The Cybersecurity Canon: Women in Cybersecurity

We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite. 

The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!

Executive Summary

“Women in Cybersecurity,” by Jane LeClair and Denise Pheils, is an excellent candidate for the Cybersecurity Canon. The ongoing cybersecurity skills shortage has been discussed for years now. In the United States, employers find it difficult to hire 200,000 cybersecurity professionals every year, and surprisingly, merely 11 percent of the information security workforce is women.

In this book, the authors untangle some of the key problems that prevent women from joining the field from gender, sociocultural and career perspectives. While conferences and organizations like the Grace Hopper Celebration of Women in Computing or the Women’s Society of Cyberjutsu have been trying to bring diversity to cybersecurity, we have not come across many books that discuss the paucity of female cybersecurity professionals and what can be done to address this. Out of more than 2,100 English-language books available on Amazon on July 2017, I have only been able to find a few that cover this topic and its challenges.

As information technology underpins critical infrastructure operations, daily lives, national security and social welfare, cybersecurity is becoming more important than ever to protect our way of life in the digital age. To some extent, we deal with IT and cybersecurity daily. It is our responsibility to create a circle of boosters for cybersecurity talents rather than nipping educational or career opportunities in the bud.

I encourage all parents, employees, managers and those thinking of making the career switch to read this short book. It would be an hour well spent, and will hopefully help to start the change and move toward diversity in cybersecurity.

Review

I chose this book as a candidate for the Cybersecurity Canon because “Women in Cybersecurity,” by Jane LeClair and Denise Pheils, is one of the few English books currently published that covers this important topic. As information technology underpins critical infrastructure operations, daily lives, national security and social welfare, cybersecurity is becoming more important than ever to protect our way of life in the digital age. Despite this, the shortage of cybersecurity professionals remains acute. Since IT is embedded in so many of our activities, cybersecurity requires the education, recruitment, and retention of diversified skillsets and professionals.

We are in dire need of diversified expertise and insights. Everyone should read this book to understand the problems and solutions the authors describe. They should also start thinking about their own ways to aid the next-generation workforce pipeline, as on its own, the book does not offer all the answers to overcome this sociocultural bias.

LeClair and Pheils wrote this book to analyze why women are underrepresented in cybersecurity and offer solutions to bring women into the field, as women globally constitute only 11 percent of the cybersecurity workforce. [1] In Chapters 2 through 4, LeClair and Pheils analyze sociocultural, educational and professional barriers that have discouraged women from obtaining cybersecurity jobs. In Chapter 5, they outline solutions to address these challenges, and in Chapter 6, strategies for “Breaking the Glass Ceiling.” Chapter 7, “On the Glass Cliff,” describes a scenario where a woman fails to take advantage of a career opportunity in a company and has to start her career all over again at another organization. Finally, Chapter 8, “Imposter Syndrome and Women,” describes how women can be affected by the inability to recognize their own accomplishments.

Chapter 2, “Girls in Predetermined Roles,” points out, “IT and cybersecurity careers have been classified as masculine because of the math-based discipline, the collective reference to gaming and hacking, and the fact that the industry is largely male-dominated.” Cultural and familial gender biases and traditions morph girls into their expected role, and it is challenging for women to repel such pressure, especially when their families neither understand their desires nor provide financial or moral support for their career decisions.

The authors share several examples of educational and networking opportunities for girls in Chapter 3, “Girls in K-12.” LeClair and Pheils emphasize the importance of educating girls about cybersecurity, STEM – science, technology, engineering and mathematics – and other career options as early as possible.

Chapter 4, “Women in the Technology Workplace,” provides a disturbing fact: more than half of women – 52 percent – drop out of the tech field at between 35 and 40 years old. [2] Even as of 2013, the female attrition rate is higher in the STEM field (50 percent) than in non-STEM field (20 percent). [3] The authors attribute such high turnover to several factors, including long hours, family responsibilities, unequal pay, difficulties getting promoted, lack of mentors and diversity in the workplace, and sexual harassment.

Next, Chapter 5, “Solutions to Barriers,” talks about how family, mentors and the workplace can solve those problems. LeClair and Pheils encourage parents to be more understanding of their daughters’ educational or career choices, and even provide verbal or financial support. They also explain the need for teachers and guidance counselors to provide career, educational and life planning advice for female students. Role models and mentorship are crucial to help women see themselves in certain positions and overcome challenges on the way to their goals. Mentorship can come from women as well as men to help the next generation flourish and grow. These efforts will bring talent of either gender to different ranks of cybersecurity jobs, and equality will improve.

