Our parent organization, UMSA, recently presented a webinar on how to improve information security awareness programs. The focus of the webinar was in changing human behavior. Although it’s often neglected, basic human behavior has a huge effect on how secure any given organization can be. The webinar focused on educating employees and communicating effectively, both skills that women tend to value. Unfortunately, when it comes to the information security industry, women are severely underrepresented.
A recent study revealed that only 11 percent of information security professionals are women. When you consider that the U.S. labor force is 46.9 percent female, that 11 percent for the infosec industry seems even more dismal.
Why infosec needs women
It’s no secret that the information security industry is not keeping up with cyber criminals. New high-profile data breaches are being revealed every day. Teenagers are hacking ATMs on their lunch breaks. The industry needs to evolve faster to keep up, and for that to happen, it needs to diversify. A great place to start would be with women.
Women bring a different skill set
In the Agents of Change: Women in the Information Security Profession report released recently, shows that women in security have a more divers background than men. Women’s background has a bigger focus on social sciences and less on education traditionally associated with the information security industry like computer and information sciences.
Further, women have a different perspective on the skills that are important for successful information security. Women put a greater emphasis on the importance communication, broad understanding of security, awareness of the latest threats, policy formulation, leadership and management skills. They put less emphasis on technical knowledge than do their male counterparts.
Technical knowledge is still important
We are not suggesting that technical knowledge is no longer as important as it once was in information security. But we are saying that it’s not the only, and possibly not the most, important skill. To successfully combat cybercriminals today, information security professionals need to be able to effectively educate and communicate as well as solve technical problems.
The security industry is one of the fastest growing industries worldwide. There certainly is room for women. So where are they all? The information security industry needs to evolve, to do that, it needs more diversity. Women could bring that diversity to the industry along with a different understand of skills and tools to combat cybercrime.
What can we do to attract more women to the information security profession?
Couldn’t agree more. Women bring a different psychology to the task and we as an industry would benefit from new approaches and strategies.