G7 Executive Talk Series

Cybersecurity and Women

Authored by: Heather Stratford

One of Cybersecurity’s Most Alarming Breaches:
A Lack of Women

The world is changing for both men and women and yet women are underrepresented in this critical area of our new economy.

The world is changing at an alarming rate because of rapid advancements in technology. And because technology is so powerful and pervasive, cybersecurity is an essential part of this new world. The world is changing for both men and women and yet women are underrepresented in this critical area of our new economy.

The global economy is struggling under the cost of cybercrime, which reached $450 billion in 2017. Meanwhile, the shortage of trained cybersecurity professionals continues to grow because of increased demand and a skills-gap.

Women are particularly needed in the field of Cybersecurity both from a numbers perspective as well as because of the unique and yet-to-be discovered ways which with they contribute to the industry. Women are needed to help fill the immediate needs, yet the number of women in the field has been shrinking since the 1980’s. This is a worldwide problem. For example, only 6% of women in Japan choose to enter Information and Communication Technologies as a field.

The steady decrease of women in tech fields seems counterintuitive compared to the increasing numbers of women in other highly skilled industries. This is not to say that that other highly skilled professional categories are not experiencing their own challenges. Female surgeons in the United States, for example, represent 19.2% of the overall surgical profession. From 1970 to 2008 the number of women surgeons has only increased by 7%.

Some might find these numbers discouraging and indicative of our lack of progress. However, in the cybersecurity field, even this small percentage would be considered a significant and dramatic improvement.

Currently, women in North America comprise 30% of the total workforce in computer technology. However, like surgeons, the percentage of women as cybersecurity professionals is much lower in comparison to the larger field of technology. Women represent only 11% of cybersecurity professionals worldwide. According to the Global Information Security Workforce Study women in this field represent 7% in Europe, 5% in the Middle East, 8% in Latin America, 9% in Africa, 10% in Asia, and 14% in North America.

These small numbers underline the decrease of women in the computer science field in general. In 1984 about 37% of computer science majors in the U.S. were women. Today that number is around 18%. Since the advent of the personal computer, the number of women in technology has diminished considerably.

The global economy is struggling under the cost of cybercrime, which reached $450 billion in 2017. Meanwhile, the shortage of trained cybersecurity professionals continues to grow because of increased demand and a skills-gap.

These statistics by themselves are eye opening, but in conjunction with other population statistics, they point to a critical situation. In 1984, 37% of computer science majors were women, and a total of 15.7% of the female population of the United States possessed a bachelor’s degree or more. At the same time 22.9% of the U.S. male population had a bachelor’s or postgraduate degree.

In 2017, the statistics changed to 34.6% of women and 33.7% of men having obtained at least a four-year degree. This means that while the numbers of women entering and graduating from higher education increased and eventually outpaced men since 1984, the number of women entering the workforce with a computer science degree declined.

The inverse of this statistic occurred for the male population. The percentage of men in the population with at least a four-year degree did not accelerate at the same pace as women, but the percentage of men in computer science went up.

Leaders in the IT industry, government, and society need to ask the question: why are women not a larger part of the industry and how do we include women in more aspects of cybersecurity, including having them occupy more C-level positions? Each nation has been addressing the lack of women in cybersecurity at different rates. Some more quickly than others.

Women are increasing their representation across many other technical, highly skilled professions. Women outpaced men obtaining law degrees in 2016 and are continuing the trend in 2017. According to the Associationof American Medical Colleges, in 2017 women outnumbered men entering medical school for the first time. And women are excelling in highly technical professional areas.

Why haven’t the numbers for women in technology grown as well?

We can go back in time and look at some factors that may have contributed to the trends.

Computing was not always considered a male domain. Anyone who watched the 2017 Hollywood movie, “Hidden Figures”, understands that before computers, people, and often women did manual calculations. Often called human computers, in the NASA program, women were doing the calculations. Human computing at NASA was heavily weighted toward women because at the time it was considered beneath men.

With so few women in technology there is an obvious lack of women in positions to mentor younger women entering the technology environment.

A turning point in attitude came in the 1980’s when personal computers were first being pushed into the market. Marketing was almost exclusively targeted to men and boys. If you enter “early computer advertising” in any search engine you will find images advertising the manliness of the new computer age. The entrance of the personal computer signals a distinct downturn in the number of women in the computer field.

