• United States




What is key to improving the ratio of women in cybersecurity?

Mar 16, 20174 mins

The biennial (ISC)2 report shows that the percentage of women in cybersecurity remains unchanged.

wanted women cios
Credit: Thinkstock

With all the other drama going on in the world at this moment, the arrival of a regularly scheduled report on the percentage of women in cybersecurity is perhaps one not many people are eagerly waiting to read. This is doubly true, given that the essence of the report is that the percentage has not changed in the last four years. Nevertheless, this year’s biennial Women in Cybersecurity report from (ISC)2 is full of important information for those employers who seek to fill security positions.

Education differences

It is perhaps no surprise, given that computer science is a relatively new course of study, that computer science degrees are becoming more common among security professionals. More Millennials are coming into security positions with computer science degrees, including 52 percent of women younger than the age of 29. More than half of women of any age who enter computer security have a Master’s Degree, compared with 45 percent of men entering the industry.

But of those who had undergraduate degrees, 48 percent of men and 42 percent of women majored in computer science. Things were much the same for those with engineering majors: men held 22 percent of these degrees compared with 14 percent held by women.

Pay and promotion gap

The results shown in the (ISC)2 report for pay gaps and promotion potential are a mixed bag. Women in security positions are more likely to hold non-managerial roles: Men are four times more likely to hold C-level positions, four times more likely to be in executive management positions and nine times more likely to occupy a managerial role. But for those women who attain upper level management positions, the pay gap is actually closing: it’s down from $6,020 in 2015 to $4,540 in 2017. For women in non-managerial roles, the gap has unfortunately widened from $4,310 in 2015 to $5,000 in 2017.

Of those women who have achieved a managerial or executive role, a significant percentage report having experienced discrimination based on their ethnicity, gender, or cultural group. While the percentage of women in cybersecurity at all levels who have experienced discrimination is 51 percent, at each rung of the career ladder that number increases: 57 percent of female middle managers/directors have experienced discrimination, as have 65 percent of executives and 67 percent of C-level executives.

Support and sponsorship

The picture that these statistics paint is not exactly a cheery one. But within these dark clouds there is a clear answer for how to improve this situation. A large proportion of women who feel valued within their organization say that they’ve benefited from sponsorship or have received non-technical skill development or leadership training.

In order to meet the world’s ever-growing need for security talent, we need to include a lot more women in this industry, but to do so we can’t continue doing what we’ve always done.

More and more studies show that we need to introduce girls to technical subjects and careers from an early age, giving them hands-on and real-world experience. According to a survey by CompTIA, 69 percent of girls who haven’t considered a tech career attribute their disinterest to a lack of information about what tech jobs entail. They need to see other females who are interested in technical subjects and who have succeeded in technical, managerial and executive roles. Once they’re in the industry, a support network comprised of peers and higher-level sponsorship can help keep them within the industry and progressing in their careers.

It’s not that women are eschewing all STEM (Science, Technology, Engineering and Mathematics) disciplines. On the whole, women are now earning almost half of the undergraduate degrees awarded in science and mathematics. Higher education institutions around the US have made changes to create more inclusive and supportive computer science and engineering programs, and as a result they have seen truly astounding increases in the number of women choosing computer science and engineering majors. Change is certainly possible, but the security industry will need to plead our case effectively, if we are to woo those graduates who might otherwise choose other technology disciplines.

The lack of women in security represents a huge lost opportunity to mitigate a significant information security skills gap. A dearth of visibility plus a lack of opportunities for advancement are creating a weak and leaky pipeline. What we need at all levels is more support and sponsorship. Because there are so few women currently available to provide this, we must also use proven, positive techniques to encourage men to get involved in inclusive training, mentoring and recruitment efforts.

Add your comments to our Facebook page.


Lysa Myers began her tenure in malware research labs in the weeks before the Melissa virus outbreak in 1999. She has watched both the malware landscape and the security technologies used to prevent threats from growing and changing dramatically. Because keeping up with all this change can be difficult for even the most tech-savvy users, she enjoys explaining security issues in an approachable manner for companies and consumers alike. Over the years, Myers has worked both within antivirus research labs, finding and analyzing new malware, and within the third-party testing industry to evaluate the effectiveness of security products. As a security researcher for ESET, she focuses on providing practical analysis and advice of security trends and events.

The opinions expressed in this blog are those of Lysa Myers and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.