Women in Cybersecurity Face Barriers to Hiring, Advancement

Gender inequality persists in the cybersecurity sector, with multiple obstacles hindering women from being recruited, hired, retained, and advanced at the same rate as men.

A study of more than 1,000 employees from 20 organizations, conducted in collaboration with DEI firm Aleria and spearheaded by the nonprofit group Women in Cybersecurity (WiCyS), found that women face exclusion at twice the rate of men. Women are also five times more likely to attribute their dissatisfaction and decreased performance to interference from their managers and peers.

Related: Women in IT: 'Significant Strides' Have Been Made, Yet Challenges Persist

Women working in cybersecurity often encounter social exclusion, sexual inappropriateness, lack of recognition, and requests to do menial tasks in their predominantly male-driven work environments. The report identified a wide range of inequalities, with "lack of respect" being the most significant problem. According to the report’s heatmap data, female employees frequently feel disrespected by their direct managers, which negatively affects their career progression. Direct managers often fail to acknowledge the contributions and achievements of women, while recognition issues from peers further exacerbate the lack of respect in the workplace.

Skillsoft's annual Women in Tech report revealed that nearly a third of women in the tech industry are considering leaving their current organizations within the next year. The primary reasons cited include poor management, insufficient training, and inadequate compensation. Many women face hurdles in advancing their tech careers, notably due to the absence of adequate training, the Skillsoft report found. Specifically, survey respondents expressed strong interest in learning about generative AI and other emerging technologies, with AI being the most sought-after topic. However, despite this interest, most women reported not using AI in their work. Among those who do, a significant portion said they feel inadequately trained and lack the resources to effectively integrate AI into their roles.

Change Lies with Inclusive Leadership

Lynn Dohm, executive director at WiCyS, noted that the Aleria/WiCys report shows a more significant gender disparity in career advancement opportunities for women in cybersecurity compared to other industries.

"It was not surprising to see differences in the treatment of men and women, but the magnitude of these differences is quite striking," Dohm said. "This is particularly true in the workplace, where the level of inequality exceeds what we had originally anticipated."

Dohm said organizational leadership has the primary responsibility for driving meaningful change towards better inclusion. "[Business leaders] have the capacity to implement policies and cultivate practices that not only reduce incidents of poor inclusion but also minimize their impact on a broad employee base," she explained.

The report aims to incentivize leaders to scrutinize their own "State of Inclusion" by highlighting the financial repercussions of poor inclusion practices. Dohm said that this motivation stems from both ethical considerations and the potential for financial improvement.

Asking for Advancement

For Poornima DeBolle, co-founder and chief product officer at Menlo Security, throughout her 25-year career in cybersecurity, she has consistently found it necessary to advocate for her advancement.

"I come to the meeting with my accomplishments enumerated to make my case and a multi-year plan for my new role," DeBolle explained. "Even then, there have been times I do not get the advancement."

Debolle strongly encourages women to take an active role in managing their careers, recognizing this current situation while holding hope for a more equitable future for the next generation.

She offers two recommendations for organizations looking to improve the environment for women in cybersecurity. First, she stressed the importance of anti-bias training. "This might seem like an easy shortcut, but I have seen the real-life impact of it," Debolle said. "I was able to reference a video from our anti-bias training when planning team activities for our sales kick-off. We were able to find an activity that was more inclusive."

Debolle also pointed out the tendency for women to remain quiet and hesitate to actively engage in meetings, especially in large groups. Her second recommendation is for managers and team leaders to seek feedback from women and build a culture that encourages their participation. By doing so, she said, “managers and all team leaders will get better outcomes.”

Mentors, Allies, and Personal Branding

Callie Guenther, senior manager of cyber threat research at Critical Start, said organizations and the cybersecurity community can foster a more inclusive environment by implementing and enforcing comprehensive diversity and inclusion policies. This includes establishing mentorship programs specifically for women, promoting work-life balance through flexible work arrangements or childcare support, and ensuring equal opportunities for advancement and leadership roles.

Additionally, celebrating the achievements of women in cybersecurity and increasing their visibility as speakers, panelists, and leaders in the field can serve as inspiration and demonstrate the value of diversity within the industry.

Guenther identifies several barriers to career advancement, including a lack of visible female role models in senior cybersecurity positions, which can affect aspirations and expectations. Gender bias in promotion and hiring practices is also a concern, with women sometimes being overlooked for leadership or technical roles due to stereotypes about their capabilities.

She also noted the challenge of balancing work and family commitments, often exacerbated by the absence of flexible working arrangements, which disproportionately affect women's career trajectories in cybersecurity.

To navigate and overcome gender-related biases, Guenther said it’s important to find mentors and allies within the field, both male and female, who can provide support and guidance. Building a strong personal brand and showcasing expertise through speaking engagements, publications, and active participation in cybersecurity communities can help counteract stereotypes and establish credibility.

She also said ongoing education and certifications are key strategies for women to strengthen their qualifications and assert their competence in the face of gender-related biases.

Empowering the Next Generation

Olivia Rose, faculty at IANS Research and CISO and founder of Rose CISO Group, said she has experienced both the negative side and the positive side of being a woman in cybersecurity.

"I started in this industry 22 years ago and barely knew any women, so it was difficult to get advice for situations where I may have felt marginalized or overlooked," Rose said. "I had to develop a very tough exterior."

With far more women now in the industry, Rose said she tries to mentor younger women as often as possible. "I want their experiences to be far easier than mine was," Rose explained.

For years, Rose made sure all her certifications were printed right on her business cards. She would lay them out on the table before meeting attendees walked in. "I have so many certifications because whenever I would go into meetings, I would inevitably be disregarded, overlooked, or worse, asked to get the coffee for the room,” Rose said. "I needed people to see [my credentials] as soon as they sat down, to try to head off any potential issues.”

Rose explained she knew she had "made it" in her career when, in her first CISO role, she left the certification section blank on her business card request form. "I finally felt like I didn't need to get early to meetings anymore,” she said. “It was an incredible feeling."