'Time is Now' to Support Women Leadership in Global Cybersecurity

International Women’s Day, celebrated worldwide annually on March 8, is a chance to reflect on past and present-day challenges associated with achieving gender equality[1]. As technology is harnessed to enable digital transformation for global good, it is time for the members of the world community to work toward a future where women from all walks of life will no longer be subject to injustices, inequality, and discrimination. Innovations in areas such as high-speed Internet, artificial intelligence, nanotechnology, quantum computing, biotechnology, the Internet of Things, 3D printing, and autonomous vehicles demonstrate human potential to connect and serve billions of people in new and unprecedented ways. Not all women, however, are given the opportunity to participate in the digital transformation and equally share the benefits generated by these advancements.

One critical element of this momentum is around cybersecurity. Market research shows that global cybersecurity spending is set to grow 19 percent to USD 90 billion this year[2], with six million new positions expected to be created in the next year[3]. According to the Council of Economic Advisers, malicious cyber activity cost the U.S. economy between USD 57 billion and USD 109 billion in 2016[4]. At the same time, female participation in cybersecurity related fields globally is stagnant at 11 percent[5]. A massive gender gap remains across all tech-enabled fields worldwide. Women are still struggling to obtain equal levels of participation, leadership opportunities, compensation, benefits, and recognition.

As investments in critical infrastructure protection increase worldwide, participation and leadership by women in cybersecurity should no longer be considered as simply “nice to have.” Government, industry, and society at large must proactively consider ways to cultivate and utilize women’s talents for cybersecurity related jobs and support their career development to reach their full potential.

Need for Systemic Change

It is important for the government and industry alike to institutionalize policies that promote gender equality in the workplace so that women are regarded as equal participants in the digital economy and as leaders to drive change. It is not only about removing the gender gap but also about fulfilling mankind’s obligation to protect the safety and economic wellbeing of society.

Understanding career requirements for cybersecurity positions is central to this process. We need to change the perception that only people with STEM majors qualify for cybersecurity jobs. It is not enough to simply widen the pipeline for more women in the STEM majors at the undergraduate and graduate levels, although this is an important step. We also need to take a holistic and developmental approach to help women in all career stages to drive transformation by engaging in conversation and deepening their awareness about the breadth of skills required to address cybersecurity challenges. In addition to STEM education, there is a growing demand for people trained in a variety of disciplines, including design and development, compliance and auditing, marketing and communications, economics, organizational and partnership development, incidence reporting and response, legal and policy engagement, operational and consulting services, customer support, professional training, public affairs, etc.

We are also recognizing that individuals with non-traditional backgrounds, such as psychology, political science, world history and business-related studies, can help design countermeasures against cybercrime and improve globalcollaboration. Softer skills, such as troubleshooting, problem-solving, resourcefulness, multi-tasking, and a desire to protect people from harm are attributes natural to many women. The same skills are required to deal effectively with on-going complex and not always well-defined cybersecurity challenges.

Offering professional development programs and security certifications, as well as on-the-job training, are other ways to build the capabilities of women professionals who may not have planned to be in the cybersecurity discipline when they entered the workforce.

Creating a broader definition of the expertise required for cybersecurity positions needs to be accompanied by improvements in support mechanisms and mentorship opportunities for women pursuing careers in technology. Senior leaders, both male and female, should proactively and routinely share best practices for career development, offer firsthand accounts of how they evolved their expertise to qualify for leadership roles, and provide guidance to address stereotyping, misconceptions, and how to overcome common career obstacles.

Finally, societal changes must also occur. We must reach girls and young women much earlier in their educational experiences to cultivate, encourage and support their interest in technology and careers in cybersecurity. Women who choose to pursue careers in fields dominated by men also need stronger support systems both inside and outside the workplace. Preventive policies must be established to protect women from discriminations in hiring and promotion which have resulted in keeping them in lower wage-earning positions.

Time for a New Approach

It is encouraging and inspiring to see many organizations in the U.S. begin to tackle these challenges in new ways. Global partnerships are equally important as we look to build a future workforce that will champion broader participation and leadership by women in cybersecurity.

For example, in South Korea, which has ranked lowest for the past six years in a survey of global workplace gender equality[6], women leaders from Microsoft Corp., Microsoft Korea, and Korean Center for Women in Science, Engineering and Technology (WISET) are joining forces to launch a new initiative to promote the role of women in security. Later this month, these groups will host a pilot event in Seoul, Women@Security: Digital Transformation and Career Opportunities for Women in Cybersecurity conference. The event will bring together female college students, career-interrupted women, and women security professionals to discuss key issues related to developing career paths in cybersecurity. Important governing bodies including the Ministry of Science and ICT (MSIT), Korea Internet & Security Agency (KISA), the Korean Computer Emergency Response Team (KR-Cert), the Korea Association of Chief Information Security Officers (CISO Korea), and the US Embassy Seoul have also joined this effort as key partners to help better understand the issues and create opportunities to implement systemic changes.

UN Women[7] made a strong recommendation to address gender equality issues during the Internet Governance Forum (IGF) 2017 held in Geneva last December. As more countries follow South Korea’s lead and the UN Women’s mandate, it will make a difference in terms of cyber capacity building and women’s career development as equal players in the cyber workforce. This year, the theme for International Women’s Day is “Time is Now: Rural and Urban Activists Transforming Women’s Lives.” At the breakneck speed at which the security industry is expanding, now is the time to have these important conversations and search for new ways to address and close the gender gap in cybersecurity.

Jing de Jong-Chen is Partner and General Manager of Global Security Strategy at Microsoft Corporation. She has more than 20 years of experience in the technology industry with domain expertise in global cybersecurity policy and strategy. As a founder of Microsoft Women in Security and Board Advisor of the Executive Women’s Forum (EWF), Jing is passionate about advancing the role of women in technology. She is a recipient of the EWF Women of Influence Award and Women in Cybersecurity Power Player Award.

References 

[1] The United Nations began celebrating International Women's Day in 1975. In 1977, the United Nations General Assembly invited member states to proclaim March 8 as the UN Day for women's rights and world peace. Link

[2] GBH Insights Technology Research: Cyber Security Spending Looks Strong for 2018. Link, PDF

[3] Semantic cybersecurity workforce data (2015).  Link

[4] The Council of Economic Advisers: The Cost of Malicious Cyber Activity to the U.S. Economy (February 2018). Link, PDF

[5] The 2017 Global Information Security Workforce Study: Women in Cybersecurity. Link, PDF

[6] The Economist glass-ceiling index (GCI) is a yearly assessment of where women have the best and worst chances of equal treatment at work in countries in the Organisation for Economic Co-operation and Development (OECD). Link

[7] UN Women is the UN organization dedicated to gender equality and the empowerment of women. Link