Skip to main content
Information Security

Blog Posts

Women in Information Security

Diversity in the technology industry in necessary to stay a step ahead of cybercrime.

Women make up only 10% of the Information Security workforce. Why are women so underrepresented? What can be done to change that?

       Though the information security profession is growing, it is increasingly unable to meet the demand for workers. Experts estimate that by 2020, there will be a deficit of 1.5 million cybersecurity professionals, which means there is plenty of opportunity and incentive for students to become Information Security professionals today.

        Security threats like the Internet of Things, Bring Your Own Device dynamics in workplaces, advanced cybercrime gangs, and government surveillance are also changing the security landscape. According to Frost and Sullivan’s extensive research on women in Information Security, women have been bringing novel approaches to the field of security. Frost and Sullivan found that women are more likely to believe technical expertise alone is insufficient to resolve complex risk-management problems, value additional skills such as business acumen, and go into governance, risk, and compliance roles, which are becoming more and more important.

Why, then, do women make up only 10% of the Information Security workforce?

       Despite the high demand for InfoSec workers and these new threats, women remain dramatically underrepresented in Information Security professions and are an untapped resource to the security industry. This problem is not unique to Information Security; even in the most diverse tech companies, women make only 17% percent of the technical workforce. Computing culture and workplaces, as well as their portrayal in media, are important contributing factors to this dilemma.

Culture and the Forgotten Female Computer Scientists:

       Many of the pioneers of computer science were women. Ada Lovelace was the first computer programmer, Grace Hopper built the first compiler, and a team of six female mathematicians created programs for ENIAC, one of the first fully electronic general-purpose computers. In fact, programming and operating computers was once seen as women’s work. The number of women in computer science peaked around 1984, when women were earning about 40% of computer science degrees and joining at a higher rate than men. The number then began to fall sharply, briefly leveling around 27% in 2003, then falling again to 17%, where it is today.

       There is no single reason for the decline, but the number of female computer science majors began falling right as personal computers, marketed almost exclusively to men and boys, became common in U.S. homes and we began to define “computer geeks” as male. Steve Henn notes, “Movies like Weird Science, Revenge of the Nerds and War Games all came out in the '80s. And the plot summaries are almost interchangeable: awkward geek boy genius uses tech savvy to triumph over adversity and win the girl.” Families only reinforced the growing gender disparity by buying computers for their sons and not daughters, disadvantaging girls who were expected to already have computer experience by college if they wanted to go into the field. This cultural shift associated Silicon Valley with young, white, antisocial male computer protégés like the portrayal of Mark Zuckerberg in The Social Network or Caleb, the nerdy programmer protagonist of the recent artificial intelligence thriller Ex Machina. These stereotypes are applied just as much, if not more so, to information security and hacking.

       Despite the recent push to restore access to computer science to girls through diversity initiatives in the industry and programs like Girls Who Code, She++, Girl Develop It, and Black Girls Code, a new trend of “frat house culture” in computer engineering workplaces also threatens diversity in tech. If Caleb embodied one techie stereotype in Ex Machina, the laid-back, heavy-drinking, weight-lifting villain, Nathan, is his new, menacing brogrammer counterpart. Examples of “brogramming” culture are easy to find; discussing attention from tech industry recruiters, programmer Danilo Stern-Sapad said, “We got invited to a party in Malibu where there were naked women in the hot tub. We’re the cool programmers.” At a Stanford career fair, social networking startup Klout posted a poster that read, “Want to bro down and crush code? Klout is hiring.” One ex-software engineer at Tumblr posted on GlassDoor, “brogramming is real and Tumblr exemplifies it,” and another female ex-developer and designer at GitHub compared the workplace culture to Lord of the Flies.

       MIT Professor Sherry Turkle writes, “Women look at computers and see more than machines. They see the culture that has grown up around them and they ask themselves if they belong.” When women hear stories of exclusion and harassment in computing workplaces, internalize the narrative of computing as male, and don’t receive the same encouragement to pursue a STEM (science, technology, engineering, or mathematics) career as their male peers, the answer is often no, they don’t belong. In addition, women are more likely to undervalue their achievements while men overvalue theirs, which makes them unlikely to respond to ads for “coding ninjas” or participate in hackathons. While some see brogramming as a joke and media tropes as harmless, sexism in a male-dominated industry and exclusivity in a culture that already alienates women are dangerous and have very real effects.

