Research reports from ISC2 and WiCyS highlight the diversity and equitable inclusion issues seen every day in the cybersecurity profession. We take a closer look at how gender and inclusion imbalance in the cybersecurity workplace are ongoing obstacles to entry, retention and advancement.

Failing to foster a fair and equitable professional environment remains a barrier for many considering a move into a cybersecurity role, as well as for those already in the profession. Just recently, one of the largest security vendors in the world found itself at the center of this ongoing issue, reminding the industry of the need for a persistent cultural change.

Research and personal experiences continue to highlight that more work needs to be done to ensure cybersecurity is a fair and equitable profession. One where all are treated with the same level of respect, given the same opportunities to advance and participate, and where everyone’s contribution is recognized equally.

This was a consistent theme from the ISC2 research report In Their Own Words: Women and People of Color Detail Experiences Working in Cybersecurity, which brought together input from women working across the profession on their views of diversity, equity and inclusion.

“I think there is a global cultural issue. I know there are a lot of women and minorities that are well qualified and get passed over. Maybe because they’re not articulating their skills in the right way or they’re not even applying for the jobs because the organizations are being unrealistic about the requirements they put on the job description,” noted one participant.

WiCyS State of Inclusion Study

Lynn Dohm, Executive Director of WiCyS presented the findings of the organization’s latest State of Inclusion Report at ISC2’s recent Diversity, Equity and Inclusion (DEI) Summit in London. This first-of-its-kind assessment sought to discern the real causes of disparities in the experiences of women in cybersecurity. The data revealed that the workplace inclusion experiences of women continue to be dramatically worse than men across virtually every category examined.

The WiCyS data shows that women are 4.5 times more likely to be excluded from acts of recognition as men, 2.5 times more likely to be excluded from acts of respect and 2.4 times more likely to be excluded from career and growth opportunities.

This current experience echoes the testimonies of those who took part in the ISC2 research. “I’ve been in meetings where people have used my words. They’ve used my strategies. They have taken my work, and they presented it as their own,” said one respondent. “They get the credit for my talent. It would burn me so bad but, yet, I didn’t really have anyone to lean on.”

Dohm noted that women are five times more likely to cite their direct managers and peers as sources of workplace and career exclusion. Women are 1.3 times more likely to be excluded by organization leadership. In addition, Dohm also said that employees with disabilities experience higher rates of exclusion compared to those who identify with the majority.

Nonetheless, there are positives on which to keep building. The recent ISC2 Women in Cybersecurity study confirmed that despite obstacles to advancement and issues of exclusion, women retain a strong sense of job satisfaction, with room for further improvement. Some 58% of women who responded had overall satisfaction with their organization – equal to the men who were surveyed. In addition, 64% of women surveyed expressed satisfaction with their team and 58% expressed satisfaction with their department. Furthermore, passion for cybersecurity trended positively with women and grew with tenure in the field, rising to as high as 74% among women with over 15 years of industry experience.

Workplace and Industry Experiences

The WiCyS study also solicited statements from participants about their experiences. With reference to disrespectful behavior, one person noted: “After introducing myself, I have had individuals ask to speak to a ‘guy who works in IT’ instead of me.”

This was echoed in ISC2’s research: “If you actually historically doubt the intelligence level of many minorities and women, if you have those thoughts as a hiring manager and don’t think a diverse candidate is even smart enough, just because of some type of discriminatory belief that you have, then you are not going to give them that opportunity,” another ISC2 participant added.

On social exclusion and inappropriate behavior, one WiCyS participant noted: “Work and industry ‘social’ events are oriented towards the majority (males), e.g., whisky tasting and golf days.” Another highlighted concerns about the normalization of inappropriate and biased behavior towards other genders, saying: “Male leaders regularly decide to host lunches for employee appreciation, then expect the female employees who were also in leadership, to do the ordering/setting up/clean up”.

Taking Positive Action

Addressing disparity in workplace and career inclusion requires change across the organization – across culture as well as process. There are many steps to consider including:

Purposeful Inclusion

Organizations must ensure conscious leadership and give everyone a voice. Leaders should actively engage professionals equally to collaborate on key projects and in meetings.

Equal Advancement

Document advancement practices that create clear and equal paths to leadership positions for all professionals, make them transparent to all and provide the necessary resources for advancement, including technical training, language tutors, opportunities to pursue certifications, etc.

Pay Equity

Conduct meaningful pay equity assessments across the organization and then act accordingly on the results. Then, actively monitor pay equity for all roles within an organization and ensure that salary and benefits are aligned based on role requirements and experience.

Celebrate DEI Achievements

Organizations need training and skills development programs focused on creating and maintaining awareness and fostering effective DEI principles across all departments and leadership levels. It’s also important to recognize progress, highlighting successful DEI best practices and programs.