Biennial Women in Cybersecurity Report Reveals that Female Representation in Industry Remains Stagnant
Industry Leaders Join Forces to Call for Greater Diversity to Close the Cybersecurity Workforce Gap, Expected to Reach 1.8 Million by 2022
“It’s disappointing to see that the number of women in the cybersecurity workforce continues to remain low,” said David Shearer, CEO, the Center for Cyber Safety and Education and (ISC)²®. “We must encourage young women; help them to see that information security is a challenging, lucrative and exciting career field. We must also promote women into leadership positions, and pay them at levels that are equal to their male counterparts. There is a large shortage of skilled cyber professionals, and women are a valuable resource that can help to bridge that gap.”
“For 15 years the Executive Women’s Forum on Information Security, Risk Management & Privacy has been committed to addressing the very issues highlighted in this report by delivering programs which retain and advance women through education, leadership development and the creation of trusted relationships.” said Lynn Terwoerds, executive director of the Executive Women’s Forum on Information Security, Risk Management & Privacy. “I am so proud to be a co-author of the Women in Cybersecurity report and hope that the results will promote both conversations and actions to advance and retain women in cybersecurity.”
Key takeaways from the Women in Cybersecurity report include:
- Women comprise only 11 percent of the global information security workforce.
- Women have higher levels of education than men, with 51 percent holding a master’s degree or higher, compared to 45 percent of men.
- Fewer women hold positions of authority (director level or above) compared to men.
- Women working in cybersecurity have a more varied educational background than men contributing to the diverse set of skills they can potentially bring to the industry.
- On average, women in the information security industry earn a lower annual salary than their male counterparts.
- Fifty-one percent of women in the cybersecurity industry in North America and Latin America have experienced some form of discrimination, compared to only 15 percent of men.
- Women who have higher levels of access to sponsorship and leadership programs report feeling valued in their role and are more likely to be successful.
The Center for Cyber Safety and Education and the Executive Women’s Forum on Information Security, Risk Management & Privacy have joined forces with several industry leaders to raise awareness of the need for women in cybersecurity. Additional sponsors of the report include: PricewaterhouseCoopers LLC, IBM, Alta Associates, (ISC)² and Veracode. Booz Allen Hamilton sponsored the Global Information Security Workforce Study (GISWS), which provided the data for the report.
“I believe it is imperative for the cybersecurity industry to support and facilitate the recruiting, retaining and promoting of women. Proactively developing this career path will combat gender inequality and prevent further decline in the overall security labor pool,” said Sloane Menkes, PwC principal and global crisis center coordinator. “While there is significant demand for high-skilled workers, there is also a critical pipeline issue of women joining our cybersecurity workforce. Cybersecurity leaders need to commit to reversing this trend – from our universities to our board rooms – before the issue is irreversible.”
“With increasingly sophisticated threats and the demand for security talent soaring, the cybersecurity field is one that absolutely cannot afford to neglect the population of women and the many talents they offer,” said Shamla Naidoo, global chief information security officer, IBM. “The security industry needs the best and brightest to remain ahead in the fight against cybercrime, and creating a workforce with diversity of thought, gender and backgrounds is essential to this goal.”
“As the leading executive search firm specializing in cybersecurity, Alta Associates understands that building world class teams and solving complex cybersecurity challenges requires diversity of thought. That’s why we are proud to report that in 2016 Alta filled nearly 30 percent of its cybersecurity searches with qualified women executives.” said Joyce Brocaglia, CEO of Alta Associates and founder of the Executive Women’s Forum on Information Security Risk Management & Privacy. “I am proud to co-author this important report in hopes that it both educates and inspires action to improve the representation and advancement of women in cybersecurity.”
“The Women in Cybersecurity report found that 52 percent of millennial women have a computer science degree, yet the number of women in the cybersecurity workforce has remained stagnant for the last two years,” said Sam King, chief strategy officer, Veracode. “We are already facing a significant skills gap in cybersecurity with positions going unfilled. If we continue on this track, we will be unable to secure the digital economy. We need to examine why it is that the next generation of workers is not pursuing careers in cybersecurity, but especially women. In addition to focusing on cybersecurity education at the university level, creating programs aimed at high school and middle school students will help to create enthusiasm for this industry.”
