Exploring the Benefits of Gender Diversity in Cybersecurity

Research shows more diverse teams are higher performing when compared to homogenous teams. Yet today, only 11% of cybersecurity professionals are women. This gender discrepancy, coupled with the cybersecurity skills shortage, offers women a valuable career opportunity, and gives organizations a means for filling the skills gap that currently plagues the industry.

The already problematic shortage of cybersecurity workers and security skillsets is forecasted to get worse, with 51% of the 3.5 million security job openings predicted to be unfilled in the year 2021. However, the cybersecurity skills gap and the skill shortage can be partially addressed by building more gender-inclusive teams. The recruitment and inclusion of more women in the space will not only fill some of these gaps, but research shows this will simultaneously create higher performing organizations.

Fortinet recently conducted a webinar entitled “Realizing the Benefits of Gender Diversity in Cybersecurity” to explore this topic. This analytical webinar featured two of the industry’s most highly-qualified leaders, Joyce Brocaglia and Renee Tarun.

Joyce Brocaglia, is the CEO and founder of Alta Associates a leading executive search firm specializing in cybersecurity and the founder and president of the Executive Women's Forum the largest member organization for women in Cybersecurity, IT Risk, & Privacy. She has over three decades of experience as a career advisor and women's advocate in the IT and security space. Renee Tarun serves as the VP of Information Security at Fortinet. Before joining Fortinet, Renee spent more than 20 years with the U.S. Government and served as the Director of the National Security Agency's Cyber Task Force. Currently, Renee oversees security compliance and governance, enterprise security, and product security at Fortinet.

In addition to Renee and Joyce’s own professional experiences, our discussion also addressed some of the findings from Fortinet’s recent cybersecurity skills gap assessment series on the gender gap, along with some additional external research. Utilizing these key findings and discussion points, this conversation focused on why diversity delivers business advantages and how female cybersecurity professionals can advance their careers.

Defining the Problem

Research shows that while women represent close to 50% of the overall population and global workforce, only 11% of the cybersecurity workforce is comprised of women. Even more alarming is the fact that men are:

  • 4x more likely to hold executive roles than their female counterparts
  • 9x more likely to hold managerial roles than women
  • Paid 6% more than women
  • Experience 240% less discriminatory treatment than females
The glaring question facing our industry is, why?

The truth is, gender bias is a prominent issue in the cybersecurity workforce. According to Joyce Brocaglia, there are many women currently in the cybersecurity space (and outside of the space) that are opting out of certain roles due to a perfect storm of unconscious (and sometimes conscious) bias, resulting in women being underrepresented—especially when they represent a dual or multiple minority, such as being a woman of color.

To combat this issue, companies must stop siloing talent and start changing the way they look at skills in the hiring and promotion processes. A renewed focus on minimizing biases to better engage and retain the talent already present within their organizations will allow organizations to prosper in ways not possible otherwise.

How Women Can Help Fill the Cybersecurity Skills Gap

In our project with Datalere, we used natural language processing and ingested thousands of job ads—and resumes—for job types ranging from Incident Response Specialist to CISO. In looking at these job ads and resume structures, we analyzed the presence of hard and soft skills as well as a range of demographics, including job hopping, tenure, and gender diversity. From there, we broke soft skills down into four quadrants in order to conduct a deeper analysis of role requirements and the individuals that meet them.

The four quadrants include:

  • Leadership
  • Interpersonal/Communications
  • Analytical
  • Personal Characteristics
Of the top 20 skills employers list as a requirement in their job descriptions for CISO placements, 17 are considered soft skills.

Further, resume analytics reveal that women bring broader skill diversity to cybersecurity roles. For example, women cite more soft skills across all four quadrants, and do so more often than men. Research shows these soft skills are key differentiators for leaders in the space. Female job seekers cite:

  • 52.5% more soft skills across all four quadrants
  • Analytical skills 150% more often
  • 46% more skills in the leadership quadrant in resumes.
Based on this analysis, women across industries are clearly highly qualified to fill open roles in the cybersecurity industry, especially as they not only bring experience and technical skills to the table, but those essential soft skills that make teams more diverse, and in turn, more productive. To better capitalize on the value these women possess, our research shows that organizations should pay more attention to soft skills when reviewing candidates in order to generate more gender diversity and thereby increase business success.

That success can be specifically identified and quantified. According to Fortinet research, for example, gender-diverse teams make better decisions 73% of the time versus 58% of the time for all-male teams. Venture capitalist (VC) funded, women-led teams bring in 12% higher revenue for their organizations than male-dominated VC firms do, while VC firms with at least one woman in a leadership position outperform all-male peer organizations by 63%.

Moving Forward in Cybersecurity

Over the past few years, companies have shown a heightened desire to increase diversity in their hiring practices. Collectively, we must move forward more aggressively on that desire by adopting more focused and inclusive recruiting strategies to hire more women into critical cybersecurity roles.

At the same time, there are things that women can do to proactively manage their careers in the tech space. By taking just a few simple steps, women can shrink bias in the field and move toward greater equality. These include:

Assume New and Different Roles: Try to take on a variety of roles and responsibilities to round out your skill sets, as Renee Tarun has done. Sometimes, you have to take jobs outside of your comfort zone to advance your career. Doing so enables you to gain valuable skills and experience and build lasting relationships that will aid in further career assignments. This will help you grow both professionally and personally.

Leverage Mentors and Advocates: Identify professionals (both men and women) who are in a position you aspire to hold and ask them for career advice or to serve as a mentor. Join internal and external professional organizations and take on an active role. The Executive Women’s Forum is the largest member organization dedicated to engaging, developing and advancing women leaders at every stage of their careers. Their members participate in LIFT, a formal mentorship program that engages hundreds of mentees and mentors. These actions will help promote your personal brand and get you noticed and recalled when an open position needs to be filled. When analyzing the benefits of leveraging professional networks and mentors, we found that:

  • 76% of people were recommended for a high-profile project by their sponsor
  • 55% were proactively introduced to other people within their professional network
  • 44% had the opportunity for formal or informal mentoring
  • 38% had the opportunity for non-technical skill development