We might not know what the new year will hold for us, but there's one thing you can count on: there will be more and more cyber attacks on businesses and individuals. DDoS attacks, Ransomware and hijacking of IoT devices are bound to double or triple in the coming months, and are projected to cost business upwards of $2 trillion by 2019. In order to defend your company and customers from (or better yet stave off) attacks, you need an agile team with a diverse set of skills and abilities. Not only does such a team allow for greater reach and a wider range of expertise, it also all but insures better employee satisfaction and retention.And yet, even though diversity of perspectives is key to devising innovative solutions, InfoSec currently has a big problem with lack of diversity.
To say that InfoSec is a growth industry is to grossly understate the facts. There were over 1 million openings in the Cyber security sector in 2016. More over, demand for well- qualified InfoSec professionals is set to exceed 6 million globally by 2019. What was a $75 billion industry in 2015 is set to rise to over $170 billion in 2020. There is no other sector in IT, or perhaps any other industry, that shows similar growth potential.
And still, women who comprise 51% of the US population only make up 11% of info sec workers. And the statistics for minorities are even more daunting. According the US Department of Labor only 5.2% of security analysts are hispanic, 3.2% are Asian-American, and 3% are Black/African-American.
If we expect to to meet the ever-increasing security demands, industry has to do far better. And better means not only encouraging more women to enter the field, but to stay there. (For more on attracting and retaining women in tech, read here)
Begin At The Beginning
Certainly the best place to start making meaningful changes in the make-up of the IT sector is in early education. And there have been some hopeful signs of progress in recent years. (For more innovative STEM programs, read here and here.)
But what if industry got more actively involved? What if businesses took an active role in educating, training and recruiting more women and monorities?
Well some have.
One such example of businesses getting involved in and supporting education programs is the Scholarship for Women Studying Information Security (SWSIS) sponsored by Hewlett-Packard. The program, which supports women studying the theory and practice of security, is offered by more than 60 accredited universities.
Another great example of industry offering support to girls early in their education is Dell Computer's partnership with GirlStart. This volunteer run organization is devoted to implementing innovative, high-quality STEM education to inspire girls to transform our world.
Lead From The Front
One of the most important things companies can do to encourage women and minorities to move into security is to foster a business culture where diversity is celebrated. Highlight the achievements of your entire team, and allow individuals to shine. Women and minorities need to see people like them succeeding in order to feel that they too can step in.
Hiring managers need to look past direct experience when vetting candidates and look for the dynamic range of skills that make for a good security professional. A focus on collaboration and teamwork creates an environment where more women can thrive. And where you have thriving workers, you have increased productivity, creativity and better protection for your data.
There are a number of professional organizations and educational institutions all geared toward fostering and supporting women in InfoSec. These networks play an important role in fostering support, encouragement and training, and business would be wise to support them.
A participant at the 2016 Women in Cybersecurity Conference said it best when she was quoted on the website as saying: “ As an information security officer for a global company, there are very few women in my peer set. It is exciting to see so many young women passionate about the field, and I believe everyone benefits when women are encouraged to pursue stem fields as, otherwise, we limit ourselves from an entire pool of potentially successful candidates and peers, simply because, as girls, we are not encouraged to pursue technical careers. ” Business can do its part by supporting these organizations and letting them know they are interested in widening
Additional resources include:
The SANS Cybertalent Immersion Academy for Women launched by SANS Cyber-talent Immersion Academy in 2015 offers an accelerated training and certification program geared toward getting more women into roles in Cybersecurity.
Women's Society of Cyberjutsu is a not-for-profit organization devoted to providing training and support to women in InfoSec. Their focus is on everyone from the seasoned professional to the recent grad interested in learning more about the field.
Women in Cybersecurity brings together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. They are hosting organization for the Women in Cybersecurity Conference as well.
The Society for InfoManagement launched SIM Women after Kristen Lameroux, the groups founder, attended the 2006 Tri-State CIO Event and discovered that there was great need for a way to promote communication, mentorship, leadership and career development amongst the female members of SIM.
Jane Frankland is a CISO advisor who has built her own global penetrating testing firm. She writes and speaks frequently about women in cyber security, and is currently writing a book on women in InfoSec due out in 2017.
Business cannot just sit by and allow all this available talent to languish on the sidelines. Companies, recruiters, educational institutions even certifying bodies need to get involved and help create a more inclusive, collaborative industry not only for the sake of on-line security, or their bottom line, but for the health of society at large.