GENDER

DIVERSITY AND THE

CYBERSECURITY INDUSTRY: SECURING


A FUTURE OF EQUAL REPRESENTATION


























MOLLY LANKISCH


DECEMBER 4, 2018
COMMUNICATING MEDIA INSIGHTS
INTRODUCTION

The United States cybersecurity industry has a critical responsibility to its citizens as the country
continuously pushes towards a digitally-concentrated future that leaves classified online
information at a greater risk of being threatened by advanced cybercrime. As an industry that is
meant to protect the data of every citizen, its current employment structure lacks the diversity of
gender we have in this country.

Companies in the field of cybersecurity who are looking to improve the state of gender diversity in
their workforce should be asking the women’s perspective. They are unaware of the effective steps
that would attract more female applicants to their department positions. They hold little
knowledge on how pursuing equality in the workforce will impact the future performance of their
companies and the industry as a whole.

The industry cannot protect all of its consumers equally when the majority of its employees
only stand for half of the country’s population. Gender inequality is a critical issue that needs to
be addressed by the information security industry if they want to remain effective. Diverse
perspectives generate different viewpoints that make employees in cybersecurity think uniquely
about the complex internet security problems the industry deals with today. This document
provides the companies with the knowledge and strategies needed for the development of the
female workforce essential to the future of our nation’s online security.

CURRENT CHALLENGES

According to the 2017 Global Information Makeup of the United
Security Workforce Study, women only Gender States Cybersecurity
represent 20 percent of the cybersecurity Workforce (%)
industry in the United States. It is not Male 80
uncommon for there to be a “sole woman in
Female 20
a group of 100 men” at cybersecurity
Figure 1: In 2017, men outranked women by 60
conferences. percent in the cybersecurity workforce.(Frost
and Sullivan)
 Makeup of the United States
Cybersecurity Workforce by Gender

Male

Female

0 20 40 60 80 100
(%)

Figure 2: The cybersecurity industry in the United States has an unequal representation
between men and women employees (Frost and Sullivan).

This evident underrepresentation is due to the industry's male-dominant culture that embraces
hypermasculinity and deters women from entering into the cybersecurity industry. When people
think of the term cybersecurity, they may think of the “hacker” image: boys hiding in black
hoodies staring at computer screens. Instead, the cybersecurity industry is comprised of talented
professionals protecting the online information of thousands of individuals. The hacker myth
carries a negative connotation and deters female applicants from pursuing a career path in the
business.
Women decide early on in their life what careers they want to pursue and which areas they want
to avoid. In the Science and Engineering Indicators 2015 report conducted by the National
Science Foundation, women only represented 18 percent of undergraduates with degrees in the
area of computer science.

Computer Science Undergraduate Degree Attainment (%)

Year Female Male
2000 28 72
2003 27 73
2006 21 79
2009 18 82
2012 18 82
2015 18 82
Figure 3: Despite the rise in technology, women have become less inclined to pursue degrees
in the area of computer science (National Science Foundation).

In this report, the comparison between female and male representation expands beyond the
workplace and into the classroom where potential applicants lie.

Computer Science Undergraduate Degree Attainment by Gender

Female Male
100

90
82 82 82
79
80 73
72
70
% of Degrees

60

50

40
28 27
30
21
18 18 18
20

10

0
2000 2003 2006 2009 2012 2015
Years

Figure 4: From 2000 to 2015, there has been a 10 percent decrease in the number of
computer science degrees attained by women. (National Science Foundation).
Once women have a position in the workforce, there is a new set of challenges they will
encounter. An estimated 51 percent of women in the United States have encountered a form
of gender discrimination in the cybersecurity Forms of Gender Occurrences in the
workplace. In a 2017 Global Information Security Discrimination workplace (%)
Workforce Study completed by Frost & Sullivan, 87 Unconscious
87
Discrimination
percent of female cybersecurity professionals
Unexplained denial
experienced unconscious bias. or delay in career 53
For this report, the focus was on the five most advancement
common forms to illustrate the bias women face on a Exaggerated
Highlighting of 29
daily basis and how it continues once they move into
Mistakes
cybersecurity workforce. And regardless of their Tokenism 22
education degree attainment, men ultimately receive a Overt Discrimination 19
higher wage than their female counterparts in every Figure 5: 53 percent of women face a delay
cybersecurity position. in their career when working in the
cybersecurity industry. (Frost and Sullivan)

