Despite the growing threat and success of cyberattacks on government and commercial sites, the information community around the world is failing to recruit talented women with the expertise to create a tougher information security wall, a new report says.

The 2015 global report, “Women in Security: Wisely Positioned for the Future of InfoSec,” by (ISC)² and Booz Allen Hamilton, outlines the lack of diversity in the information security workforce that could be the answer to combatting a growing crisis in the changing landscape of information security.

Women are more likely to be in traditional jobs – more than a quarter of them – 27 percent are human resources directors, says the report which surveyed 14,000 global professionals.

The report urgently calls for better recruiting and salary incentives to attract qualified women to information security jobs.

“The information security field is expected to see a deficit of 1.5 million professionals by 2020 if we don’t take proactive measures to close the gap,” says (ISC)² CEO David Shearer. “Knowing this, it is rather frustrating to realize that we do not have more women working in the industry. Only 10 percent of information security professionals are women, and that needs to change. Through collaboration, research and partnerships, (ISC)² is committed to empowering underrepresented minority groups in the industry, such as women, who bring skill sets that are critical to this industry’s future growth.”


There are a number of reasons that may contribute to the lack of women in the IT workforce, according to the National Initiative for Cybersecurity Careers and Studies (NICCS).

That includes a lack of educational focus on and interest in Science, Technology, Engineering, and Math (STEM) fields which develop young women into the experts needed for a career in IT and cybersecurity.

“The lack of women in IT and cybersecurity represents a failure to capitalize on the benefits of diverse perspectives: in a world dependent on innovation, diversity can bring the best and brightest problem-solvers to the table; and at a time when technology drives economic growth, it can yield a larger and more competitive workforce,” NICCS says.

However, there is some good news in the (ISC)² report:

Although women represent only 10 percent of the overall number of women in information security, they are represented at 20 percent in the governance, risk and compliance (GRC) jobs in information security. While 1 in 5 women are in these roles, they outpace men in this increasingly important position – only 1 in 8 men are in these roles.

Key findings in the report:

  • GRC is one of the fasting growing information security roles where women tend to dominate.
  • Women possess key character traits that enable them to succeed in GRC roles.
  • The percentage of women with either a Master’s or Doctorate degree are strong, with 58 percent of women having advanced degrees versus 47 percent of men.
  • In the GRC subgroup of respondents, women’s average annual salary was 4.7 percent less than men. Interesting to point out is the difference men and women place on the importance of monetary compensation. Men value monetary compensation slightly over women who look for other incentives from their employers (i.e. flexible schedules).
  • Women are more progressive in their views on training methods. Offering increased accessibility and wider diversity of information security training opportunities may prove to be increasingly valuable in retention and in elevating professionals’ readiness to succeed in new roles.
  • Women also are becoming as prominent as men in academic majors in computer science and engineering, not just technical skills, the report says. Women surveyed stressed the need to look beyond technical skills in hiring,

“Technical skills alone are insufficient in resolving the complex risk management dilemmas leaders in InfoSec confront now and in the future, it adds.

“The InfoSec profession is changing with the times, it must. Women who have chosen InfoSec as a career recognize that change is needed,” the report says. And that includes more flexible work schedules for women with children.

The report also urges information security community to grow the community of women qualified for information security roles. That includes supporting cybersecurity education in primary schools, offering internships, pairing new InfoSec hires with mentors.

“The Internet of Things brings great opportunity and connectivity, but it also adds to the complexity of the cyber threat,” saysAngela Messer, the executive vice president leading Booz Allen’s predictive intelligence business in the firm’s Strategic Innovation Group. “The adaptive nature of cyber threats demands a talent management strategy that will broaden the skillsets and knowledge of the information security profession. We must demonstrate to young women thinking about entering the industry the many opportunities that await them and reinforce for those currently working in cybersecurity that they have bright futures ahead.”

“I find the results of the research heartening, in the sense that we are starting to see a full career progression for information security professionals,” says Allison Miller, product manager at Google and member of the (ISC)² Board of Directors. “We’ve moved past the stage where people say ‘you do what for a living?’ and have matured into an industry that needs and demands more diverse skillsets, and more sophisticated differentiation of roles. What the numbers say is that the industry needs more talent.”

Read More About
More Topics
Judi Hasson