Women are less likely to apply for jobs they’re not qualified for, and without a push we’re likely see a gender gap in IT security for a long time. “Only 13 to 18% of the cybersecurity workforce is women,” said Lisa Person, an advocate for IT security best practices and past leader for CompTIA’s IT Security Community. “There’s this other 30% who are not engaging, and if we could get even 10% of those people to join cybersecurity we can start to fill that gap.”
For business owners and managers struggling to bridge the gender gap in IT Security, put on your UX hat and consider ways you can overcome the barriers keeping women from cybersecurity jobs.
Bridge the Confidence Gap
Even if they know about cybersecurity and can see a path to entry, many people outside of IT security don’t think they have the right education or experience to join the industry. To get more women to apply at your company, make your job listings approachable to outsiders.
“Job listings can be like bad online dating profiles,” said Lysa Myers, a security researcher for ESET and CompTIA community member. “It can be a laundry list of ‘I want this and not that,’ and the people reading it—especially people from groups that are less represented—are going to look at that and completely recoil.”
Use augmented writing tools to scrub out biased language, post jobs in online forums specifically for women and reconsider old standards like requiring a bachelor’s degree and having a minimum of five years’ experience. “What if they learned in three years what another learned in five?” Myers said.
Find Role Models
According to the recent Cyberstates report, “Nationally, the composition of the tech sector workforce in 2018 consisted of 4.9 million men and 2.4 million women, translating to 68 percent and 32 percent, respectively.” Without examples of women working in cybersecurity, it’s hard for outsiders to imagine themselves as part of the industry.
Mentors offer real-life examples of what it’s like to work in IT security and demonstrate that it’s not unapproachable. Connect with groups like CompTIA’s Advancing Women in Technology Interest Group to find mentors and speakers for your events, and give the women in your company visibility. Send female security staff to tech conferences and fill your booth with the qualified women who work for you. Show off your company culture—if it’s inviting, you’ll attract diverse talent.
Dispel Tech Myths
There’s a myth that jobs in security are all tech jobs, but there’s marketing, sales, project management, event planning—lots of roles outside of IT. Nontechnical people bring curiosity and empathy, skills that help in any job. “You’re understanding what users need, what customers need, what the business needs are within the company and how to align security procedures with all of those things,” Myers said.
Help dispel the myth by posting all of your job openings on job boards dedicated to women in tech, and show up for—or even sponsor—events designed for women.
Demystify Cybersecurity Jobs
Women and other underrepresented groups need more data on working in IT security before they will jump in. “Women are less likely to take risky investments, but when they do they’re more likely to make a profit,” Myers said. The more women know about security jobs, the more likely they are to apply.
Myers was a florist before she got a job as an assistant to the office manager at a security company. By being curious and lending a hand around her office, she learned the ropes from the ground up.
“There are a huge number of different ways you can get in the industry without going through a college degree program,” said Myers.
Offer bootcamps or hold games of capture the flag so people can experience security in a fun environment first. If you spot some undiscovered talent, see if it’s worth offering more training or a short-term internship.
You can also boost the likelihood that women will stay in your company by offering them ways to grow. Funding certifications like CompTIA Cybersecurity Analyst (CySA+) can give your employees a leg up on behavioral analytics and ways to prevent, detect and combat cybersecurity threats. Find out more here.