To dive deeper into the subject of lack of women representation, Kaspersky Labs and Arlington Research conducted an online survey, titled “Beyond 11%.” This was to address the stagnant representation of women of 11% in between 2013 and 2017. According to the study, “A surprisingly high percent (72%) of respondents to our survey, both male and female, had already decided on their future career paths, with female respondents being slightly more likely to have decided than their male counterparts (74% vs. 71%).” The average age at which young women have decided on their future career is fifteen years and ten months, and those that haven’t decided by this time expect to have made a decision by the age of twenty-one and nine months, making it very difficult for cybersecurity firms to influence their choices after this point,” the study revealed. In 2010, even though 57% of undergraduate degree recipients were female, only 14% of them pursued majors in the same field. The study highlighted the fact that a lack of interest in the space of cybersecurity traces back to school.
To gain an insight on the lack of women representation, CISO MAG gauged a few women security influencers to understand the cause of this alarming trend. This article is part of a series of interviews from women cybersecurity experts who shed light representation of women in cybersecurity.
1Kavya Pearlman, Founder and CEO of XR Safety Initiative:
“Oftentimes, it goes back to early education. There lies an opportunity to direct female students to choose technical education and building the soft skills necessary for the STEM career paths. We need to build a more robust pipeline for cyber talent. Schools should follow programs and frameworks such as U.S. cyber challenge, National Initiative for Cybersecurity Education (NICE), K-12 cybersecurity framework that offer a set of best practices that help providers of cybersecurity education and training in the United States better prepare their students to enter the cybersecurity workforce and help employers to manage workforce shortages and recruit the talent needed to secure their systems. Privately organized Capture the Flag (CTFs) are also a great way to cultivate interest and desire to learn within young students.
“School must also be considered a potential boost for a cultural change in the way cybersecurity careers are seen. Despite the fact that women are more likely to enroll in university than men, tech jobs are still facing high levels of gender inequality. This will take time, but it’s crucial to use the aforementioned tools to mark a deeper transformation. In a way, given that some cultural constructs follow the society, this will naturally happen as demography is already making the world more diverse. The educational system plays a decisive role in making the change faster.”
2Lekshmi Nair, Senior Managing Consultant and Route to Market Leader- IBM Security, APAC & EMEA:
Cybersecurity is not “the” default career option for anyone even now. However, with the technology landscape evolving some of the industry data predicts 22M+ unfilled cybersecurity jobs by 2022, yet there are fewer takers for these jobs. While I agree this is something to be addressed at the school level, I see a fundamental problem in the way we currently present the cybersecurity career to the students. Many of the cybersecurity jobs today are shown as the job of ethical hackers or penetration testers, which gives the perception that this is highly technical. On the contrary, Cybersecurity needs diverse skills:
- Technical skills: Penetration testing, vulnerability assessments, encryption, secure coding, etc.
- Consulting and communication skills: Program management, operations, awareness, risk assessments, compliance, regulatory, etc.
- Analytical skills: We need good analysts who can monitor the security alerts and derive the right inferences out of it by relating to the threat vectors and likelihood of occurrence.
- Industry knowledge: Security is intervened in the fabric of the business. So, we need people who understand the business to translate business risks to security risks and business needs to security opportunities.
So, we need to educate school and college kids to understand that security is really about the proactive thought process, thinking based around risks, based around budgets and making better business decisions around risk. Technology is just one of the skills needed. This messaging will help us to take security jobs beyond STEM to areas such as law, HR, auditing and even psychology.
Early last year, IBM announced significant collaborations across India to advance the skills and careers of more than 200,000 (2 lakh) female students in Science, Technology, Engineering and Math (STEM) fields. The STEM for Girls program is a 3-year program launched across 10 states in India to cover 200,000 girls and 100,000 boys focused in Tier 2 and Tier 3 cities to enable girls with 21st-century skills. 80% of the jobs of the future are going to have elements of STEM in them and this program would help the kids of today, prepare for the jobs of tomorrow.
Further, IBM has partnered with two National Implementation Partners, Quest Alliance and American India Foundation Trust who then take this STEM curriculum into the hundreds of schools across these states. Since the launch of the program, over 69,000 girls have been on-boarded to the program in 6 states with the remaining 4 states starting this program before May 2020. We have also onboarded over 38000 boys in these six states who are currently in the program. As of date, the program is running in 714 schools across six states and 80 districts.
3Vandana Verma, Global Board of Directors at OWASP Foundation & InfoSecGirls:
“I would definitely second that the disparity traces its roots back to school. I have often heard people preaching that “Tech is for men and kitchen is for women”. On the contrary, I have witnessed some unparalleled men in the baking business and women in the tech space. It has nothing to do with gender. It is not just women but everyone in general who needs to be enlightened. Not much has been done about educating students about cybersecurity. I believe there has to be a separate program for bringing up cybersecurity awareness amongst the kids. The pros and cons of cyberspace need to be assimilated deep down into their roots right from the start. This is how we can make a change and our nation cybersafe. One more approach other than the awareness programs would be giving them exposure to unmediated scenarios in the form of game or challenges. This will catch their attention and make them brainstorm about the importance of security of their device and their data. This is how they would use their gadgets in a safe manner.”