What can be done?

A lot can be done, and is already being done, to encourage more women to enter Information Security and Computer Science.

  • Early Education and Encouragement: Most women in InfoSec interviewed by Info Security Magazine agreed that encouraging girls to pursue a technical career is important and must occur during the formative years of education. Julie Peeler, director of the (ISC)2 Foundation, said that her organization has found that subtle cues sent to girls in middle school by parents, teachers, and peers can shift their interest away from STEM subjects. Non-profit organizations that teach girls to code, the Obama Administration’s STEM program, and easy to use pseudocoding platforms like Scratch are key parts of starting girls’ interest in coding early.
  • Mentorship: A third of Info Security Magazine’s interviewees said that their advice to women starting in information security is to get a good mentor. Their responses about who in the industry inspires them also indicates a need for female role models. Conferences like The Executive Women’s Forum and Women in CyberSecurity aim to facilitate these relationships.
  • Changing Computing in the Media: To get more girls interested in computer science and information security, we need to change the media narrative around what a coder looks like and who can be successful in computer science. Ian Glover, president of the Council of Registered Ethical Security Testers (CREST), agrees. “The media provides a stereotypical view of the type of people that work in the industry. If we are going to appeal to a wider audience, not just women, we need to provide evidence to contradict the stereotypical views. We need to be conscious of the language we use that unintentionally has a male bias and need to take expert advice to ensure that the material we develop and the presentations we make are gender neutral.” 
  • Adapting Education and Expanding Ways to Participate: Carnegie Mellon University was recently able to boost the enrollment of women in their computer science major to 40%. Lenore Blum, a CMU computer science professor who has been working to increase the number of women in CS since the 1970s, says “Women need the same things that have always been available to men — mentors, networks and role models, as well as friends who are also computer science majors.” Blum stresses that they haven’t changed their curriculum to cater to people’s perceptions of what is more interesting to girls, just provide a support structure that men already have. Carnegie Mellon’s push to get more women interested in computer science included making sure girls were represented in recruiting materials, giving women formal support and mentorship programs, removing the requirement of prior coding experience, and offering several beginning classes for different experience levels. Other initiatives outside CMU have involved making hackathons and other events more accessible to beginners and giving girls opportunities to work on coding projects with other girls. 
  • Eliminating Gender Bias in Industry: The women interviewed by Info Security Magazine almost unanimously agreed that working in Information Security as a woman meant having to“rigorously and thoroughly” prove their competence to their male coworkers, while it was generally assumed that the men were competent until proven otherwise. Of course, gender discrimination is not unique to tech workplaces, but real discrimination can couple with media messages and other forms of discouragement to make Information Security much less appealing to women.
  • Restructuring Part Time, Flexible Hours, and Maternity Policy: Alisha Dattani, who launched TangibleQL, said she knows “many women who enjoyed high-earning careers in information security. They had a child, went part-time and tried to carry on, but their roles had been subtly altered to ensure that they no longer had the decision-making clout that they used to.” She started TangibleQL to offer women flexibility they need and allow them to pursue senior roles after having children.

       Women have always been interested in computer science. We do not need to adapt curriculums to “the female brain” or cook up special coding projects that will interest women (as IBM learned through the backlash to their “Hack a Hairdryer” campaign that aimed to interest women in STEM by applying it to a hairdryer.) Instead, focusing on giving women support structures, encouraging them to consider computer science as we do their male counterparts, and eliminate the gender biases in our media and institutions will boost the representation of women in tech and keep the security industry a step ahead of cybercrime.

Sources and More Information

Despite the need for Information Security Professionals, women remain dramatically underrepresented in Cyber Security. We must boost the diversity of the technology industry to stay a step ahead of cybercrime.