Across the globe today, people are celebrating the phenomenal achievements of women while reflecting on the equity gaps that persist. This is especially relevant for those of us in privacy and security. For years, the percentage of women in the security workforce has stalled around 11%, but a recent report finds the percentage has jumped to 24%. While one data point does not make a trend, there is room for optimism at a time when high profile incidents make industry headlines.
As an industry and a society, we are well past regurgitating all of the research that points to the positive business impact of a diverse and inclusive workforce, or simply paying lip service to a topic that requires significant resources and commitment to impart change. Instead, we would like to highlight the challenges that persist for women in security and privacy, provide recommendations for growing a diverse and inclusive workforce, and highlight some of our efforts to help develop and retain women in privacy and security. From RSA to the Women in Cybersecurity conference, we are working coast to coast to support and encourage women in security and privacy.
Depending on the data, women account for roughly 10-25% of the security workforce. Why are there so few women in security? This is frequently asked, with most attention focused on either the pipeline or retention. In fact, the lack of a pipeline is usually the go to excuse for the lack of diversity in tech. Those focusing on the pipeline often point to the low number of girls and women pursuing STEM-related education. Specifically focusing on computer science, the number of women in the field peaked in the early 1980s at almost 40%, and has since dropped to under 20%.
To help grow the pipeline, programs such as the Women’s Society of Cyberjutsu, Black Girls Code, Women in Security and Privacy, and Women in Cybersecurity have had a significant impact on training and growing the number of girls and women in the industry. Similarly, success stories such as Harvey Mudd demonstrate that concerted efforts focusing on the culture, course design, and hiring can cause significant changes in the number of women pursuing computer science degrees.
These and similar efforts are essential to growing diverse interest in an industry that is facing a workforce gap in the millions. However, they only address a portion of the problem. Women leave tech companies at twice the rate of men. All of these efforts to grow the pipeline are for naught if women leave the industry after a brief time in the workforce. The most prominent challenges to retaining a security workforce are burnout, the culture, and lack of clear career path, each of which is amplified for underrepresented groups. From salary gaps to discrimination, the graphic below demonstrates the unique challenges women encounter within the security workforce; challenges that increase the higher a woman rises in an organization.
Despite these persisting challenges, there are signs of change. For instance, security conferences have previously gained notoriety for anything from an unsafe environment to the limited number of women speakers. The two largest security conferences – RSA and Black Hat – have taken steps over the last year to address these issues. RSA has diversified the keynotes and introduced a SheSpeaks workshop to encourage more women to present at industry conferences. Black Hat now has a Community track to openly discuss issues such as diversity, inclusion, burnout, and mental health.
For companies, change must begin at the top. While diversity and inclusion have become a mantra across corporate America, there is too frequently a say-do gap. While cultural entrepreneurs are necessary across the entire organization, they take their cue from leadership. Executives should focus on both internal and external initiatives to help diversify their organization as well as the industry, and focus on engagement, development, and leadership. These concepts translate across the entire workforce, but there are specific steps that can be made to support underrepresented groups. The workplace environment and corporate swag offer visual cues of the corporate culture, while professional development opportunities and leadership and board diversity similarly signal a commitment to the reinforcing nature of diversity and innovation. Women specifically benefit and feel valued when there are mentoring and sponsorship opportunities that support all aspects of professional development.
At Virtru, we are committed to disrupting the security and privacy industry. Digital privacy is a fundamental right and requires an all-of-society approach to ensure digital privacy is accessible for all. While we continue to expand the Virtru digital privacy platform, we know more must be done to ensure the technologies and laws being created reflect the diversity of voices within our population.
To that end, we hold our own corporate culture to a high bar and constantly seek ways to create an inclusive and diverse environment. We also are expanding our community presence to support many diversity and inclusion initiatives. As part of the RSA SheSpeaks workshop, I had the opportunity to join some of the most influential women in the industry to speak about presenting at conferences. This was an invigorating event focused on inspiring more women to present at conferences. “If they don’t see it, they won’t be it” is a common refrain that captures the essence of why diversified conference programs are so essential to the industry.
Later this month, the Virtru team will be out in force at, and is a proud sponsor of, the Women in Cybersecurity Conference. I’ll also be presenting my research on workforce retention at the Women Transforming Technology Conference in Palo Alto in April. These, and other efforts throughout the year, are part of our ongoing commitment to help security and privacy rise up and drive an inclusive movement toward digital privacy for all.