Women in cyber security: Closing the gender divide

A young female engineer stood in a server room holding a tablet. Decorative: The engineer has medium dark skin and is lit in blue light.
(Image credit: Getty Images)

The security industry has always had an issue with gender diversity and representation. As the sector has grown, the gap in numbers of men and women in cyber security has not closed, with too little being done to slow and counter this divide.

The importance of fostering a diverse and supportive culture among security teams can be seen as just another concern weighed against the fragmented threat landscape, an evolving attack surface, and the risk of AI threats

But this is a false comparison, as the first concern of any good leader should be supporting their people and ensuring they provide equal opportunities.

Not just limited to widening the talent pool and mitigating skills shortages, security leaders also argue that better diversity strategies could help improve how security teams operate and alleviate stress, fostering higher levels of psychological safety enjoyed by security teams.

In conversation with ITPro, several leading women in cyber security discuss their experiences and unpack how the sector can be improved to ensure women are given every opportunity to progress. 

Gender representation is uncoupled from sector growth

Even though the digital economy and cyber security industry are growing, women continue to be underrepresented in the field. Audra Streetman, security strategist at Splunk’s security research unit SURGe, tells ITPro that the percentage of women across the sector has not grown significantly:

“Despite the growing importance of cyber security and the industry's talent shortage, women remain underrepresented, holding only 26% of positions according to 2023 ISC2 figures.

“This is lower than the average for both the IT industry and the global workforce as a whole, so there is a significant gap to bridge.”

Streetman notes that the increased share of domestic labor responsibilities that often fall on women is another factor that discourages women from entering the sector.

Frequent late nights and demanding schedules are detrimental to everyone, particularly those with caregiving responsibilities, which still disproportionately affects women,” says Streeman.

Encouraging a positive work-life balance benefits everyone, not just women, and is a perfect example of how companies can attract and retain female talent.”

Dorit Dor, CTO at cyber security firm Check Point tells ITPro that the tech industry has been unsuccessful at increasing female participation and leadership.

“We miserably fail to bring women into technology, into leadership, and into leadership within technology, and cyber is one of the worst cases of technology in this case.”

Dor says sociocultural factors negatively impact women applying for technical roles at tech companies and conditions within tech companies that dissuade women from pursuing a long-term career in the field.  

In the first place, women are not encouraged to move into scientific fields and when they are it is usually medicine or academia rather than cyber security. 

“First there is some kind of miracle marketing effect that makes [women] think that life science is much more gratifying to women. The other part is, I think as families, mothers, fathers, or teachers don’t tell them it’s a good idea to do this,” Dor tells ITPro.

Second, once women enter the security industry deleterious work practices drive them to leave their jobs and thus fewer women progress to senior positions. “We didn’t ever offer the alternative … no. You should go into science, you should do cyber security. It’s a great career.”

Many barriers hold back women in tech and cyber security has particular challenges of its own. Women entering the cyber workforce are often faced with toxic security cultures and sexual harassment is rife in cyber security. This can drive new hires to quickly leave their roles or cyber altogether and adds to the negative perceptions of the cyber sector as male-centric.

Women entering the cyber workforce are often faced with toxic security cultures and sexual harassment is rife in cyber security. In some cases, women in cyber security have described having to avoid certain events for their own safety. While groups and new codes of conduct have been established to tackle these incidents, it is fundamentally a threat that can only be prevented by more concerted action from men in the sector.

More women in cyber security will address skills issues

Improving gender equity in cyber firms could help alleviate some of the largest problems facing the security industry, such as skills gaps and novel attack techniques, according to experts. Improved diversity would also work toward improving stress and communication issues that have long plagued the sector.

Nakisha Dixon, VP of HR at security platform Vercara, tells ITPro that by improving diversity in security teams, leaders can foster the innovation required to contend with increasingly sophisticated attacks. 

“Boosting female representation in cyber security could also help address some of the key challenges facing the industry. More diversity on security teams brings a wider range of perspectives, which can improve threat detection and enhance creativity in developing security solutions. It also expands the talent pool, helping to address the major cyber security skills shortage.”

Miruna Rosca, cryptography researcher at Bitdefender, further emphasizes the value of welcoming a diverse set of perspectives. Rosca also raises the importance of fostering an inclusive office environment beyond simply hiring a diverse workforce.

“You can bring people from different backgrounds, cultures, and experiences and everybody brings some unique perspectives to the table,” Rosca tells ITPro

“I think it’s very important not only what you do, but how you do it. How you deliver a project is as important as what you deliver. And so is how you make people feel, how you encourage them to increase their creativity, and [ultimately] I think that diversity breeds creativity.”

This touches on the concept of psychological safety, which has been a popular focus for CISOs in 2024. Psychological safety refers to an office culture in which staff feel empowered to express their opinions, raise concerns, and admit mistakes, without fearing professional mistakes.

Rosca says that when staff are encouraged to express ideas freely, they are more likely to innovate at the level needed to keep pace with threat actors.

Dixon concurs, noting that a workforce that feels comfortable to take initiative is a workforce better poised to succeed in an increasingly hostile threat landscape.

“More inclusive security teams are better equipped to address the complex and evolving threats facing organizations today. By making the field more welcoming to women, we strengthen cyber security as a whole,” Dixon tells ITPro.

An inclusive office environment is also important if the cyber security industry is to shake its burnout problem. Connie Stack, CEO at data loss prevention firm Next DLP, says improved female representation can tackle work-life issues by improving inclusivity and widening the talent pool.

“Gender parity fosters a more inclusive and supportive workplace culture, which enhances employee satisfaction, retention, and productivity. Companies that value diversity and create an environment where everyone feels empowered to contribute their best work are better positioned to attract and retain top talent”, Stack argues.

“One of the top reasons security professionals suffer from higher instances of burnout is a simple one – there are not enough of us. By focusing on gender and racial diversity we will open up new talent pools to recruit from, and add to our numbers making us better able to share the workload and ensure employee satisfaction rates among security professionals start to improve.”

How can we improve cyber security for women?

It’s clear that many leaders and policy-makers have been slow to tackle cyber security’s diversity problem.

Dixon says that as the issue is rooted in unconscious gender bias, lack of visible role models, and unsavory corporate cultures that don’t support a healthy work-life balance a multi-faceted approach is necessary. 

“Raising the representation will require effort across all levels of IT leadership. But the payoffs for workforce diversification are becoming increasingly clear,” Dixon tells ITPro.

“Organizations now need to focus on building partnerships with women in tech groups, conferences, networking events, mentorship programs, and communities that offer long-term support, education, and connections for women developing careers in IT.”

RELATED WHITEPAPER

There is early evidence that the industry is moving in the right direction. Classroom intervention can bring girls and women into STEM and BCS, the Chartered Institute for IT, found 18,880 applications from female students to study computing at university in 2024. Even so, this only closed the ratio of male to female applicants from 4.4 to 1 in 2023 to 4.1 to 1 and more work needs to be done to ensure those studying within the field can transition into the industry.

Audra Streetman says due to the relative immaturity of the cyber security industry, it has a golden chance to trailblaze and forge new leadership on diversity and inclusion in the workplace.

“As a younger, evolving industry, cyber security has a unique opportunity to define its culture and working practices. Unlike other sectors with ingrained behaviors and expectations, many in cyber security haven't been in the industry for decades, offering a chance to break free from outdated norms and better representation in leadership”, Steetman explains” 

“By its nature, cyber security itself demands open-mindedness and adaptability, making it well-positioned to set a positive example for the broader tech industry.”

Solomon Klappholz
Staff Writer

Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.