By 2022, the marketplace will face a shortfall of nearly 2 million cybersecurity professionals. Unfortunately, this is the conservative estimate; it could be over 3 million unfilled jobs. This is essentially the summation of the continual cybersecurity staffing crisis provoking no end of anxiety among enterprises and cybersecurity professionals alike.
Even with innovations in machine learning, enterprises will still need human intelligence to make sense of their security correlations and alerts. No AI can replace human ability. Compounding the problem, a recent survey by Intel found a skills shortage can make enterprises more vulnerable to cyber-crime and digital damage.
At the same time, female cybersecurity professionals only constitute 11% of the cybersecurity workforce. Most experts believe the two crises are interrelated; excluding female cybersecurity professionals translates into ignoring and neglecting half of the population’s technical talent.
Why should your enterprise hire more female cybersecurity professionals? And how can you retain them?
Stop Dreading Burnout
One of the most notorious problems in cybersecurity staffing is burnout. Information security is one of the most stressful job fields in the current marketplace: it requires 24/7 vigilance and constant investigations into possible security threats and dealing with employee slip-ups and negligence. It’s exhausting work. The high turnover rate is understandable.
However, with the cybersecurity staffing crisis, each burned out employee is its own logistical nightmare. Simply finding another cybersecurity professional is no small feat. Actively seeking out more female cybersecurity professionals can help broaden your search and bring more talent into your enterprise. The more talent at your disposal, the less likely your team will suffer individual burnout as the workload is more equitably distributed. Furthermore, every departure will hurt less with more talent on hand to cushion the blow.
Diverse Professionals Create Comprehensive Solutions
Cybersecurity notably lacks diversity. The homogeneity of cybersecurity professionals is actively detrimental to protecting the decidedly non-homogenous population of your employees and customers. Users can and will act in diverse ways based on any number of factors. If your cybersecurity team is decidedly similar in their backgrounds, they may not recognize the full scope of possible user behaviors and thus not know what to fortify.
Having more diverse voices contributing as you design your enterprise’s cybersecurity platform means having a more accommodating and ultimately more secure solution overall. Having more women is a strong first step to bringing more diverse voices into the process.
Gain New Skills in Your Security Teams
Seeking out female cybersecurity professionals female cybersecurity professionals will help you broaden your understanding of the skills your security team needs to function optimally.
It’s easy to believe your security team only requires technical STEM skills, an academic field with its own diversity problems due to the patriarchal exclusion of women. However, focusing only on technical skills misses out on other vital skills your security team needs; analytic abilities, teamwork, communication, and leadership are all just as important as technical ability. Looking for more diverse professionals can also open you to what can be gleaned from other fields of study.
Security is as much a human problem as it is a technical problem. Don’t neglect the former for the latter.
That’s what female cybersecurity professionals can offer your security team. But what can you offer them? How do you retain female cybersecurity professionals? According to experts and female cybersecurity professionals, it all comes down to your enterprise’s environment.
Stamp Out Sexual Harassment
While sexual harassment in the cybersecurity field hasn’t been formally documented, it’s a well-known problem both at industry conferences and in security team offices in enterprises around the world. Many who suffer don’t come forward for fear reporting harassment will damage their career and invite online harassment. Many fear they won’t be believed at all.
Take a leaf from Jane Frankland’s (founder of the IN Security Movement and Cyber Security Capital Managing Director) book and establish a strong code of conduct in your security team offices. Outline exactly who is the point of contact for harassment complaints, a solid timeline for handling these complaints, and what the consequences are for engaging in harassing behaviors. Make sure employees know what is unacceptable behavior either during or outside work hours, and enforce a zero-tolerance environment for harassment.
Above all, follow up. Words without action are meaningless.
Fair Treatment for Fair Work
It’s a sad fact but true that women are still statistically paid less than their male counterparts in nearly every industry. The pattern holds for cybersecurity as well: female cybersecurity professionals are paid less and promoted less than male cybersecurity professionals.
To create a more accommodating environment for female cybersecurity professionals, make fairness a core value. Stop making excuses for patriarchal practices. Find what’s making your workplace inequitable and correct them.
It All Comes Down to You
The above subtitle might seem aggressive as if we’re placing the entire burden of the patriarchal substructures inherent to cybersecurity on you. But the thing is that it is somewhat on you and your enterprise. We’re all a part of the system, and thus we are all somewhat complicit in perpetuating these problems. Only by deliberate action can we correct the injustices and solve the discrepancies.
Don’t just think of hiring more female cybersecurity professionals as a smart business decision (although it is clearly that as well). Think of it part of your social responsibility as an enterprise. Funnily enough, once your enterprise starts taking social responsibility, you’ll find a new level of success follows.
Latest posts by Ben Canner (see all)
- The Security Threats to IoT Devices: The Basics for Endpoint Security - October 15, 2019
- The Basics of a Virtual Private Network (VPN): Why It Matters to Endpoint Security - October 11, 2019
- Key Findings – The Forrester Wave: Endpoint Security Suites, Q3 2019 - October 8, 2019