As of 2017, women account for only 5.6 percent of CEO positions (23 female CEOs) at Standard & Poor’s 500 companies. [4] The paucity of women is not just a problem in cybersecurity; it is prevalent across the industry, especially in senior positions. Chapter 6, “Breaking the Glass Ceiling,” offers specific tips for women to get to the higher ranks. Again, mentorship is key to help women develop strength and contribute to the business even more.

The authors warn that women may face another daunting challenge even after they break the “glass ceiling.” Chapter 7, “On the Glass Cliff,” gives a pessimistic scenario: a woman fails a high-profile project at which her predecessors never succeeded, and she has to “leave the company and start again under a similar set of circumstances at a new company.” In my opinion, this chapter fails to provide concrete advice on how to overcome “the glass cliff,” beyond encouraging women not to give up their desires, and to maintain their integrity and the quality of their work. It would have been beneficial for employers and employees to understand what kinds of team-building and mentorship would help women in certain positions get their work done.

Some women can relate to Chapter 8, “Imposter Syndrome and Women.” The syndrome is explained thus: “people who achieve success – especially women – often tend to reflect on their achievements and begin to doubt their own abilities” due to their failure to internalize the success they have achieved through their abilities and aspirations. I have encountered and heard about accomplished women who tend to believe their achievements merely come from luck. [5] Since people around these women do not necessarily understand their inner struggles, they may find themselves distressed even more. As the authors emphasize, it is important to understand that even famous high achievers share this self-doubt and encourage women to take the next step by listing their achievements rather than diminishing themselves.

Some statistics and facts in Chapters 6 through 8 may sound daunting to young women who are interested in STEM and cybersecurity careers. Remember, these numbers and data are presented to serve as food for thought. They are meant to help parents, teachers, employers and colleagues understand challenges women currently face as well as to prepare them to tackle potential problems they may encounter in the future.

There remain unanswered questions about the sociocultural pressures outside of the United States. People from other countries may not necessarily be able to find specific examples relevant to themselves. Nonetheless, the information shows there are champions or partners with whom those people may want to team up outside their organization or country.

The Computing Technology Industry Association points out that 69 percent of girls who have never considered an IT job do so only because they are unaware of opportunities available for them. [6] This is so wrong. While “Women in Cybersecurity” focuses on the technical side of cybersecurity and does not discuss non-technical aspects, both men and women should be informed of career options equally.

Conclusion

This book, “Women in Cybersecurity,” is Canon-worthy because it will arm readers with ways to tackle diversity, psychological and talent shortage challenges. Your one-hour journey to read the book is the first step to overcome these things. Let’s make history together to educate, recruit, retain, train, promote, and reward men and women who are keen to pursue cybersecurity careers. We need you.

Sources

[1] “The 2017 Global Information Security Workforce Study: Women in Cybersecurity,” by Frost & Sullivan, Alta Associates’ Executive Women’s Forum, Center for Cyber Safety and Education, and (ISC)², 2017, https://iamcybersafe.org/wp-content/uploads/2017/03/WomensReport.pdf, 6.

[2] “Why women quit technology,” by Kathleen Melymuka, Computerworld, 16 June 2008, last visited 1 August 2017, http://www.computerworld.com/article/2551969/it-careers/it-careers-why-women-quit-technology.html.

[3] “What’s So Special about STEM? A Comparison of Women’s Retention in STEM and Professional Occupations” by Jennifer L. Glass, Sharon Sassler, Yael Levitte, and Katherine M. Michelmore, National Center for Biotechnology Information, 21 August 2013, last visited 2 September 2017, https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4279242/.

[3] “Women CEOs Of The S&P 500,” by Catalyst, 14 June 2017, last visited 1 August 2017, http://www.catalyst.org/knowledge/women-ceos-sp-500.

[4] “Feel like a fraud?” by Kirsten Weir, American Psychological Association, November 2011, last visited 3 August 2017, http://www.apa.org/gradpsych/2013/11/fraud.aspx.

[5] “Press Release: COMPTIA LAUNCHES NEW CAMPAIGN TO INSPIRE GIRLS TO “MAKE TECH HER STORY”,” by Computing Technology Industry Assn., 20 September 2016, last visited 3 August 2017, https://www.comptia.org/about-us/newsroom/press-releases/2016/09/20/comptia-launches-new-campaign-to-inspire-girls-to-make-tech-her-story.