Welcome to New America, redesigned for what’s next.

A special message from New America’s CEO and President on our new look.

Read the Note

Close

women in cyber image 2

New Ways to Bring Women Into and Up Through Cybersecurity Careers

Table of Contents

Overview: The State of the Cybersecurity Gender Gap

Though the numbers of women in the cybersecurity1 field are increasing, it is still overwhelmingly male. And this gender disparity is not simply an optics issue. In fact, research suggests that homogeneity in the industry can lead to less innovation as well as to inferior ideas and design. Diversity in cybersecurity contributes to the efficacy of teams and sustainability of solutions, making it both important for national security,2 and a business imperative.3 In short, diversity in the field matters for all of our security—both on and offline.

Beyond the critical importance of diversity in improving security, the sheer number of unfilled jobs presents a very strong case for bringing more people into the talent pool. The latest figures estimate that the United States is facing 313,735 unfilled cybersecurity jobs.4 The cybersecurity community as a whole needs better ways to access and harness untapped talent in order to fill these jobs.

Depending on the source of the data, women make up 11 percent,5 more than 20 percent,6 or 24 percent of the cybersecurity workforce.7 However, overall participation in the field is just part of a complex problem. Women at nearly every level of cybersecurity are paid less than their male counterparts, and 51 percent report that they have experienced discrimination, compared with only 15 percent of men.8

In light of these findings, the community could certainly use ideas to help accelerate progress. The National Initiative for Cybersecurity Education (NICE), led by the National Institute of Standards and Technology (NIST), has recognized this need, and driven by a strategic goal to nurture a diverse learning community in cybersecurity, a partnership was formed with New America. This project, supported by NICE under grant #60NANB18D023, was designed to generate new, implementable solutions by convening a diverse group of experts to consider our central question: How can the cybersecurity community bring more women into and up through careers in cybersecurity?

The project centered on this convening of experts, but it also incorporated a number of written products in addition to this report. Specific ideas and strategies developed in the convening are gathered in a series of one-pagers suggesting concrete steps for different groups within the community. They are available for download along with this report. The project also included a community scan that aggregates many of the resources available on the topic of women in cybersecurity. The scan is available here.

From the Participants

Epstein banner v2

What’s one thing you learned as a result of being part of the convening?

“As a guy in the field, I’m undoubtedly blind to much of what goes on, much of what the problems are, etc. I learned something of the scope of efforts trying to address the myriad challenges, including some that I didn’t even know existed.”

This report serves three purposes. First, it is intended to reflect and describe the discussion that took place.9 As explained below, both space and ease of discussion tightly constrained the number of participants. Practical considerations meant that many valued members of the community and important outside voices were not able to be in the room, but very clearly have a role in carrying the work forward. Thus, this report is an effort to bring these stakeholders up to speed and into the ongoing conversation. Second, the authors recognize that this conversation cannot stand alone; it must be one of many, each generating progress in different ways. For this reason, we have attempted to capture the motivations and implementation plans of the project as a resource to others that may be interested in a similar effort.

The group discussions central to the convening were far ranging and immensely successful at generating ideas. However, as can be the case in the aftermath of a thought-provoking conversation, there is added value in aggregating, organizing, and processing the information surfaced. In turn, the third purpose of this report is to pull together the various strands of thinking, highlight trends, and suggest next steps that members of the community may take to keep the work moving forward.

Citations
  1. For the purposes of this report, “information security” and “cybersecurity” are used interchangeably, with the acknowledgement that different discourse communities within the field often understand them to imply differences. This report endeavors to reflect the conversations and sources cited herein, and so generally has opted to use the same terminology used in those materials, but no particular meaning is intended by the use of one term over the other.
  2. Anne-Marie Slaughter and Elizabeth Weingarten, “The National Security Issue No One Is Talking About,” Time, 12 April 2016, source.
  3. Elizabeth Weingarten and Megan Garcia, Decrypting the Cybersecurity Gender Gap, New America, 17 December 2015, source.
  4. “Cybersecurity Supply and Demand Heat Map,” CyberSeek, source There is nuance in these numbers. The cybersecurity workforce is a complex and adaptive system, and market-driven changes in technology and practice will certainly impact how those numbers grow and change. But whatever the future has in store, the field cannot afford to continue to recruit from a small population, or to create workplace environments that diverse candidates may find repellant. Moreover, these changes create an opportunity to shape the growth of the workforce as it develops into new areas.
  5. 2017 Global Information Security Workforce Study: Women in Cybersecurity, Center for Cyber Safety and Education, (ISC)2, Alta Associates, and Frost and Sullivan, 2017, source
  6. Steve Morgan, "Women Represent 20 Percent Of The Global Cybersecurity Workforce In 2018," Cybersecurity Ventures, 21 July 2018, source
  7. Cybersecurity Professionals Focus on Developing New Skills as Workforce Gap Widens: (ISC)² CYBERSECURITY WORKFORCE STUDY, 2018, (ISC)2, 2018, source The significant jump from 11 percent to 24 percent in the (ISC)2 report between 2017 and 2018 is partly a result of a change in the way that (ISC)2 research started categorizing and counting cybersecurity roles, capturing, this time, a broader, more representative sample. source
    With that said, the research firm Forrester forecasts that the number of women CISOs at fortune 500 companies will climb to 20 percent in 2019, up from 13 percent in 2017, which could support real growth in participation. source
  8. 2017 Global Information Security Workforce Study: Women in Cybersecurity, Center for Cyber Safety and Education, (ISC)2, Alta Associates, and Frost and Sullivan, 2017, source Most of these issues are not unique to cybersecurity. Indeed, our report fits into a much larger national and global conversation grappling with issues of gender equality and inclusion across every industry. This will be a major conversation for years to come, and neither this nor any other single report will address every part of that conversation. Instead, this report is intended to serve a much narrower purpose focused on this project in particular, and for that reason, will certainly leave aspects of many important larger conversations out of the discussion herein.
  9. To foster candid conversation, participants were informed prior to the meeting that this report would not name or quote specific participants unless we obtained their specific permission during the drafting process. Accordingly, all quotes attributed to specific individuals have been approved by those individuals. Appendix 1 does present work product directly from the meeting; however, it was the work of groups of individuals as an outgrowth of discussions in those groups, and should not be read as a quote attributed to any specific individual. Appendix 2 describes the in general terms.

Close

Overview: The State of the Cybersecurity Gender Gap

View as PDF

Table of Contents

Close

New Ways to Bring Women Into and Up Through Cybersecurity Careers