Gender Diversity in Cybersecurity Matters to the Business

A recent Gartner survey finds that the cybersecurity skills shortage is now the top organizational concern (63%) when it comes to risks, outweighing increasing privacy regulation and cloud computing concerns, which were the top two risks identified in Gartner’s 3Q18 Emerging Risk Monitor. The survey also shows that not only do many organizations currently have unfilled cybersecurity positions, but for many it takes upwards of six months to fill a security opening. In fact, almost half of organizations surveyed indicate they have experienced security incidents due to lack of security staff or specific skill sets over the past two years.

Understanding the Skills Gap

Understanding the skills gaps, including any misalignments between employers and cybersecurity job seekers, is an important starting point for closing this gap. Repercussions go far beyond simple recruiting or operating inefficiencies. Unclear requirements listed in job postings, failure to carefully asses applications and applicants, and a misunderstanding of the exact skills required for a specific job can lead to hiring individuals unprepared for the job at hand – and exacerbate the challenge they are trying to address. Organizations need to clearly understand and articulate the positions they are seeking to fill. Knowing which skill sets for different security job titles are in highest demand helps hiring managers to define skill priorities and assess which may be most challenging to find in candidates. One particular challenge in this process is an alarmingly high rate of gender bias both in job postings and and application assessment.

Fortinet partnered with Datalere, an organization that specializes in data science, to analyze job ads and resumes across nine different security and network occupations. We wanted to determine what matters most to employers and assess what hard and soft skills are in overabundance versus those that are under-represented by job seekers. The results of that survey, along with other research in this area, are discussed in this piece.

Promising Improvements in Security Workforce Gender Diversity

Recruiting a more diverse cybersecurity team is an often-cited solution by employment champions to address the security skills shortage and skills gap. Widening your search through a proactive diversity action plan can dramatically increase the pool of potential candidates. Indeed, diversity is a top trending topic across industries and occupations, and organizations feel compelled to build and implement strategies to increase the diversity of their teams.

However, gender diversity remains a serious problem in the cybersecurity space, with less than one-quarter of the workforce being comprised of women. This is a reflection of a missed opportunity to fill critical security positions, especially as more women are entering the workforce. The good news is that in the “2019 Women in Cybersecurity” report by (ISC)²more millennial women (45%) than millennial men (33%) responded to the survey, which seems to indicate that the disproportionate men-to-women ratio is beginning to diminish. The survey also revealed that more women (52%) hold a post-graduate degree than men (44%), an indication that workforce skill upgrades are on the horizon, making women more viable candidates for senior cybersecurity positions.

Gender Diversity in Cybersecurity Matters

Fortinet addressed the topic of gender diversity in a recent webinar: “Realizing the Benefits of Gender Diversity in Cybersecurity.” I participated as a panelist alongside Joyce Brocaglia, the CEO and Co-founder of Alta Associates, the Executive Women’s Forum, and BoardSuited.com. The webinar examined key findings from our skills gap report series, as well as data from some of our reports on the state of cybersecurity and different IT, security, and network leadership roles. The webinar also covered the benefits of gender diversity and how women can help fill the security talent shortage and skills gap.

However, based on the results of our analysis, part of the problem is how individuals are being recruited for open cybersecurity positions. A majority of employers are doing a poor job of recruiting women into cybersecurity roles. Our skills gap study found almost twice as many male-gendered terms as it did female-gendered terms in job ads. And job ads that are weighted toward men—intentionally or unintentionally—can drive away women applicants.

Interesentingly, all male teams are the only group in the survey that scored lower on providing better decisions than the average of all teams combined. Additionally, decisions made by gender-diverse teams were better 95% of the time when decision-making was related to financial performance. A second study of VC-funded teams found that women-led organizations bring in 12% higher revenue than male-dominated firms. And finally, in the case of VC firms, those with at least one woman in a leadership role outperform all-male peer organizations by 63%.

Diversity is Good Business

Building a diverse team is important—and not merely from the standpoint of complying with corporate HR objectives or the desire for social responsibility. Data shows that diverse teams produce better business outcomes. Achieving this begins with how organizations search for individuals to fill out their teams, such as matching job requirements and soft skills with qualifications listed in resumes, and using gender-inclusive language. When these and similar standards are adopted, organizations will not only expand their potential recruiting pool, but also ensure a more productive and successful security team and overall organization.

Watch the full  webinar “Realizing the Benefits of Gender Diversity in Cybersecurity”

Learn more about Fortinet’s NSE Institute programs, including the Network Security Expert program, Network Security Academy program and FortiVets program.