Women comprise only 11% of the global cybersecurity workforce, according to the biennial Women in Cybersecurity Report from (ISC)2 Foundation released a week ago. In the Asia Pacific, the figure drops one percentage point where the fairer sex represents just 10% of these niche professionals in the region.
The web-based survey was conducted by Frost & Sullivan on behalf of (ISC)2 and the Executive Women’s Forum between June and September 2016. It involved over 19,000 cybersecurity professionals from 170 countries.
What stands out from the report is that the gender gap percentage has remained stagnant in the last four years, despite the rapid rise in the number cybersecurity practitioners with more than 52% of millennial females holding a computer science degree.
“We are already facing a significant skills gap in cybersecurity with positions going unfilled,” said Sam King, chief strategy officer, Veracode, which is one of the sponsors of the report. “If we continue on this track, we will be unable to secure the digital economy. We need to examine why it is that the next generation of workers is not pursuing careers in cybersecurity, but especially women.”
Indeed, the report showed women have higher levels of education than men with 51% holding a master’s degree or higher, compared to 45% of men. Despite of this, fewer women hold positions of authority (director level or above). In Asia Pacific, 40% of the respondents said they are involved in non-managerial function of cybersecurity. What’s more, women on average earn a lower annual salary than their male counterparts.
Breaking the mold
For the first time in the Women in Cybersecurity survey, respondents both male and female in North America and Latin America were asked questions about diversity and inclusion. The results showed that 51% of women compared with 15% of men have experienced discrimination in the workplace.
While this may be the case, female cybersecurity professionals interviewed by Computerworld Hong Kong said that what’s holding back many women from venturing into this field is their own inability to break free from long-standing stereotypes.
“You don’t have to be good in math or to be technology-savvy in order to pursue studies in cybersecurity,” said Parisa Tabriz, self-styled security princess at Google, who heads the team responsible for the security of the Chrome web browser.
What is important is the willingness to step out of one’s comfort zone. She cited a research study some years back that said women are less likely than men to apply for jobs that they don’t meet all the qualifications for. And now as a cybersecurity advocate, Tabriz is telling women to just go for it.
“As a computer science student, I applied for the Cybersecurity Internship in California for which I was not qualified at all. I read a lot of articles online about what cybersecurity right before the interview on the phone. I got lucky that the questions they asked happened to be related to something that I know,” she recalled.
“My dad always said just try to get it. If they say no, it is okay. So I always say to people to just try, if nothing else, you get experience. Don’t be afraid to hear no,” she added.