Forms of Gender Discrimination in the Cybersecurity Workplace

Unconscious Discrimination

Unexplained denial or delay in career

advancement

Exaggerated Highlighting of Mistakes

Tokenism

Overt Discrimination

0 20 40 60 80 100
Occurrences (%)

Figure 6: The alarmingly high rate of gender discrimination in the workplace contributes to the

lack of women working and staying in the cybersecurity industry. (Frost and Sullivan)
FACING JOB GAP CRISIS

These issues challenge the industry’s ability to retain a diverse set employees, but little action
has been taken by its leaders to improve this unequal environment. This contributes to the
industry’s expanding job skills gap that will leave an estimated 3.5 million positions unfilled by
the year 2021. Jobs are in high demand, but companies struggle to hire the talented, diverse
supply they need.

What does this gap mean for the future security of our country?

For the purposes of this report, I Years Data Breaches (000s)
focused on the past 4 years in order 2013 614
to display the prominence of
2014 783
cybercrimes owing to the industry’s
expanding job gap crisis. The
2015 780
number of data breaches have 2016 1,091
nearly doubled in the 21st century 2017 1,579
since the year 2013. Figure 7: The year 2017 is highlighted in purple to

emphasize the shocking growth of cybercrimes within only
four years (Identity Theft Resource Center).

1,800
1,600
1,400
Data Breaches (000s)

1,200
1,000
800
600
400
200
0
2013 2014 2015 2016 2017
Years

Figure 8: With the advancement of technology, the number of data breaches has been on a rapid
increase since 2013 and is expected to rise in the future (Identify Theft Resource Center).
In particular, the largest increase occurred from 2016 to 2017 with exactly 488,000 more
data breaches. This evidently shows that cybersecurity companies cannot stay ahead of the
complex cybercrimes with their severe shortage of skilled professionals. As a result,
people’s online information will be further susceptible to security threats that end up
costing the world an estimated 6 trillion dollars in damage by 2021.

ACTIONS TOWARD SUCCESS

The state of the cyber industry may appear unpromising, but having an equal space for
women is key to eliminating the job gap crisis. The two following categories each contain
three solutions that companies should utilize when working towards an equal workforce.
The first is improving the workplace environment and the second is creating opportunities
for the future employees.

Improvement in the Workplace

Create a work environment friendly to female professionals

If companies want to have successful futures, they need to establish a stable workplace
culture in which every employee feels welcomed. A work culture that fosters equality and
supports women will generate a higher number of female applicants and encourage those
in the company to continue working there.

In order to build this environment, companies should implement these three solutions:



Build Create Implement

flexibility professional zero-tolerance

into employee development harassment

work schedules opportunities policies



1. Build flexibility in the workplace

There is a lot of responsibility as a working mother since women are still viewed as today’s
primary caregivers. Women feel they have to put their careers on hold when it comes to
having a family. And in an industry like cybersecurity where diverse skills are desperately
needed, there is little room for the company to lose employees or money due to being a
parent.
Flexible scheduling demonstrates the company’s sense of respect to the lives of their
employees. In particular, women are more likely to apply for business positions that
provide them with this balance. This results in a higher retention rate among female
professionals and gives all employees the opportunity be more productive in their work
which could leads to a future decline in the recent rise of cyber breaches.

