top of page
  • Writer's pictureESET Expert

Women in cybersecurity: Gender gap narrows but not enough

The number of women joining the ranks of cybersecurity practitioners is steadily increasing, but a lot still needs to be done to close the gap

The race to even-up the gender disparity in many industries is steadily gathering steam – and for all the right reasons. A diverse workforce offers a more level playing field for new hires, and studies have shown that millennials, who will make up 75% of the workforce by 2025, consider also diversity and inclusion when choosing employers. Diversity also improves the workplace culture and has a direct impact on the profitability and productivity of a company.

Meanwhile, the cybersecurity industry is still at pains to fill millions of vacancies. There has been some good news recently; for example, the latest (ISC)2 Cybersecurity Workforce Study found that the acute talent shortfall eased last year – for the first time in years. Indeed, there have also been positive shifts in other “departments”; for example, back in 2013 women held only 11% of jobs in the cybersecurity industry. Last year’s issue of the Women in Cybersecurity report, also drafted by the security certifications organization (ISC)2, showed that women already made up nearly a quarter of the security workforce.

On the other hand, the study also singled out another persisting issue – the gender wage gap. “When asked about their previous year’s salaries, 17% of women said they earned U.S. $50,000 to $99,999, a full 12 percentage points less than men (29%),” reads the report.

A lot still clearly needs to be done to close the gap(s), a fact that warrants special attention as the world marks International Women's Day today.

A problem with perception

Although cybersecurity is widely perceived as being a progressive and forward-thinking industry, the fact of the matter is that to a large extent it remains a male-dominated profession. According to the latest report by (ISC)2, just over half of surveyed professional perceived that the percentage of women in the field has risen over the past five years. However, among women, 7% view that the number of women in the field has actually declined in that time period, compared to just 4% of men.

Generally speaking, a lot probably boils down to perennial misperceptions that are part of the overall image problem within the technical industry and the general misperception of cybersecurity being the purview of male nerds wearing glasses and working around the clock in cubes or windowless rooms, a deeply entrenched stereotype perpetuated by popular television shows.

Closing the gap

A number of organizations have launched initiatives aimed at redressing the balance. One of these initiatives is ESET’s own Women in Cybersecurity Scholarship, which has been awarding a US$5,000 scholarship to women pursuing a college-level degree and aspiring towards a career in cybersecurity for five years running. Last year, ESET handed out US$20,000 in total to four outstanding students pursuing information security studies.

One of last year’s winners, Maria Bolaños, is a student at the University of Houston, where she is preparing to become an information security specialist. During the summer she worked as a volunteer teaching kids from underserved communities how to code.

“This scholarship with ESET pushes me closer to the future I imagine for myself. No one expected me, as a Latina who comes from a low-income background, to thrive in any field, especially in a field like cybersecurity, and I will do everything in my power to prove to myself that I belong here,” said Bolaños.

Other organizations aiming to achieve gender equality and improving recruitment rates include the US-based National Center for Women in Information Technology and Girls Who Code. Meanwhile, Women in Cybersecurity is a global initiative aimed at furthering women in the field by fostering and driving their passion for cybersecurity.

Routes in

While the perception may be that those wishing to pursue a career in cybersecurity need to have a technological background, this is not necessarily the case – cybersecurity researcher Lysa Myers, for example, started her career as a florist, moving on to a receptionist’s role at a security company, before gaining experience in her company’s virus lab.

Of course, that’s not to say that college education isn’t relevant, however, there is a conversation to be had about whether it is strictly necessary to have a degree in order to break into a career in cybersecurity. For those looking to switch careers and join the swelling ranks of cybersecurity professionals, it’s often good to weigh the pros and cons of whether their situation is better suited for pursuing a degree or going down the self-taught route.

Hope for the future

While the number of women occupying positions in cybersecurity is rising, the road to eliminating the gender gap is still long and riddled with obstacles. A good start would be to remove the negative perception that cybersecurity isn’t a viable career path for women and instead highlight the many reasons why they should consider a career in the field.

Beyond the attractive salaries and job satisfaction, it’s also important to emphasize that cybersecurity is diverse and career paths aren’t linear, which means they’ll have the opportunity to grow and wear many hats during their cybersecurity careers. These are but a few steps that could motivate more women to join the industry in the near future.


bottom of page