Female Information Security Officers

Jennifer A. Kurtz, MBA


One advantage to being a woman in cybersecurity is that you never ever have to wait in line outside the restrooms at a conference. That, however, may be the only advantage. Recent studies show that organizations are increasingly in search of female chief information security officers and other cyberprofessionals.

Although women make up 51 percent of the professional and technical workforce in the USi and internet usage is gender-neutral (age and income are more significant predictors of use patternsii), only 28 percent of them work in science and engineering fields and only 11 percent hold cyber security positions.

Meanwhile, the declared need for security professionals continues unabated. According to a Peninsula Press analysis of numbers from the Bureau of Labor Statistics, "more than 209,000 cybersecurity jobs in the U.S. are unfilled, and postings are up 74 percent over the past five years. The demand for positions like information security professionals is expected to grow by 53 percent through 2018." iii Information security analyst positions showed a median annual salary of $86,000 in 2012, which is a higher compensation than other computer professionals.iv From a personal cash flow perspective, the return on investment for becoming a security analyst is impressive!

Reports from the National Science Foundation, Ponemon Institute, and ISC2 indicate that as the threat landscape evolves and potential attack surfaces proliferate, organizations benefit from recruiting a diverse skill set when building security staff capacity. "To be successful, cybersecurity professionals must use a holistic approach to link science, math, and engineering to policymaking."v

Coincidentally, women in the field today are more likely involved outside traditional IT roles (e.g., network administrator, systems engineer), working across departments at the intersection of business, policy, and personnel management activities: governance, risk, and compliance (GRC), in addition to education and training. In such roles, strong communications skills are particularly relevant, in addition to broad IT knowledge.vi

Women participate in high-profile cybersecurity positions in organizations—like Oracle, Cisco, Intel, the State of Colorado, the White House—and, in most years (not 2011), a few are mentioned by Security Magazine as being among the top 25 most influential people in security.vii So why are fewer women being recruited to, and retained in, this field that is so full of opportunity?

The Computing Research Association suggests that even though diverse thinking styles and perspectives would lead to more innovative approaches in cybersecurity, various factors discourage participation by women and minorities:

  • Stereotypical notions
  • Lack of social support
  • Lack of confidence in women
  • Lack of exposure to role models
  • Lack of integrated efforts to recruit women
  • Lack of opportunity to connect with mentors
  • Lack of knowledge about the field of cybersecurity
  • Lack of directed effort to eliminate unconscious bias
  • Lack of awareness of professional development resources
  • Lack of awareness of opportunities in cybersecurity-related occupations, education, and researchviii

And what would make the cybersecurity profession more attractive to women?

Michelle Dennedy, chief privacy officer (CPO) for Intel Security, suggests that the battleground terminology is less appealing for women than objectives like protecting identities, preserving privacy, and maintaining record integrity.ix Other strategies are to create more awareness about the opportunities for women in cybersecurity by convening networking and information-sharing venues,x making connections with women mentors, and starting early (even in elementary school). We can do more to celebrate the contributions being made by women in the field so that fictional role models are not needed.

Even though I thought Nancy Drew was a great role model when I was in elementary school (weren't some of those titles pointing to forensics, authentication, and cryptography: The Clue in the Diary, The Password to Larkspur Lane, The Clue in the Crossword Cipher?), the women cybersecurity professionals working today have more range, responsibility, and risk management skills. The profession needs innovative, intelligent people with integrity, both men and women. We should all be OK with having to wait in a longer line outside the infosec conference restrooms.

Want to learn more about the online Master of Science in Information Assurance at Regis?  Request more information or call us at 877-820-0581.

iDepartment for Professional Employees, AFL-CIO (February 2015), "Women in the Professional Workforce." Retrieved from http://dpeaflcio.org/professionals/professionals-in-the-workplace/women-in-the-professional-and-technical-labor-force/
iiPew Research Center (January 2014), "Internet User Demographics." Retrieved from http://www.pewinternet.org/data-trend/internet-use/latest-stats/
iiiArita Setalvad (31 March 2015), "Demand to fill cybersecurity jobs booming," Peninsula Press. Retrieved from http://blog.sfgate.com/inthepeninsula/2015/03/31/cybersecurity-jobs-growth/
ivUS Bureau of Labor Statistics, Occupational Handbook, 2014-15 Edition. Retrieved from http://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
vSharmistha Bagchi-Sen, H.R. Rao, Shambhu Upadhyaya, and Sangmi Chai (January/February 2010), "Women in Cybersecurity: A Study of Career Advancement," IT Pro/IEEE Computer Society. Retrieved from http://www.computer.org/csdl/mags/it/2010/01/mit2010010024-abs.html
viFrost & Sullivan (2013), "Women in the Information Security Profession:
The (ISC)2 Global Information Security Workforce Subreport." Retrieved from https://www.isc2cares.org/uploadedFiles/wwwisc2caresorg/Content/Women-in-the-Information-Security-Profession-GISWS-Subreport.pdf
viiSecurity Magazine (2014),"The most influential people in security." Retrieved from http://www.securitymagazine.com/MostInfluential
viiiAmbareen Siraj and Summer Prince (February 2014), "National Women in Cybersecurity (WiCyS) Conference," Computing Research News. Retrieved from http://cra.org/resources/crn-archive-view-detail/national_women_in_cybersecurity_wicys_conference/
ixElizabeth Segran (16 February 2015), "To attract more women, cybersecurity industry could drop macho jargon," The Christian Science Monitor. Retrieved from http://www.csmonitor.com/World/Passcode/2015/0216/To-attract-more-women-cybersecurity-industry-could-drop-macho-jargon
xExamples include the Second National Women in Cybersecurity Conference or WiCyS held in March 2015 with participation from NCWIT <https://www.aspirations.org/activity/women-cybersecurity-conference>; ISSA's July 2015 web conference, WIS SIG: Paying It Forward-Preparing Women for Cybersecurity Careers in the Knowledge Age and Beyond <http://www.issa.org/events/event_details.asp?id=482958&group=107122>; Girl Scouts of America badge program <http://forgirls.girlscouts.org/internet-safety/>; the Executive Women's Forum <http://www.ewf-usa.com/; and the UK-based Women's Security Society <http://www.womenssecuritysociety.co.uk/>.