Women represent more than half of U.S. college graduates, yet they account for only 11% of today’s cybersecurity workforce. That’s even lower than the 26% of IT professionals who are female, according to a report from the ISC Foundation.
Given the rise of cyber attacks, the need for experts in this field is likely to increase. It’s estimated that almost 2 million cybrsecurity professionals will be needed by 2017, and 1.5 million security jobs will be open and unfilled by 2020. More than 200,000 cybersecurity jobs in the U.S. are currently unfilled and postings have gone up 74% over the past five years.
The shortage of women in cybersecurity struck home when I recently attended a conference at New York University’s Polytechnic School of Engineering, held to promote cybersecurity careers among female high school and college students. The young women I met had a passion for computer science, but were discouraged to go into cybersecurity by their friends at school. Their peers didn’t see the mysterious, male-dominated culture of cybersecurity as a place where girls belonged. I told these young women to follow their instincts and not give in to people throwing cold water on their goals.
I have no doubt that such stereotypes are a reason young women are missing out on the huge career opportunity in cybersecurity. That’s especially discouraging because the stereotype just isn’t true. Cybersecurity isn’t just a bunch of caffeinated male hackers hunched over keyboards in dark basements. The field needs a wide range of skills to meet the shifting demands of the modern security landscape
To prevent attacks, security specialists need to be integrated across industries and operations since attacks threaten every layer of business and government, from online purchases, to private health information, to social security numbers and classified secrets. Organizations need ethical hackers, security analysts, product developers, coders, risk consultants, policymakers, systems testers and incident responders. Equally important, security teams need people – including women – with creative problem-solving skills who can drive collaboration and challenge conventional thinking to stay ahead of hackers.
Women can also move into cybersecurity with non-IT skills — something I know first-hand. I practiced law for five years before joining IBM (IBM). As an attorney who worked on contracts, I transitioned to procurement, operations and several other roles. Once I joined the security team, I quickly became hooked on the challenge and pace and picked up skills I had never before tapped.
So how do we bring more women into the field? It starts with exposing them to career options in high school, where cybersecurity is rarely, if ever taught. Companies need to work with universities to build curricula and provide expertise. We also need to mentor young women to open their eyes to options that aren’t on their radar.
Because if we don’t, half the workforce will unintentionally miss out on cybersecurity jobs. The industry needs innovative thinking to stop hackers who are growing more sophisticated and well-organized. At the rate we’re going, we’re leaving a lot of talent behind.
Shelley Westman is the vice president of security initiatives at IBM.