The increased presence of artificial intelligence (AI) technology in every facet of organizations – from HR to threat monitoring – is having a marked impact on cybersecurity professionals. Women working in cybersecurity see opportunities to develop new skills and AI specialisms, alongside raising concerns about the potential for data-driven bias in AI systems.
ISC2 is publishing a series of #WomenInCyber articles throughout March based on ISC2 research findings from women working in the cybersecurity profession. The results highlight the perspectives of women in cybersecurity roles. In this article, we are looking at the impact of AI on cybersecurity and the workplace, and in particular how AI has impacted women respondents working in cybersecurity.
AI has quickly established itself across multiple functions in many organizations. While it has clear and well-documented technical applications in cybersecurity monitoring and automated defense, the impact of AI on professionals is much broader than just the application of AI in day-to-day cybersecurity work.
Respondents to the ISC2 Cybersecurity Workforce Study shared their thoughts on the use of AI in their organizations.
An Opportunity to Specialize
Security professionals across the board are taking steps to make themselves more ‘future proof’ in working environments increasingly using AI-based technologies, especially Generative AI (Gen AI). Study participants are preparing in similar ways, but with noticeable differences in priorities. Key to this is the finding that women respondents are working at organizations that have implemented Gen AI at higher rates (73%) than men who participated (63%).
Half of respondents (50% of women and 52% of men) also are shifting their workplace efforts away from being operational contributors towards being more strategic to adapt to the evolving role of people alongside AI platforms. Recognizing the transformative shifts that are taking place, two thirds of women respondents (66%), along with nearly three quarters of men (74%), are actively building up their cybersecurity skills and knowledge to ensure their skillset does not become obsolete due to AI tactical efficiencies.
Meanwhile, almost half of all respondents (48% of both women and men) are actively learning more about AI to bolster their AI skillsets. Women participants are obtaining current certifications – both AI-specific and non-AI – in significant numbers, suggesting that qualifications are seen as an important validation of competency in an evolving cybersecurity environment. Over a quarter (26%) of women respondents are working towards AI-specific certifications, compared to 18% of men.
When it comes to securing their organizations AI investments, 37% of women respondents, along with 36% of men, are using their time to learn more about security issues in AI applications and platforms, again highlighting the drive to develop new AI-relevant skills and knowledge in a work environment that is leveraging AI technologies in increasing volume.
While the majority are working to develop their skills and knowledge to address AI and other emerging technologies that are impacting their roles, a significant minority feel they need to take more drastic career action. Of concern is the finding that over a fifth of women (21% compared to 16% of men) who took part in the study are considering a career change in the face of the impact of AI, along with the changing threat and technology landscape.
Shaping the Role of Gen AI in Organizations
The study findings revealed that higher percentages of women respondents working in cybersecurity are playing an active role in decision-making and forming policies and processes in relation to the deployment and use of Gen AI compared to men who responded to the study.
Over a third (37%) of women respondents are involved in creating organizational Gen AI use policy, 5% higher than men who responded. We see women respondents taking a more active role in percentage terms than men in Gen AI decision making and policy forming. More women respondents (36%) are involved in conducting Gen AI security reviews (compared to 32% of men), with similar numbers (34% women, 32% men) involved in evaluating the impact of vendors adding Gen AI to their existing products.
Women are taking the percentage lead in updating existing policies to account for Gen AI, deciding which Gen AI functionality to use as part of the cybersecurity toolset (both 33% women, 30% men), as well as in auditing the organization’s Gen AI security posture (29% women, 25% men).
Risks of Data-Driven Bias
The growth of AI as part of the recruiting process is concerning all in the cybersecurity sector, particularly women respondents to ISC2’s research.
When posed the statement “I am concerned about gender and ethnic/racial bias in Gen AI tools”, more than half of women respondents (54%) agreed with the statement, compared to 43% of men. 29% of men disagreed compared to 23% of women.
The fact that a majority of women respondents were clear in their concerns about AI-driven bias highlights a potential issue for both the use of AI systems, but also poses areas of consideration for hiring managers, in terms of the use of Gen AI in hiring and screening processes. Gen AI and related platforms are trained using large data sets. AI isn’t inherently as a technology biased, but it will reflect and potentially amplify bias if this is present in the data it is trained on, so care in this respect is key for organizations and developers alike. Regulation in many jurisdictions is recognizing AI as a critical technology and is considering such issues.
Leveraging AI Skills Opportunities – Recommendations and Considerations
The growth of AI, particularly Gen AI, in organizations globally presents many challenges and opportunities for cybersecurity professionals. Based on the findings shared in this article, the following recommendations are offered to both cybersecurity professionals and hiring managers:
- There is a clear willingness and effort among study respondents to equip themselves with the knowledge and skills needed to leverage, secure and understand AI platforms. The deployment of AI technology should therefore be approached from the perspective of enhancing the capabilities of the cybersecurity team to protect the organization, not to displace skilled and highly adaptable cybersecurity professionals.
- Hiring managers charged with recruiting individuals into cybersecurity roles are already dealing with challenges attracting a broader cross-section of society into cybersecurity roles. The use of AI in the hiring and HR process presents a significant concern to individuals surveyed. On that basis, automating personnel decision-making, screening and evaluation using AI should be approached with caution, as it risks unknowingly alienating and discouraging employees to stay or pursue progression. Any use of AI in this regard should be alongside human oversight to ensure that data-driven bias does not skew the decision-making process.
- Cybersecurity professionals must invest time and resources in continuous education and learning to maintain a current and relevant proficiency in AI-driven cybersecurity technologies and strategies. Certifications play a significant role in this regard, providing both vendor-specific and vendor-neutral endorsement and verification of competency.
Celebrating Women in Cybersecurity
At ISC2, we are celebrating women in cybersecurity during the month of March and publishing a series of articles that encourage the cybersecurity industry to strive for equality and greater inclusivity for all.
We will be sharing more research insights along with the accomplishments, career stories and experiences of women members working in cybersecurity roles.
Cybersecurity professionals can hear from leaders around the world during a webinar, From the Inside Out: Increasing Representation and Inclusion of Women in Cybersecurity. Available now for on-demand replay, this webinar features panelists who discuss unique partnerships and grassroots programming to increase women’s inclusion in cybersecurity. They also discuss why increasing representation matters and how individuals and organizations can play a role in making change. ISC2 members receive one CPE credit for viewing this webinar.
Methodology
The methodology statement for the ISC2 research on which this article is based can be found in the first part of this research series.
Related Insights