“Mature cyber security teams require a mix of skills and diversity of thought – you must foster teamwork that’s inclusive and integrates multi-disciplinary and diverse perspectives” said Angela Messer, a Booz Allen executive vice president, and leader of the firm’s Cyber innovation business and cyber talent development champion. “An overreliance on any one background or perspective leaves an organization vulnerable to adversaries and threats that rapidly change – only diverse, multidisciplinary teams can rapidly respond and problem solve on the next challenge. It’s also a security imperative that our industry broaden access to talent by becoming better at attracting, retaining and empowering female cyber warriors.”
The largest study of the information security profession ever conducted, the 2017 GISWS took place June-September 2016 through a web-based survey. Over 19,000 information security professionals from 170 nations responded. Since its first release in 2004, the study gauges the opinions of information security professionals, and provides detailed insight into important trends and opportunities within the profession. It aims to provide a clear understanding of pay scales, skills gaps, training requirements, corporate hiring practices, security budgets, career progression and corporate attitudes toward information security that is of use to companies, hiring managers and industry professionals.
The full 2017 Women in Cybersecurity report can be downloaded here: www.iamcybersafe.org/gisws.
About the Center for Cyber Safety and Education’s Global Information Security Workforce Study
The Women in Cybersecurity report is the second release of data from the 2017 Global Information Security Workforce Study. The first data set, released in February 2017, was the Millennials – the Next Generation of Information Security Workers. This is a new format for the biennial study, and The Center will release several additional reports throughout the year with new, previously unpublished information and insights about the global information security workforce.
About the Center for Cyber Safety and Education
The Center for Cyber Safety and Education (Center), formerly (ISC)² Foundation, is a nonprofit charitable trust committed to making the cyber world a safer place for everyone. The Center works to ensure that people across the globe have a positive and safe experience online through their educational programs, scholarships and research. Visit www.iamcybersafe.org.
About the Executive Women’s Forum on Information Security, Risk Management & Privacy
Founded in 2002, the Executive Women’s Forum on Information Security, Risk Management & Privacy (EWF) is the largest member organization dedicated to engaging, advancing and developing women leaders in Cybersecurity, IT Risk Management, Governance Risk & Compliance and Privacy. The EWF serves emerging leaders as well as the most prominent and influential women in our field by facilitating programs and events throughout the year including a National Conference, regional meetings, leadership development and mentorship programs as well as interactions with global thought leaders through an online community. For more information visit, www.ewf-usa.com.
(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world. Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)2 offers a portfolio of credentials that are part of a holistic, programmatic approach to security. Our membership, over 123,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry. Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and EducationTM. For more information on (ISC)², visit www.isc2.org, follow us on Twitter or connect with us on Facebook.
© 2017 (ISC)² Inc., (ISC)², CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP, CCFP, ISSAP, ISSEP, ISSMP and CBK are registered marks, of (ISC)², Inc.
About PricewaterhouseCoopers LLC, Delaware/USA
At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 223,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting us at www.pwc.com.
PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. © 2017 PwC. All rights reserved.
About IBM Security
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force® research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world’s broadest security research, development and delivery organizations, monitors 35 billion security events per day in more than 130 countries, and holds more than 3,000 security patents. For more information, please visit www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM Security Intelligence blog.
About Alta Associates, Inc.
Alta Associates is the most prominent executive search firm specializing in Cybersecurity and IT Risk Management. Alta, ranked one of the top 40 executive search firms in the US, has an unprecedented track record of placing CISO’s and building world class Cybersecurity, Information Security and IT Risk organizations.
Alta Associates is a certified woman owned business, with a seasoned team of specialized recruiters who have trusted relationships with the most sought after cybersecurity experts in the US. Most importantly, Alta is committed to providing its clients with executives representing diversity of thought. For more information visit, www.altaassociates.com or call 908-806-8442
Veracode is a leader in securing web, mobile and third-party applications for the world’s largest global enterprises. By enabling organizations to rapidly identify and remediate application-layer threats before cyberattackers can exploit them, Veracode helps enterprises speed their innovations to market – without compromising security.
Veracode’s powerful cloud-based platform, deep security expertise and systematic, policy-based approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.
Veracode serves hundreds of customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks and more than 20 of Forbes’ 100 Most Valuable Brands. Learn more at www.veracode.com, on the Veracode blog and on Twitter.
Copyright © 2006-2017 Veracode, Inc. All Rights Reserved. All other brand names, product names, or trademarks belong to their respective holders.
Manager of Corporate Communications
Executive Women’s Forum on Information Security, Risk Management & Privacy
Director, Public Relations Advisory Leader
IBM Media Relations
Alta Associates, Inc
Global PR/AR Manager