersecurity intelligence for Raytheon U.K., said in the report that “it’s just woeful that we don’t have anywhere close to the number of women we need in” cybersecurity jobs.
Michelle Dennedy, chief privacy officer at Cisco Systems Inc. in San Jose, Calif., told Bloomberg BNA that gender diversity in the cybersecurity workplace is valuable because it is very good for business. Leaders should understand that “the company’s bottom-line will grow as diversity increases,” she said.
Increasing the number of women in the cybersecurity profession “is less of a day-to-day game and more about legacy,” Dennedy said. Hiring more women for cybersecurity roles is a boon for innovation and will drive an increase of ideas in a diverse market place, Dennedy said.
Growing Cybersecurity Market
The increase in consumer demand for cybersecurity solutions has led to a heightened demand for computer security professionals for external and internal technology teams.
The cybersecurity market is expanding to new levels. According to an Oct. 12 International Data Corporation report, “worldwide revenues for security-related hardware, software and services will grow from $73.7 billion to $101.6 billion.” Because many companies are fearful of the next massive data breach—for example, the Yahoo! Inc. hacking attack that affected over 500 million accounts—there are plenty of job opportunities in the market.
A growing cybersecurity market will need an ample supply of talented cybersecurity professionals to meet the rising demand.
Debra Farber, co-founder of San Francisco-based advocacy group Women in Security and Privacy, told Bloomberg BNA that many tech companies miss the boat if they don’t hire women in cybersecurity roles.
Hiring gender diverse candidates will drive growth in the cybersecurity field by introducing innovative ideas that otherwise may have never reached product teams, security teams and the board room, she said.
Conference Gender Bias?
Each year, thousands of attendees flock to popular events that are well-known to cybersecurity researchers and professionals, such as the RSA Conference and Black Hat USA. However, the traditionally male-dominated cybersecurity events, also known as hacker conferences, may discourage some women from attending or fully participating, Farber and Dennedy said.
Networking and touting one’s computer security skills at the hacker conferences is an important entry point into the cybersecurity industry, Farber said. Attending a hacker conference allows candidates to present white papers on cybersecurity research and to compete in hacking competitions to show corporate leaders “what they are worth,” she said.
Farber said that some cybersecurity conferences may feature “women wearing scantily clad outfits” to attract new business partners, and this may be a turn off to women trying to enter the cybersecurity profession.
Dennedy agreed that the culture surrounding some cybersecurity conference may be “intimidating to some women.” These conferences and other cybersecurity-focused events should focus on the potential candidates’ knowledge and work ethic rather than women in “school girl outfits on Ferris wheels to attract the top security recruits,” she said.
Growth From Within
Women interested in the cybersecurity field or those already employed at large U.S. tech companies may want to call on corporate leaders to increase the number of internal and external cybersecurity training initiatives.
According to non-profit advocacy group Women’s Society of Cyberjutsu, women make up only 11 percent of the cybersecurity workforce. The U.S. government does a somewhat better job of attracting women cybersecurity candidates. According to Office of Personnel Management data, women make up approximately 25 percent of the federal cybersecurity workforce.
Companies should have outreach programs that bring in qualified female candidates to learn about the industry from “generational voices,” Dennedy said.
Cohen said that time isn’t running out for women to obtain board level cybersecurity position. “There’s definitely time for women to develop and advance their privacy and data security skills, but we need to take advantage of those opportunities,” she said.
‘Bucket of Ladies.’
Although gender diversity should be a goal for any company, “filling up the company with a bucket of ladies” isn’t going to cure the gender diversity problem, Dennedy said. Diverse voices and viewpoints from all corners of the company will help any cybersecurity team thrive, she said.
Cohen said that companies may attract more female cybersecurity candidates by offering more robust workplace flexibility programs.
Workplace flexibility “is incredibly important to many women” cybersecurity candidates, Cohen said. Companies that tend to “demand office time” instead of allowing work from home arrangements will miss out on female candidates that may be of great value to the organization, she said.
According to a 2015 Frost & Sullivan report, women in the cybersecurity profession are more likely to bargain for flexible work schedules — over 70 percent of female respondents — rather than more monetary compensation.
Although there is “nothing inherently wrong” with employee policies that don’t allow work-from-home arrangements, “it’s foolish to lose or miss out on amazing employees and candidates simply for being inflexible,” Cohen said.
At the end of the day, workplace “flexibility shouldn’t inhibit advancement” for women in cybersecurity, she said.