2. Create professional development opportunities

Professional development programs play a significant part in the advancement of one’s

career. When employees have the chance to develop skills in and outside of their
profession, it allows them to further grow and feel more committed to the career.
According to the 2017 Global Information Security Workforce Study, female cyber
professionals who were given access to sponsorship, mentorship and leadership
development programs felt more valued by their companies.

3. Implement zero-tolerance harassment policies

In today’s world, the discussion of harassment against women is an important matter that
needs to be taken seriously. With 51 percent of female cyber professionals experiencing
this treatment in North America, harassment has unfortunately become commonplace with
the hyper-masculine employee behavior .
In a zero tolerance policy, there is “no form of unlawful discriminatory or harassing
conduct by or towards any employee, member, vendor, or other person in our workplace
or jobsites [that] will be tolerated”. Security companies that enforce this type of policy are
expressing that they recognize the issue and want to create a safe environment for each of
their employees.
Create Opportunity for the Future
Develop practices that build a brighter future for future female cyber professionals

The future of the cybersecurity industry will be heavily reliant on the young individuals
who were born into a world already filled with technology. Their fresh minds, innovative
spirits and diverse perspectives will play an integral part in solving the industry’s current
challenges . By guiding more females in the high school and university setting towards
the cyber industry, the rate of gender diversity will increase as the job gap decreases.

This can be achievable by implementing the three recommendations found below:



Use a. I
Participate in

Inclusive Eliminate n
the female-oriented
Marketing c
wage gap cyber conferences
l
u

s

i
1. Use Inclusive Marketing v

e
When recruiters are looking to attract a more diverse gender makeup, college job fairs
M
provide an opportunity to revamp the industry’s negative images and target female
a
audiences in college. By emphasizing cybersecurity as an exciting industry for people in all
r
different areas of expertise, women will not feel the previous level of exclusion and will be
k
more inclined to apply in this field of study when searching for internships or post-
graduate jobs. e

t

i
2. Eliminate the Wage Gap
n
For the stream of female security professionals, they should be entitled to the same wage as
g
a man. This matter is challenging and will most likely not be resolved in the next few years,
but it would make a substantial difference when women in the future decide which
company to work for. Women obviously pick the business that would provide them with
the same wage as their male coworkers.

 Science and engineering professionals with
Gender doctorate degrees median annual salary in
2013 ($)

Male 80,000
Female 55,000

Figure 9: In the fields of science and engineering, the wage disparity is
quite evident and men have the advantage when it comes to earning more
than their female counterparts.


100,000
90,000
80,000

70,000

60,000
50,000
($)

40,000

30,000

20,000
10,000

0
Male Female

Figure 10: In 2013, the pay gap between male and female workers who possess a
Doctorate in the Science and Engineering field reached a total difference of 35,000
dollars. (National Science Foundation)



3. Participate in female-oriented cyber conferences

Action is being taken by several organizations to increase the number of young girls
pursuing the field of cybersecurity. A prevalent non-profit membership organization called
“Women in CyberSecurity” holds an annual conference each year to bring more young
women into pursuing a career in cybersecurity.

This conference allows young women to connect with female professionals in the
workforce and hear from speakers that are looking to attain more female professionals in
their business. This type of conference is a phenomenal opportunity for cybersecurity
companies to connect with potential employees. As speakers, companies can build trust
with young female professionals and express their want for employing new individuals that
will represent the future of cybersecurity. By companies expressing their need for these
people, young women will see their value in this industry and how their work can create
change in the world.

































THE FOLLOWING STEPS


The idea of creating this state of gender equality in the cybersecurity industry may
sound far-fetched and unnecessary to some information security companies.

But the industry’s rate of gender bias has not improved and it is largely contributing to
the job gap crisis that will increase in the next five years. With this rather short
increment of time, action must be taken immediately.

Women represent untapped potential. They stand for half of the world’s population and
their representation in the cybersecurity industry is critical to closing the expanding
gap that puts the online security of thousands of individuals at risk.

