11 percent. Not a very large proportion out of 100% when you think about it. If you have 100 cars, 89 black and 11 red, at the end of the day, there aren’t too many red ones around. Now think about it this way – In the information security industry, referred to as infosec by its professionals, women make up a mere 11 % of the employees. Theories abound as to why this is so – that females are less “into” tech in general, that even within tech many women are never exposed to infosec and that women don’t have the desire to be locked into a field that tends to stretch far beyond the bounds of a regular 9-5 work day. We took an in depth look at some of the more common reasons to see if there is any truth to them and to see if and how the perception can be changed for the long term good of the field.
1- Females don’t “dig” tech as much as their male counterparts in general
So are girls really less into tech? Well according to a recent study in the Huffington Post conducted by the American Association of University Women, an organization that promotes gender equality in the workplace, it sure seems that way. The study looked at the number of women entering STEM (Science Technology Engineering and Math) professions between 1990 – 2013. Certain occupations like biologists and chemists saw a significant increase, engineering made a slight 3 percent upward crawl and the amount of women entering the computer field dropped by a shocking 9 percent. And while the misconception that men are naturally better at sciences than females are is mostly a thing of the past, says study co-author Christianne Corbett, the idea that math and computers are more of a “boys thing” sadly persists today. Corbett notes that “There’s evidence that by first grade, most kids already associate math with boys. This is just a belief most of us have. It’s a reflection more of our culture than anything individual.”
And the stats aren’t looking up. According to the New York Times just 0.4% of female freshman in US universities say they intend on pursuing a degree in computer sciences. According to NPR, the lack of interest may have something to do with the advent of personal computers. In the 1980’s and 1990’s parents were more interested in buying their boys computers than they were their girls. You know, boys tinker with robots while girls play with dolls. When these kids got to college, the ones with the tightest grasp on computer skills excelled in math and computer courses where the others faltered. And thus the field became a male dominated one.
CNET.com, currently running a series it calls “Solving for XX”, aimed at making the tech industry more diverse and welcoming to women, says that major corporations like Apple and Intel are investing huge sums of money on attracting women and minorities but the problem really starts way before the job hunt begins. Study director at the Institute for Women’s Policy Research, Ariane Hegewisch, says that girls have less opportunity to “explore subjects like mathematics or science, in part because of lack of encouragement, curricula that appeal more to boys than girls and a negative stereotype about girls’ technical abilities.” Despite researchers attempts to locate biological or neurological reasons to explain why more women aren’t going into the STEM fields all together, no one has been able to prove that girls are inherently less interested. According to CNET “ What they have found is that parents often stop young girls from pursuing interests that society still considers too masculine.”
2- Um, who has ever heard of infosec?
With the lack of knowledge about the profession mixed with the lack of females in computer sciences in general, the situation in infosec is particularly glaring. Infosec professionals don’t get the press that more glamorous sectors, like product designers or rockstar coders do, so even computer science grads don’t know much about the field. And according to Julie Peeler director of the International Information Systems Security Certification Consortium – (ISC)2 the security industry has over 30,000 open jobs as of 2015 and is on course to have yet another 30,000 available spots by next year. Peeler reports that there are nowhere near that number of professionals entering the field. In fact, a report by Burning Glass Technologies found that the rate of open infosec positions grew at a rate 3.5 times faster than all other IT jobs. There simply isn’t enough “man”power to fill them. Without new candidates on board, men and women, the gap will be a huge one.
To be sure, infosec is a demanding and exacting profession but it’s not so different in that respect than other tech professions. What infosec does require is a career-long commitment to learning and innovation. Perhaps this is where having a diverse group is most important. The more varied the group is, the higher the likelihood for innovation is. And because communication, analytical skills and strategizing are all distinct, yet key factors in any strong cyber security program, it takes an assorted team to bring all these elements together.
3 – Would I have to work until 3:00 am each day?
And what about the lack of flexibility? This is where the shortage of professionals can either work for or against someone in the field who doesn’t feel like eating dinner every evening from a vending machine down the hall. Because infosec’ers are in high demand, it can lead to unfair expectations being placed on the infosec teams. According to Peeler, (the shortage) “is causing a strain on the existing workforce…They are having to work harder and longer hours.” This may not be the ideal setup for someone, dads included of course, looking to balance home and work life.
On the other hand some professionals find that this increases their flex time – Manager for software security research at HP’s Enterprise Security Products division Joy Forsythe says ”I can schedule my non-working time during my child’s waking hours, and I can come back online after my child goes to bed.” She posits that the demand for workers creates a distinct advantage when it comes to obtaining a flexible work situation. And since this is one industry that can’t be outsourced overseas, job security is pretty high. So there is flexibility to be found for someone worth their salt.
In Part II we will look at ways to change the downward trend…Stay tuned!