Survey findings show that despite a severe shortage of women in the information security workforce, women offer the right mentality needed to grow and diversify the security industry
London, UK: (ISC)2 has released a new report, “Agents of Change: Women in the Information Security Profession” that was authored by Frost & Sullivan and sponsored by Symantec. The study reveals that women only represent 11 percent of the information security workforce, despite double-digit annual increases of personnel in the profession, yet they have the academic background and diverse perspective necessary to accelerate change in the information security industry. The report highlights a severe shortage of woman in the information security industry and why organisations globally need to shift attention to this critical problem.
“The identified shortage of women in the industry only reiterates the importance of our Foundation’s offerings like the women’s scholarships we award annually to female students aspiring to obtain information security careers, and the Safe and Secure Online programme, which brings (ISC)2-certified cyber security experts into classrooms to teach children how to become responsible digital citizens while introducing them to a career in cyber security,” said Julie Peeler, director of the (ISC)² Foundation. “(ISC)2’s Chapters are also offering women in security mentoring and awareness programmes within their local communities to recruit more women into the field, but we need a broader and deeper level of education and engagement for women at a younger age before we can realise the level of impact required to solve the workforce shortage.”
Survey respondents were divided into two job title categories: Leaders and Doers. The Leaders (3,466 respondents) category included job titles such as executives, managers, and strategic advisors. Doers (2,348 respondents) included respondents with job titles such as security analysts and compliance auditors. In the Leaders category, more women (34 percent) were in consultant and advisor job titles than men (26 percent), and more than twice as many men as women were network security or software architects. In the Doers category, 38 percent of women cited security analyst as their job title versus 27 percent of men. However, a higher proportion of men held security engineer and network administrator job titles. The 2013 Global Information Security Workforce Study identified “security analyst” as the number one most needed position in the information security industry, leading the way for a strong female presence in the future.
The report also looked at average job tenure, median and average annual salary and academic backgrounds. In these categories, the report showed only marginal differences between women and men who work in information security fields:
· Women Leaders have spent an average of 13.5 years in the field, compared to men at 13.6 years.
· Women and men Leaders both command an annual average median salary of US$105,000 per year.
· 91 percent of women Leaders hold a bachelor’s, master’s or a doctoral degree vs. 89 percent of men Leaders.
The findings revealed that women in information security, as a group, have a more diverse academic background than men, and a collective background with slightly greater emphasis on social sciences and business degrees vs. engineering and computer sciences.
“The report data indicates that the perspectives of women offer viewpoints needed to elevate the security industry to the next level,” added Michael Suby, author of the report and vice president of research at Frost & Sullivan.
While technical skills are integral to developing a strong security posture within organisations, it’s important to supplement the proper skills and perspectives necessary to make impactful businesses decisions. The report findings also demonstrate that the surveyed women believe a successful information security professional should maintain a variety of skills vs. surveyed men, who believe technical skills should be the priority. Women reported the following as the key attributes of a successful information security professional:
· Communication skills
· Broad understanding of the security field
· Awareness and understanding of the latest security threats
· Security policy formulation and application
· Leadership skills
· Business management skills
“Although efforts to fill the information security industry with skilled professionals have increased, the growing number of sophisticated attacks in our cyber landscape are posing an increased threat to organisations in both the public and private sectors,” added Suby. “Combatting these threats requires a community approach to training and hiring qualified security professionals from a variety of backgrounds. As our research reveals, women leaders are the strongest proponents of security and risk management education and training in the industry. This type of mentality is crucial to building standards in the industry and echoes the report’s findings that women are indeed, ‘agents of change’ in the future of information security.”
“Symantec believes it is critical that we bring more qualified women into the cyber security profession. Through our support of this study, and our broader commitment to women in STEM professions, we hope to increase the representation of women in technology,” said Julie Talbot-Hubbard, chief security officer at Symantec. “In working with partners such as (ISC)², we are able to bring a greater awareness to this important issue."