With the provided recommendations, cybersecurity companies now have the essential
information needed to understand the issue, create change in their workplace and
generate strides towards a future that is equal in gender and success.

Now, it is up to them to make the move.














DEFINITIONS

• Cybercrime: The use of a computer as an instrument to further illegal
ends, such as committing fraud, trafficking in child pornography and
intellectual property, stealing identities, or violating privacy.
• Cybersecurity Industry: The business that protects computers,
networks, programs, and data from unauthorized and/or unintended
access.
• Data Breaches: An incident where information is stolen or taken from a
system without the knowledge or authorization of the system’s owner.
• Overt Discrimination: The act of openly and/or actively discriminating
on a prohibited basis
• Tokenism: The practice of doing something such as hiring a person who
belongs to a minority group only to prevent criticism and give the
appearance that people are being treated fairly
• Unconscious Discrimination: A bias that happens automatically, is
outside of our control and is triggered by our brain making quick
judgments and assessments of people and situations, influenced by our
background, cultural environment and personal experiences.













 REFERENCES

Boatwright, K., & CAMS. (2017, May 04). 5 Simple Examples of Fair Lending Discrimination.
Retrieved from https://www.trupointpartners.com/blog/5-simple-examples-of-fair-
lending-discrimination

Dennis, M. A. (2018, March 09). Cybercrime. Retrieved from
https://www.britannica.com/topic/cybercrime

Dragonette, L. (2018, March 10). Cybersecurity. Retrieved from
https://www.investopedia.com/terms/c/cybersecurity.asp

Frost & Sullivan (2015). The 2017 (ISC)2 global information security workforce study. Frost &
Sullivan Retrieved from
https://www.isc2cares.org/uploadedFiles/wwwisc2caresorg/Content/GISWS/
FrostSullivan-(ISC)%C2%B2-Global-Information-Security-Workforce-Study-2015.pdf

Elting, L. (2017, June 14). Why (Exactly) Companies Need To Create Women-Friendly
Workplaces. Retrieved from
https://www.forbes.com/sites/lizelting/2017/06/14/why-exactly-companies-need-
to-create-women-friendly-workplaces/

Identity Theft Resource Center. (2018). Data Breaches. Retrieved from
https://www.idtheftcenter.org/data-breaches/

Keswin, E. (2018, February 02). Intentional Flexibility Keeps Women In The Workforce.
Retrieved from https://www.forbes.com/sites/ericakeswin/2018/01/30/intentional-
flexibility-keeps-women-in-the-workforce/

National Science Foundation, National Center for Science and Engineering Statistics,
WebCASPAR database (2018). Retrieved from https://ncsesdata.nsf.gov/webcaspar/.

Poster, W. R. (2018, March 26). Cybersecurity needs women. Retrieved from
https://www.nature.com/articles/d41586-018-03327-w

Sherrer, K. (2018, February 26). What Is Tokenism, and Why Does It Matter in the Workplace?
Retrieved from https://business.vanderbilt.edu/news/2018/02/26/tokenism-in-the-
workplace/

 Storey, S. (2017, January 15). Unconscious Bias -- Making Millions From Theory. Retrieved
from https://www.huffingtonpost.com/sylvana-storey/unconscious-bias-making-
m_b_8771258.html

Synergy Group. (n.d.). Nature: Cybersecurity needs women. Retrieved from
https://synergygroup-marketing.com/cybersecurity-needs-women/

Trend Micro. (n.d.). Data Breach. Retrieved from
https://www.trendmicro.com/vinfo/us/security/definition/data-breach

Weingarten, E. (2017, March 17). A New Study Suggests the Gender Gap in Cybersecurity Jobs
Isn't Getting Better. The Slate Group LLC. Retrieved from
https://slate.com/technology/2017/03/a-new-study-suggests-the-cybersecurity-
gender-gap-isnt-getting-better.html