This year's International Women's Day theme, #BreakTheBias gives us all an opportunity to examine both our own internal biases and the bias we may experience from others.
The word “bias” means an inclination or prejudice for or against a person or group. Considering both the internal and external areas of bias is important given the complexity of the issues experienced by women entering and working in IT and cybersecurity.
This landscape of issues stretches across areas such as applying for roles and hiring, work performed and tasks given, promotions and opportunities, education and upskilling. Therefore, examining and challenging our own biases is just as important as identifying and challenging them in others.
ISC2's Cybersecurity Workforce Study 2021 outlines some unsurprising statistics regarding women within cybersecurity. On a survey done of those already employed, women employees are less likely to come from technical backgrounds and are significantly more likely to pursue cybersecurity education to land a job.
In addition, the rate at which employers are attracting women from other disciplines who do not necessarily have an IT background is increasing year to year. Still, while these statistics are promising, no IT background means having to self-invest in education through university study or certification pathways.
So, some questions must be asked. If employed women within cybersecurity are more likely to have pursued self-learning, and more women are being sourced without an IT background – why aren't more women seeking certification or university qualifications, and what can we do about it?
Often, the university answer is clear enough. A three-year degree will cost upwards of $24,000, which is a lot of money to spend on something that many of us have been told our whole lives we won't be very good at. According to ISC2's report, three of the top five attributes sought by employers for cybersecurity personnel are non-cyber experience related.
In this situation, we have an opportunity to challenge our own internal bias about what we will and will not be successful at. Regarding the expense, while some universities offer a minimal number of scholarships to women looking to study cybersecurity, the government could work with these organisations to further decrease costs for women to pursue study.
Having a mentor throughout the application process and additional support during study that specifically cater to under-represented groups is likely to be helpful. Seeing is also believing – championing women who have studied these degrees as a way to help others see that they can achieve it too can go a long way to removing bias.
Certification pathways into cybersecurity are somewhat of a minefield. If you're an outsider to the industry looking to break in, choosing the wrong type of certification can be both expensive and a red flag to employers.
Many of the top certifications are very expensive, and traditionally employers pay for these for their staff. This means that most certifications that make you highly employable are out of reach for women, given they don't have organisational support either monetarily or in the form of mentorship from others in their team.
It's very difficult to claim a $3000+ cybersecurity certification cost come tax-time when you're working in a marketing agency but have a love for cyber, and for some, that $3000 is much more than they can afford to spend in the first place.
If our goal is more women in the cybersecurity workforce, but most of those employed there are not from an IT background or have self-funded certifications. In that case, we as an industry have an opportunity.
We can choose to #BreakTheBias of the “women aren't technical” viewpoint and improve gender workplace diversity by looking at ways to decrease, supplement, or support - with scholarships or tax breaks - cost issues from self-funded certification for cybersecurity-related study.
Article by Security Centric head of marketing and sales operations, Jill Taylor.