Why We Need More Gender Diversity in the Cybersecurity Space

What does it mean to be diverse? At the root of diversity is the ability to bring people together with different perspectives, experiences, and ideas. It's about enriching the work environment to lead to more innovative solutions, better decision-making, and a more inclusive environment.

For me, it's about ensuring that my daughter one day knows that it really is okay for her to be whatever she wants to be in life. That she isn't bound by a gender stereotype or what is deemed appropriate based on her sex.

This is why building a more diverse workforce in technology is so critical. I want the children of the world, my children, to be able to see themselves in the people they admire, in the fields they are interested in, and to know that the world is accepting of the path that they choose.

Monday, August 26th, was Women's Equality Day, and while I recognize that women have come a long way, there is still work to be done. Diversity is not just a buzzword - it's a necessity. When diverse perspectives converge, they create a rich ground for innovation.

Women in cybersecurity

Despite progress in many areas, women are still underrepresented in cybersecurity. Let's look at key statistics. According to data published in the ISC2 Cybersecurity Workforce Study published in 2023:

• Women make up 26% of the cybersecurity workforce globally.
• The average global salary of women who participated in the ISC2 survey was US$109,609 compared to $115,003 for men. For US women, the average salary was $141,066 compared to $148,035 for men.

Making progress

We should recognize where we have had wins in cybersecurity diversity, too.

The 2024 Cybersecurity Skills Gap global research report highlights significant progress in improving diversity within the cybersecurity industry. According to the report, 83% of companies have set diversity hiring goals for the next few years, with a particular focus on increasing the representation of women and minority groups. Additionally, structured programs targeting women have remained a priority, with 73% of IT decision-makers implementing initiatives specifically aimed at recruiting more women into cybersecurity roles. These efforts suggest a growing commitment to enhancing diversity and inclusion within the field, which is essential for addressing the global cybersecurity skills shortage.

Women hold approximately 25% of the cybersecurity jobs globally, and that number is growing. This representation has seen a steady increase from about 10% in 2013 to 20% in 2019, and it's projected to reach 30% by 2025, reflecting ongoing efforts to enhance gender diversity in this field.

Big tech companies are playing a pivotal role in increasing the number of women in cybersecurity by launching large-scale initiatives aimed at closing the gender gap. Microsoft, for instance, has committed to placing 250,000 people into cybersecurity roles by 2025, with a specific focus on underrepresented groups, including women. Similarly, Google and IBM are investing billions into cybersecurity training programs that target women and other underrepresented groups, aiming to equip them with the necessary skills to succeed in the industry.

This progress is crucial as diverse teams are often better equipped to tackle complex cybersecurity challenges, bringing a broader range of perspectives and innovative solutions to the table. As organizations continue to emphasize diversity in hiring, the cybersecurity industry is likely to see improvements not only in workforce composition but also in the overall effectiveness of cybersecurity strategies.

Good for business

This imbalance is not just a social issue - it's a business one. There are not enough cybersecurity professionals to join the workflow, resulting in a shortage. As of the ISC2's 2022 report, there is a worldwide gap of 3.4 million cybersecurity professionals. In fact, most organizations feel at risk because they do not have enough cybersecurity staffing.

Cybersecurity roles are also among the fastest growing roles in the United States. The Cybersecurity and Infrastructure Security Agency (CISA) introduced the Diverse Cybersecurity Workforce Act of 2024 to promote the cybersecurity field to underrepresented and disadvantaged communities.

Here are a few ideas for how we can help accelerate gender diversity in cybersecurity:

1. Mentorship and sponsorship: Experienced professionals should actively mentor and sponsor women in these fields, helping them navigate the challenges and seize opportunities.
   
   Unfortunately, this year the cybersecurity industry has seen major losses in organizations that support women. Women Who Code (WWC) and Girls in Tech shut their doors due to shortages in funds. Other organizations are still available, including:

• Girls Who Code
• Women in CyberSecurity (WiCyS)
• Black Girls in Cyber
• Women in Security and Privacy (WISP)
• Women in Technology International (WITI)
• Women4Cyber (Europe)

Companies may also consider internal mentorship programs or working with partners to allow cross-company mentorship opportunities.

Women within the cybersecurity field should also consider guest lecture positions or even teaching. Young girls who do not get to see women in the field are statistically less likely to choose that as a profession.

1. Inclusive work environments: Companies must create cultures where diversity is celebrated, not just tolerated or a means to an end. This means fostering environments where women feel empowered to share their ideas and take risks. This could include:

• Provide training to employees at all levels. At Docker, every employee receives an annual training budget. Additionally, our Employee Resource Groups (ERGs) are provided with budgets to facilitate educational initiatives to support under-represented groups. Teams also can add additional training as part of the annual budgeting process.
• Ensure there is an established career ladder for cybersecurity roles within the organization. Work with team members to understand their wishes for career advancement and create internal development plans to support those achievements. Make sure results are measurable.
• Provide transparency around promotions and pay, reducing the gender gaps in these areas.
• Ensure recruiters and managers are trained on diversity and identifying diverse candidate pools. At Docker, we invest in sourcing diverse candidates and ensuring our interview panels have a diverse team so candidates can learn about different perspectives regarding life at Docker.
• Ensure diverse recruitment panels. This is important for recruiting new diverse talent and allows people to understand the culture from multiple perspectives.

1. Policy changes: Companies should implement policies that support work-life balance, such as flexible working hours and parental leave, making it easier for women to thrive in these demanding fields. Companies could consider the following programs:

• Generous paid parental leave.
• Ramp-back programs for parents returning from parental leave.
• Flexible working hours, remote working options, condensed workdays, etc.
• Manager training to ensure managers are being inclusive and can navigate diverse direct report needs.

1. Employee Resource Groups (ERGs): Establishing allyship groups and/or employee resource groups (ERGs) help ensure that employees feel supported and have a mechanism to report needs to the organization. For example, a Caregivers ERG can help advocate for women who need flexibility in their schedule to allow for caregiving responsibilities.

Better together

As we reflect on the progress made in gender diversity, especially in the cybersecurity industry, it's clear that while we've come a long way, there is still much more to achieve. The underrepresentation of women in cybersecurity is not just a diversity issue - it's a business imperative. Diverse teams bring unique perspectives that drive innovation, foster creativity, and enhance problem-solving capabilities. The ongoing efforts by companies, coupled with supportive policies and inclusive cultures, are critical steps toward closing the gender gap.

The cybersecurity landscape is evolving, and so must our approach to diversity. It's encouraging to see big tech companies and organizations making strides in this direction, but the journey is far from over. As we commemorate Women's Equality Day, let's commit to not just acknowledging the need for diversity but actively working toward it. The future of cybersecurity - and the future of technology - depends on our ability to embrace and empower diverse voices.

Let's make this a reality, not just for the sake of our daughters but for our entire industry.

Learn more

• Subscribe to the Docker Newsletter.
• Get the latest release of Docker Desktop.
• Vote on what's next! Check out our public roadmap.
• Have questions? The Docker community is here to help.
• New to Docker? Get started.

Public link

Please use the above public link if you want to share this noodl on another website.