Cybersecurity needs a new gender playbook

In a recent Wall Street Journal article exploring new research from LeanIn.org, Dominic Barton of McKinsey & Co. discusses why corporate America needs a new gender playbook. Barton makes a number of points that reflect the experience of most women in the workplace.  

For example, although management and the media have given gender equality a lot of attention, corporate America promotes men at 30 percent higher rates than women during the early stages of their careers and entry-level women are significantly more likely than men to spend five or more years in the same role.

The problems women experience in the workplace are even more pronounced in technology and the specialized world of cybersecurity. Even if management says all the right things, nothing will change for women in security unless these ideas are translated into day-to-day action.

[ ALSO ON CSO: 10 tips to attract women to infosec jobs ]

I have certainly experienced the gender gap firsthand as a woman in technology and security. I’ve often been the “second choice.” At one point in my career, a job opened up that was exactly what I was already doing. At my manager’s request, I wrote a job description for the position, only to find out at a company all-hands meeting that I was not offered the job – a man was. Afterward, when I asked my boss what happened, he said simply, “women shouldn’t climb under desks to fix computers.” Instead of being discouraged, this made me even more determined to succeed – it really fired me up.

Although that was some time ago, things haven’t changed all that much for women. The data gathered by LeanIn.org and McKinsey further highlight the problems. According to the study, fewer than half of all women feel their employers have a good handle on gender diversity and this percentage is even lower for women in entry-level positions. If your IT organization has said it’s committed to gender diversity, what specific actions are they taking to back up these words?

• Does your organization have a mentor program for women interested in developing a career in security?

• What specific actions is your organization taking to make sure that women in security have access to the opportunities they need to develop their careers?

If the answer to either of these questions is filled with vague, non-specific words about gender equality, then your organization has some work to do.

Over 90 percent of companies report using “clear, objective criteria” for hiring and promotions, yet only half of women believe they have equal opportunities for growth at their companies. Without bridging the gap between corporate intent and individual experience, no organization can break through the gender barriers that women face.

Finally, women are more comfortable when they have female role models. Women need more than gender equality statements from HR. They need to see, with their own eyes, that it is possible for women to be successful in the organization they are working for right now, today, and a mentor to show them how it’s done.

Think about your organization. Are there any female role models in senior management? Are there any in IT? In the security organization? How can you expect women to believe that your organization is serious about hiring and promoting women if they can’t see evidence of that in action around them?

This issue comes to life every day in security organizations because it’s very uncommon to see anyone address gender bias in day-to-day business. For example, it’s extremely rare to see front line security managers rewarded for making progress against gender diversity goals. It may even be that because of the lack of skilled cyber security personnel, organizations have thrown gender diversity goals out the window.

But, I would argue that the lack of skilled personnel is the reason that organizations need to get serious about gender diversity. Women bring different skills to the workplace. They are more collaborative and they see and solve problems differently than men. These strengths are worth the investments needed to make cyber security a viable career for women. We just need to take the practical steps necessary to make it possible.

Cheers!

Tammy