Opinion: For gender diversity in cybersecurity, fix the image problem
If we are failing to recruit women, we are failing to recruit people who could contribute to this field and help narrow the staffing gap 鈥 which is critical to stopping the onslaught of breaches.
A mostly male audience at the recent Black Hat USA cybersecurity conference in Las Vegas.
Steve Marcus/Reuters
So many of the ads for cybersecurity听jobs, products, and services are filled with ominous voiceovers听and听images of pipes, binary听code, and masked hackers.
They听portray working in cybersecurity as a career in the shadows,听a field听made up of听secretive techies who toil through the night, fueled by Mountain Dew, relentlessly defending our networks from attacks and intrusions.听
An online search for 鈥渃ybersecurity jobs鈥 returns job postings seeking candidates who possess an alphabet soup of certifications, 鈥渘injas鈥 who like to 鈥渨ork hard and play hard,鈥 and militaristic calls for "cyberwarriors."
These ads are certainly attention-grabbing. But ultimately, this one-dimensional portrayal is problematic,听because听they are only tailored to half the population: men.
We鈥檙e facing a severe cybersecurity staffing shortfall (听a gap of 1.5 million workers听globally听by 2020).听Yet听women comprise听听of the worldwide information security workforce. While听there are myriad programs designed to attract more women into the field, from educational initiatives to revamped human resources strategies, few听are tackling a more foundational issue: cybersecurity has an image problem.
If that doesn't change, there are serious implications for us all.听We听need more people working in cybersecurity,听full stop.听If we are failing to recruit women, we are failing to recruit听people听who could contribute to this field and help narrow the staffing gap 鈥撎齱hich is critical not only to stopping the onslaught of breaches,听but also to the effort to ensure broader international security in cyberspace and beyond.
Cybersecurity: What鈥檚 in a name?
鈥淵ou can鈥檛 be what you can鈥檛 see,鈥澨齮he saying goes.听It's听an adage that reflects the importance of imagery and visible role models to reflect the range of women鈥檚 potential roles (or lack thereof) in fields where there are gender disparities.听 The words and images we use to describe a career field matter, because they send implicit messages about what is acceptable in a given profession. This is particularly true when it comes to cybersecurity-related imagery. Stereotypes are reinforced constantly in the media, most often as male white hackers donning hoodies, working through all hours of the night, with a penchant for poor dietary choices and science fiction.
These portrayals are slowly starting to change. For example, Sheryl Sandberg鈥檚 Lean In initiative recently celebrated the 2-year anniversary of the听听on Getty Images, which aims to change the way the media portrays women via positive and realistic stock images. But there's still a lot of work to do to dislodge long-held misperceptions about what it means to work in science and technology.听University of Michigan Professor听Eileen Pollack鈥檚听opinion piece听in The New York Times, 鈥,鈥 pointed to stereotypes as a stumbling block for girls in tech, noting that 鈥渁t a young age, girls already hold stereotypes of computer scientists as socially isolated young men whose genius is the result of genetics rather than hard work.鈥
There are many studies that say听听meaningfully impact attitudes about the types of people best suited for that career. This was illustrated famously in the 鈥, which investigated children's perceptions of scientists and found the most common stereotype was a white male wearing a white lab coat, even across grades, gender, racial groups, and country.
The words used to describe career paths in a field can similarly illuminate or darken career pathways. Let鈥檚 take the听word听鈥渃ybersecurity鈥澨齣n itself.听It has become shorthand for any topic under the broad umbrella of keeping听computers, networks,听and the information they hold and transmit safe.
But cybersecurity isn鈥檛 limited to the technical domain, and success as a professional (both male and female professionals) requires more than just coding skills. Broadening cybersecurity鈥檚 definition and rethinking how we portray it in the media and in job ads is an opportunity to attract a more diverse workforce and expand the roles women can play in this field.
听
So, who has cyber skills?
Of course, many of the core concepts underpinning information security are rooted in technical concepts. But as the cyber threat landscape becomes more complex, cybersecurity as a field must evolve to address them, which means recruiting people with different perspectives and approaches to problem-solving. We have to start talking about cybersecurity and the skills required to succeed in the field in a more multidisciplinary way. 听
What does that look like in practice?
It could mean suggesting to students studying foreign affairs that they should consider a career in听cybersecurity.听After all, the issue听is now discussed at the听. A regional studies expert with a background in political science could help analyze and predict different countries鈥 approaches towards cybersecurity, and the motives that might drive a country to attack.
Behavioral and data scientists, too, are potential professional recruits: The cybersecurity field is increasingly听听to identify insider threats or identify anomalies in large sets of data.
MBAs are also part of the pipeline; US businesses must make decisions every day on where to invest limited resources, and听听in those discussions.
All of these professions have something in common 鈥 they value and reward strong communications skills. So, too, does cybersecurity: A听听put communications skills at the top of a list of attributes perceived to be most necessary for success in the field.
This means educators shouldn鈥檛 prioritize learning to code at the expense of teaching effective verbal and written communications and critical thinking. The role that 鈥渢ranslators鈥 can play in bridging the gap between technical and non-technical people working on cybersecurity will also be key to our future success. For example, as legislators grapple with the complexities of cybersecurity, technologists who are also skilled communicators can work to 鈥渋nterpret鈥 some of these concepts to less-technical lawmakers. One such initiative is听, a fellowship that places technologists in Congressional offices to explain and socialize technical concepts to policymakers.
Next steps听
The first step is making sure women are aware of the field in the first place.听 Getting more women involved in STEM education, teaching girls how to program with initiatives like听, and teaching cybersecurity at earlier stages of education are all initiatives that will bear fruit down the line as more women are educated in a system that normalizes these fields of study.
Next: recruitment. Employers need to rethink their recruitment strategies and job postings. One start-up,听听consults companies on how to remove language from job openings that may discourage female applicants (particularly 鈥渂rogrammer鈥 language that Silicon Valley firms tend to use, like ninja, 鈥渨ork hard, play hard鈥 and touting perks like free Red Bull). This reduces the chance that companies keep hiring more of the same and encourages more diverse, and ultimately effective, teams.
Finally, retention. A听that a many women in the engineering field leave because of hostile work environments, citing, among other things, a dearth of female role models and inflexible work schedules, and a structure that doesn鈥檛 adequately develop and promote female staff. Similar sentiments have been echoed across the broader tech industry.
Attracting more women to this field could have immense consequences for the global economy and state of security. The sooner we expand the language and imagery we use to discuss the cybersecurity field, the better equipped we鈥檒l be as a country to address and prepare for the cyber threats of听tomorrow.听
Jen Weedon is an expert in cyberthreat intelligence, most recently with FireEye/Mandiant, and wrote this piece as a contribution to New America's Women in Cybersecurity project, part of its听. Follow her on听.
听