SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
IWD 2023: Why Women Are the Answer to Cybersecurity’s Talent Shortage
Wed, 8th Mar 2023
FYI, this story is more than a year old

The cyber threat landscape is not slowing down. Its growth and complexity have only increased over the years, with new technology advancements arriving at speed and geopolitical pressures complicating matters further. Together, these factors and others present a critical need for cybersecurity professionals everywhere. However, the cybersecurity workforce gap stands at 3.4 million people globally, out of which the Asia Pacific region has the greatest unfilled demand, standing at 2.2 million people. To say this lack of skilled and competent talent is worrisome is an understatement, especially amidst reports of the region facing the brunt of cyberattacks in 2022. 

A good way to minimize this skills gap is to do more to attract, recruit and retain more female talent. Beyond addressing overall personnel resourcing challenges, doing so can dispel the misconception that cybersecurity is a profession only for men and ultimately encourage increased diversity and inclusion. 

Despite progress made in bringing more women into the industry over the last few years, they still only make up 25% of the global cybersecurity workforce. In some parts of the world, these numbers are much lower. Women also leave the cyber profession at higher rates than men, pointing to a lack of equity and support within the sector.

Why diversity and equal access matters in cybersecurity

The cybersecurity sector has been historically dominated by men, particularly those from Caucasian and Asian backgrounds. Even now, the "tech bro" stereotype persists in the industry, with the image of a hooded male hunched over his laptop remaining a common perception of the typical cybersecurity employee.

As the saying goes, seeing is believing. People often lack a sense of belonging when they are the only woman, person of colour, or minority in the room. Organizations that focus on hiring and creating space for diverse individuals throughout their teams will be more successful in recruiting and retaining talents. An organization's diversity inspires existing and prospective employees to pursue opportunities within, and when there's clear access to diverse leaders and a culture of inclusion, it makes a positive difference.

Besides focusing on incorporating a diverse range of perspectives within the cybersecurity sector, organizations also need to rethink how and who they are hiring. 

Looking beyond technical skills will be crucial to fill vacant positions and closing the workforce gap. Technical skills and knowledge are highly important, but they can be addressed with on-the-job training. Hiring managers should focus on looking out for candidates who have critical non-technical skills and personality attributes that result in successful cybersecurity careers. Consider areas such as analytical and critical thinking, problem-solving, leadership and communication skills, and an aptitude for collaboration. For example, over 48% of hiring managers in Asia Pacific pointed to teamwork as an ability they look out for in prospective candidates. More than half of them would hire a candidate who is self-taught in cybersecurity despite having no formal work experience.

Enhancing Diversity, Equity, and Inclusion (DEI) Programs

The good news is that many organizations have demonstrated commitment to delivering positive change and have made strides to implement diversity programs and initiatives within the cybersecurity profession. However, more can and should be done to increase the variety of voices at the table. 

Commitment from the leadership team is key to ensuring that DEI programs are successful. Creating an inclusive culture begins with management reaching out to their employees. Employers who eliminate gatekeeping and foster dialogue between employees across various backgrounds and demographics experience lower employee turnover. When all voices are heard, the playing field becomes more level. It's also important to look at equity gaps across all areas of the workplace, such as pay, gender, advancement processes and even relationships. 

Eliminating these inequities will result in a giant leap forward in retaining cybersecurity talent regardless of demographics and background. Many women and individuals from underrepresented communities often leave jobs due to what they feel is "unconscious bias [that] show up in practices such as ... career progression opportunities." Organizations need to proactively address such biases and invest in resources that create inclusive environments. Ensuring fair performance reviews, competitive pay to male counterparts and access to mentorship and training provide motivating factors to retain women in the cyber workforce.

Creating lasting change

Diversity is vital to the growth and success of cybersecurity. We need to bring problem solvers, analytical and critical thinkers, and a variety of other skill sets and backgrounds to the table to solve our challenges and secure information and systems globally. I truly believe that bringing more voices to the table will be key to better addressing existing problems, strengthening professional competencies and creating lasting change.