Opinion: Cracking the cybersecurity gender code
It's hardly news that women are poorly represented in tech. In 2015, women held just 25 percent of computing jobs, and companies such as Twitter and Google have been widely criticized for lacking gender diversity.
The cybersecurity field is even more imbalanced, with just 11 percent of jobs held by women, according to the nonprofit听.
Yet not every corner of the tech universe is equally male-centric. Consider the digital privacy field, those professionals charged with developing and implementing policies to protect employee and customer data from unauthorized access.
While privacy goes听听with cybersecurity, given its emphasis on protecting customer data, it has听. There are 听in the US, and.
Why is privacy faring so much better? It starts with the pipeline. Privacy is an accessible and multidisciplinary field that is frequently taught in law and public policy courses. As a result, professionals from law, policy, and human resource management have come to dominate the industry, bringing far more women into the field.
Contrast that to the pipeline feeding the cybersecurity workforce, which has traditionally drawn from male-dominated disciplines听such as computer science (including hackers and coders) and national security (especially military, law enforcement, and intelligence).
As a result, the culture of security largely mirrors that of technogeeks, cops, and spooks. (It's telling that Google gives its Site Reliability Engineers bomber jackets with听.)
In contrast, the privacy community has roots in issues that themselves favor gender balance: civil liberties, consumer protection, equality, and reproductive rights. For instance, Supreme Court justices in the听听wrote that the "right of privacy ... is broad enough to encompass a woman's decision whether or not to terminate her pregnancy,鈥 branding privacy as a core gender and feminist issue. Many women I have spoken with "found" their way into the privacy field following stints at other听advocacy organizations.
Workplace policies have also played a role in helping women in privacy. When it first emerged as a distinct role within companies, privacy was seen as a family-friendly space, perhaps offering flexible hours and less responsibility than other mid-career roles.
In contrast, security is perceived to be more competitive, as a failure to keep a network secure . Breaches can occur at any time, day or night, so work hours are not always family-friendly (though this听听as privacy and security become more tightly intertwined).
Of course, women in privacy still face significant challenges, including pay equity: the听mean salary for chief privacy officers remains听, while chief information security officers听generally make听, and in big companies, usually above $500,000.
The women I talked with also felt privacy was undervalued as a profession and is less respected than security. As privacy professionals spend more of their time managing the same data breaches as their cybersecurity counterparts, they often听face many of the same risks, but without the potential prestige or rewards.
On the whole, though, cybersecurity and other tech sectors would be wise to look to the privacy field for inspiration.听
Some suggestions:听
- Ditch the bro pipeline:听Start recruiting from fields outside of computer science, the military, and intelligence communities. Think about psychology, law, public policy 鈥 all fields that teach skills useful for deep cybersecurity problem-solving. Women in these fields bring a lot to the table 鈥 and can set examples for other women to follow.
- Find a newbie:听Whether you鈥檙e a woman or man in the field, think about becoming a mentor for young women. Many women I have spoken with say it was a mentor 鈥 and often a man 鈥 who encouraged them to pursue a cybersecurity career.
- Tout your security cred:听If you鈥檙e a woman in the privacy or security fields, don鈥檛 be afraid to sell your security accomplishments. I have noticed many women in the field focus on their privacy accomplishments, even though they also have strong security experience. This could be a result of听the general tendency for women to听
- Sell the human side:听Companies tend to market the industry as a cool, hacker-dominated space that needs "warriors" to police territory like the Wild Wild West. The industry could do more to market to women. Security, after all, is about protecting things that matter to people. Why not include that fact in marketing campaigns?听
- Be flexible, but not too flexible:听Companies should do more to support a diverse workforce, including offering telecommuting, flexible time, and family leave options. At the same time, there is risk in being too accommodating. As the privacy industry discovered, once an industry is perceived as female-dominated, it can be accompanied by lower pay, lower prestige, and limited upward mobility.听
It鈥檚 not clear whether having a male-dominated workforce affects security or other outcomes of the tech industry, but we do know that problems emerge whenever a single gender 鈥 male or female 鈥 dominates an industry. That's especially true听for the workers who are听听and for how their majority workers perceive them.
A gender imbalance can keep important issues out of the public debate, too, and that鈥檚 a problem for anyone who cares about security, in the digital realm or in real life. Cybersecurity is one of the greatest challenges we are facing, and the best way to develop effective solutions for tomorrow will be to ensure that everyone鈥攎en and women alike鈥攊s given a seat at the table today.听
, the executive director of the and a , was recently named one of SC Magazine's "Women in Security Power Players." She would like to thank Elizabeth Weingarten from for her assistance with this article.
听
