Difficult: Attracting Women To Cybersecurity

Uploaded on 2016-10-04 in JOBS-Careers, FREE TO VIEW, NEWS-Cybersecurity News

Cybersecurity is a male-dominated field. Women make up only 10% of the global cybersecurity workforce. The field is missing out on a lot of capable people and women are missing out on an interesting, well-paid career path. There have been numerous initiatives trying to change the situation, but fighting existing stereotypes has proven to be hard.

The underlying problem: society still views technology as a ‘boy thing’. Boys are the inventors, the hackers, the tinkerers. We don’t expect girls to have the same interest in building the cool stuff. They are expected to be better at soft skills like empathy, talking and feelings.

These expectations still drive girls toward people-focused careers and away from science and technology, despite all efforts. Or perhaps, ‘despite’ isn’t the right word here…

Don’t Focus Tech

There are several articles that aim to get girls interested in a career in cybersecurity. But even those articles can’t avoid that tech-avoidant girly girl stereotype from popping up from time to time.

It is very telling that the tech part is often assumed to be the ‘bad’ part. It is the part that needs to be sugarcoated somehow. Yes, it is somewhat reluctantly admitted that the field has its roots in technology. But these roots are to blame for the field’s poor reputation. The articles try to lure attention away from this ‘bad’ part by repeating over and over again that the field is so much more than ‘just tech’.

They keep going on about how the field needs to broaden its definition beyond the technical domain and that it is such a misconception to think that cybersecurity is only about keeping information and computers safe. Girls shouldn’t think that the domain is highly technically focused. They must know that cybersecurity is so much more than ‘hacking and passwords’. It is a multidisciplinary field, and if you don’t like tech, there are plenty of non-technical areas to go into as well! And don’t worry; you don’t really need a technical background or technical skills to get a job in cybersecurity.

Looking for tech skills and technical qualifications in cyber candidates is condemned as a bad practice. It ’puts women off’ and even ‘naturally excludes’ them. Girls and tech don’t mix very well, apparently.

Female Skills Wanted

Next to the assumption that you’ll have to downplay the tech part in a career in order to sell it to women, there is the assumption that women will be naturally attracted by the ‘people part’. This is the part that gets advertised as a strong selling point.

These articles point out how professionals in cybersecurity have to deal with all kinds of different people. They argue how important it is to know a thing or two about business and organisational psychology. They stress the field’s connection with fields like behavioral science and politics. And they discuss the need for people who can serve as translators and bridge-builders. That’s where the girls come in, with their naturally superior soft skills as ‘strong communicators and collaborators’.

This is not to downplay the importance of the ‘people part’ in cybersecurity. It is just as important as the tech part. But it is very typical that in articles aimed at women, it’s this people part that gets emphasized over the tech part. This echoes existing stereotypes of tech-avoidant people-oriented females versus technical, tinkering males.

A lot of the opinions expressed in those articles come from women in cybersecurity themselves. But women can have gender prejudices too. These societal expectations are deeply ingrained in us all. And as this blog post shows, it is hard to fight them, even with the best of intentions.

In The Real World

But what if the writers of those articles have intentionally sugarcoated the tech bits? What if they know that that is the only way to get their message across? What if too much talk about tech really does scare the girls away?

The people interviewed in those articles have years of experience as an expert in the field. If there is anybody who knows what works and what doesn’t, it’s them. And probably, they’re right. Emphasizing all the different and interesting social aspects of the field is more likely to draw girls’ attention than talking about technical challenges.

But this preference is, for a large part, the result of the subtle (and not so subtle) messages society keeps sending to girls: You’re a helper, not a tinkerer. A message this kind of article keeps reinforcing.

As long as this keeps happening, things are not going to get any better. If girls keep seeing themselves as non-tech people persons first, they are less likely to choose a career in cybersecurity. Cybersecurity might be broad and multidisciplinary, but it is still a tech field. You work with tech people and you get to deal with tech-related issues. Why go into a tech field when your natural talents lie in an entirely different domain? Not even cybersecurity’s bright career prospects seem enough to change women’s minds about this.

If the field really wants to get more diverse, playing into existing preferences (and reinforcing them) isn’t enough. It’s those preferences themselves that need to be changed. Of course, that is going to be a hell of a job. But unfortunately, no one said that changing the world was going to be easy…

What do you think? Is it realistic to expect those preferences to change anytime soon? Or should the cybersecurity field accept gender preferences as they are today and play into those preferences in order to attract a more diverse workforce?

Medium:      Women In Cybersecurity:


 

« State Sponsored Hackers: Finding The Country Behind The Attack
Cybersecurity Start-Ups Working With GCHQ »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

AFCERT

AFCERT

AFCERT is the national Computer Emergency Response Team for Afghanistan.

Cyberbit

Cyberbit

Cyberbit empowers cybersecurity teams to be fully prepared with a product portfolio ready to detect and respond effectively across both IT and OT networks.

Sabasai

Sabasai

Sabasai specialises in all aspects of insider threat management from training and education to building security frameworks and insider threat programs to on-site risk & vulnerability assessments.

ICTSecurity Portal

ICTSecurity Portal

The ICTSecurity Portal is an interministerial initiative in cooperation with the Austrian economy and acts as a central internet portal for topics related to security in the digital world.

Government Communications Security Bureau (GCSB)

Government Communications Security Bureau (GCSB)

GCSB contributes to New Zealand’s national security by providing information assurance and cyber security to the New Zealand Government and critical infrastructure organisations.

Oznet Cyber Security

Oznet Cyber Security

Oznet Cyber Security is dedicated to offering integral solutions oriented to the support and security of information.

Inavate Consulting

Inavate Consulting

Inavate Consulting are experts in defining and implementing information assurance solutions and governance frameworks. Our ISO27001 consultants are the most experienced in the industry.

Techleap.nl

Techleap.nl

Techleap.nl is a non-profit publicly funded organisation helping to quantify and accelerate the tech ecosystem of the Netherlands.

Inspira Enterprise

Inspira Enterprise

Inspira Enterprise is a leading digital transformation company with expertise in Cyber Security, Internet of Things (IOT), Blockchain, Big Data & Analytics, Intelligent Automation and Cloud Computing.

LOGbinder

LOGbinder

LOGbinder eliminates blind spots in security intelligence for endpoints and applications.

Techstep

Techstep

Techstep is a complete mobile technology enabler, making positive changes to the world of work; freeing people to work more effectively, securely and sustainably.

Wadilona Cyber Securities

Wadilona Cyber Securities

Wadilona Cyber Securities' sole aim is to bring and secure Information and Communications Technology (ICT) to and work for humans in its simplest terms.

HaystackID

HaystackID

HaystackID provides industry-leading computer forensics, eDiscovery, and attorney document review experts to help with complex, data-intensive investigations and litigation.

Omnex

Omnex

Omnex provides consulting and training services in Quality, Environmental, and Health and Safety standards-based management systems including Automotive Cybersecurity.

Nothreat

Nothreat

Nothreat has revolutionized how businesses like yours protect themselves from damaging cyber attacks. Our tech learns and adapts in real time, protecting clients from even zero-day attacks.

Metrodata Group

Metrodata Group

PT. Metrodata Electronics, known as Metrodata Group, is the leading information communication technology company in Indonesia.