Hackers are more sophisticated than ever and hacks are happening with more frequency and severity, meaning more people are needed to work in the cybersecurity space. Christine Gadsby, VP Product Security Operations, BlackBerry, discusses the three fundamental reasons why women should reskill to work in cybersecurity and how business leaders should be supporting women in understanding their value to make it to the C-suite.
As women, from a young age, being technically savvy or interested in maths, science, or business wasn’t celebrated. You were ‘cool’ and ‘popular’ if you had great hair or nice jeans, not if you wanted to code software. If the tech industry could go back in time, would it celebrate more complex subjects like we do now with the ‘STEM’ movement? Yes, of course – but that’s not going to fill industry gaps in the fight on cybercrime.
According to an (ISC)² study, women make up roughly a quarter of the overall cybersecurity workforce. We’ve come a long way over the last decade (women made up about 10% of cybersecurity jobs in 2013), but we know the industry needs to work towards greater diversity.
Addressing the gender gap starts with sparking interest at a young age. We can also get creative with our most passionate and loyal current employees and realise not every cybersecurity role is a ‘special snowflake’. There are many open roles that call for in-depth skills that have been honed and developed over time. What about all the roles that don’t?
Here’s the secret: not everyone who works in cybersecurity needs to be a cybersecurity expert. At least not straight away. Cybersecurity expertise can be taught or learned. So, one way to get closer to bridging the talent gap is to reskill talent in other professions.
Here are three reasons why women should consider reskilling to work in cybersecurity:
1. Cybersecurity professionals are in high demand
There are millions of unfilled cybersecurity positions around the world and simply not enough cybersecurity experts on the global market to effectively do the work that needs to be done to manage growing cyber-risks. An (ISC)² study says there’s a global cybersecurity workforce of 4.7 million, but the gap is almost as big as 3.4 million; and according to research by Gartner, a growing number of enterprises feel the availability of talent is the biggest challenge to emerging technology adoption.
Cybercriminals are relentless and putting every organisation at risk. It’s not a matter of if you’ll be attacked, but when. Hackers are more sophisticated in their attacks and hacks are happening with more frequency and severity. State actors will be more brazen by attacking critical infrastructure – such as our pipelines, food supply chain, IT infrastructure, healthcare systems, water and energy grids. State actors and corporations are collaborating and even outsourcing their espionage tactics to ‘hack-for-hire’ companies.
No industry is more secure than others when it comes to cyberattacks. Cybercriminals are going after organisations in every sector – no matter how big or small – and many of these companies are unprepared and short-handed.
It’s no surprise data-focused and security-related positions are among the most in-demand jobs and knowing your role is critical to a company’s success can come with a great sense of pride.
2. You don’t have to go back to school
I got a degree in Information Technology and Business Management and ended up being exposed to cybersecurity ‘by accident’ while working in a different role in IT. I fell in love with cybersecurity and have never looked back. Now I can’t imagine doing anything else.
People with a similar background in IT, engineering, maths, or physics may have the aptitude and skills to excel as a cybersecurity professional, even if they don’t have a formal education or experience in this space. Some jobs suitable for reskilling for cybersecurity include IT pros, such as network engineers or systems administrators, as they may have the skills and foundational knowledge needed to transition. Software developers with experience in programming languages can reskill for cybersecurity roles such as security software developer or incident response analyst. Others in auditing or law enforcement can reskill for roles such as information security manager, incident response analyst or cybercrime investigator.
Typically, cybersecurity applicants should be familiar with security best practices and industry compliance regulations – but you can learn all of this. While some parts of the business you should be knowledgeable and experienced with security technologies, such as firewalls and encryption, and have experience with programming languages, other parts of the business, like supporting functions, are more easily trained. For example, take technical writers or customer service representatives. Women can be trained in many of these roles if they have good experience outside cybersecurity.
Soft skills also shouldn’t be overlooked. A candidate can have plenty of credentials that look good on paper, but strong critical thinking, analytical and problem-solving skills are the superpowers that make the best cybersecurity pros stand out. This instinct helps security leaders identify and mitigate security risks. Thinking out-of-the-box is also key. Creativity, curiosity and the ability to come up with new solutions are critical in a constantly evolving field. Strong communication skills are also important because cybersecurity roles involve collaboration with other departments.
Employers also have a role to play by rethinking the job requirements list and where they look for candidates. Go beyond the online job boards and consider someone with a different educational background that can be reskilled or trained where skillsets overlap with cybersecurity.
3. There are opportunities for growth and making a difference
As a woman who’s worked in the tech and security space for nearly 20 years, I believe in actively supporting other women in this industry. I’ve mentored many team members and students over the years across many functions. Women want to succeed professionally. We also want to make a social impact and inspire others.
I created The Leadership Bench Program within my organisation to support aspiring leaders by challenging them with stretch goals that develop their leadership abilities. The majority (90%) of candidates in this programme have been women or visible minorities. Through programmes like this, we can encourage women by giving them opportunities to be exposed to the many areas of security that align with their passions.
Executive levels are still sparsely populated by women, but we’ve achieved so much over the past few years. Let’s keep going. Cybersecurity needs women. The more we encourage women to get into this space, the more talent we’ll attract. We need schools to push these career options, we need organisations to commit to train and we need to rethink how we market jobs. By supporting women and showcasing their success stories, we’re empowering more women to know their value, break through glass ceilings, secure board seats, get to the C-suite – and never look back.