Listen to this article
When it comes to attracting women into cyber security, the sector has a problem: images of men in hoodies sitting in dark rooms staring at screens. “That’s not a compelling career proposition for a young girl,” says Naina Bhattacharya, associate director of cyber security and privacy at Deloitte, the consultancy.
Today, just 11 per cent of cyber security professionals are women. “If you compare that with wider technology, which is at 25 per cent, it’s a very low number,” Ms Bhattacharya says.
This figure has been static since 2013, according to the 2017 Women in Cybersecurity report produced by Frost & Sullivan, the market research company.
To address this, networks have been set up, such as the Women’s Society of Cyberjutsu (WSC) in the US, to provide support and training for women in cyber security.
Deloitte’s Women in Technology network, meanwhile, works with schools, universities and recruiters to encourage women to develop technology careers. At the firm itself, 25 per cent of those working in cyber security at its UK cyber-risk practice are women.
However, if there is to be a greater pipeline of female cyber security professionals, efforts must be targeted at girls. “There’s a lack of awareness at middle and high school,” says Lisa Jiggetts, founder and chief executive of WSC. “That’s such an impressionable age.”
This means launching challenges such as the UK government’s CyberFirst Girls Competition, which targets 12 to 13-year-olds. In the contest, staff from the government’s National Cyber Security Centre and their colleagues at GCHQ, the UK’s eavesdropping agency, set team challenges, with a first prize of £1,000 towards IT equipment for the winning school.
Deloitte, meanwhile, has partnered with CoderDojo, a community of programming clubs for seven to 17-year-olds, and University College London to host a girls-only Dojo. Dojos are events that teach skills such as coding, building a website and creating an app or a game.
As the cyber security industry expands, those who want to see more women enter the sector are trying to get across the message that coding and programming are not the only skills required.
“It’s an entire ecosystem, and when women are coming in, they’re [also] in sales, recruiting, business management and project management,” says Jessica Gulick, chief executive and founder of Katzcy Consulting. “We need to communicate that to women.”
She argues that the innovation and creativity skills that cyber security demands should present an opportunity to recruit more women.
“Cyber security is about people’s behaviours online and how you control that, and there’s a psychology and behavioural side to it,” she says. “We have to break cyber security out of computer science.”
Experts say that competitions and workshops will have little impact, however, if the industry does not address structural barriers. The fragmented nature of the industry does not help.
Cyber security companies tend to be small start-ups, says Ms Gulick. “It’s hard to have more women in small companies because there’s a brotherhood that naturally occurs.”
Hard though it is to persuade women to enter the sector, it is equally difficult to retain them, says Ms Jiggetts. “There are just as many women leaving as there are coming in,” she says.
The male-dominated environment can be off-putting, she adds. “There’s an old-boy culture that women experience. They’re not seeing women in upper management or role model figures.”
This is borne out by data from the Women in Cybersecurity report, which found that, globally, men were four times more likely to hold C-suite and executive-level positions in the sector than women and nine times more likely to hold managerial positions. It also found 51 per cent of women in the cyber security workforce reported having experienced discrimination.
To keep women in cyber security, Ms Jiggets says, they need greater support from sponsors — whether those be men or women — who can mentor, guide and support them in their career.
Of course, given the vast gender imbalance in the sector, it may take more than networks, events and mentoring to make a difference.
Some companies are showing a way forward. Darktrace, a UK cyber security company that is led by a woman, has a 50-50 gender balance, something the company says it achieved by not limiting its hiring to maths and computer science students but looking more broadly at graduates from other disciplines.
The reasons for bringing more women into the sector go beyond establishing a better gender balance. An estimated 3.5m jobs in cyber security will need to be filled by 2021, according to research firm Cybersecurity Ventures.
With the rapid rise of cyber crime, the industry is likely to face increasingly serious skills gaps — gaps that could be filled by women.