We see this cultural bias towards computers being a male industry as stated by National Public Radio:

“This idea that computers are for boys became a narrative. It became the story we told ourselves about the computing revolution. It helped define who geeks were, and it created techie culture. Movies like Weird Science, Revenge of the Nerds and War Games all came out in the ‘80s. And the plot summaries are almost interchangeable: awkward geek boy genius uses tech savvy to triumph over adversity and win the girl.”

In the 1990’s a study by Jane Margolis of Carnegie Mellon found that families were more likely to buy personal computers for boys than girls—even if the girls in the family showed interest. Exposure to computers from a young age is a key component of a person’s aptitude for the subject. Introducing girls to technology and computers early and consistently will be a main strategy in closing the gap.

Another study by Jane Margolis states: “Many male students report programming to be a source of extracurricular pleasure, having done it since they were young (38% of the men among our sample, compared to 10% of the women).”

Advertising was targeted at the male demographic whether they were young or old. The original personal computers could do tasks and provide entertainment. They could provide word processing capabilities and data calculations, but more often than not, personal computers were provided as a source of entertainment with programs like “Pong”.

As a result of this initial targeting of males in personal computing, more young men had early experience and access to computers.

One can speculate on the advantages of having early experiences with computers when entering into a course of study for computer science but in the words of an unidentified woman student at Carnegie Mellon: “I’m actually kind of discouraged now. Like I said before, there’s so many other people who know so much more than me, and they’re not even in computer science.

I was talking to this one kid, and…oh my God! He knew more than I do. It was so…humiliating…But I feel like I’ll always be behind, and it’s discouraging.”

With so few women in technology there is an obvious lack of women in positions to mentor younger women entering the technology environment. Women are outnumbered by men at the C-Level or executive level at the rate of 4 to 1 and 9 to 1 at the management level.

According to the Executive Women’s Forum on Information Security, Risk Management & Privacy women are also more likely to experience discrimination. “Fifty-one percent of women in the cybersecurity industry in North America and Latin America have experienced some form of discrimination, compared to only 15 percent of men.”

Though there is considerable speculation about what factors into a woman making the decision to pursue or drop a career in the field of technology and, by extension, cybersecurity; the 1990’s studies by Jane Margolis offers an intriguing possibility.

In the previously mentioned 1990’s study Jane Margolis found that women and men are, in the main part, are attracted to computing for different reasons. Women want to do something with computers. Men want to discover how they work. “Forty-four percent of the women we interviewed, as compared to 9% of the male students, link their interest in computers to other arenas. These women emphasize the importance of having computing and their programs ‘do something’.”

A typical quote from a man might include, “my mother bought me a computer back in Alabama when I was four years old and I have been playing video games on ever since. I often would sit and wonder, how did they do that in the game?”

For women, the attraction to computing and technology is different: “How can it solve a problem?”

A recent article in Nature about women in cybersecurity echoes Margolis’ study in this quote on how women in cybersecurity often feel. “Women in cybersecurity often report working with an ‘old boys club’ of former intelligence and military officers. Job postings call for ‘ninjas’ and ‘cyberwarriors’. The language of cybersecurity reflects this ethos of defending networks against threats from intruders. By contrast, the concept of information security—centered on creating safe, effective systems and protecting humans who use them—describes the job better and is more widely appealing to diverse practitioners, including women.”

This may, in part, explain another statistic. According to the 2017 Women in Cybersecurity Global Information Security Workforce study, “Among women who have advanced to (tech) management roles in organizations, it is not uncommon to see a wide variety of educational backgrounds. This contrasts with men, who overwhelmingly have engineering or computer science backgrounds.”

Many women in areas such as medicine, business, or other fields are motivated to pursue a career in technology by what the computer can “do” to improve, streamline, and enhance the work they are doing. They start at “what can it do” and progress to “how”. In general, men start at “how” and progress to “what”. Neither approach is right or wrong, it is just different. And technology and cybersecurity need both perspectives.

Jane Margolis’s study suggested that the way to get more women into technology was to structure classes with more upfront courses that focused on the context in which the coding would be used.

Current bootcamps and curriculum often start with straight coding classes and progress to putting the coding in context.

Perhaps the same would be effective in motivating, hiring, and retaining women in cybersecurity; by focusing on “creating safe, effective systems and protecting humans who use them.” That is, after all, the very mission of the cybersecurity profession. The largest breach in cybersecurity is the lack of women in the field. This is a global problem that will have global consequences if not addressed and resolved.

Heather Stratford, is CEO and Founder of Stronger International a cybersecurity firm based in the U.S.

E. heather@stronger.tech
W. stronger.tech