What do you think of when you think of October? Most likely it’s candy, monsters, ghosts, and haunted houses. But what about cyber awareness? In 2004, the Department of Homeland Security designated October as “National Cyber Security Awareness Month” in an attempt to encourage Americans to protect themselves and their identities online. And, while perhaps not the embodiment of the “boogeyman,” frequent cybercrime and cyberattacks are becoming an increasingly frightening reality, as cybercriminals and foreign governments alike shift online in order to further their interests.
The United States and other developed countries find themselves particularly vulnerable to cyberattacks due to an immense reliance on communication technologies for everyday life. This is even more important now, because with more people working from home due to concerns about COVID-19, the level of cybercrime has drastically increased. Indeed, the annual Homeland Threat Assessment has identified cyber threats to be the greatest menace to the continued security of the country.
In light of this, the White House has published its National Cyber Strategy outlining the necessary steps to “Promote American Prosperity” by preserving US cyberspace capabilities. As part of this strategy, the United States has called for the development of a superior and “highly skilled cybersecurity workforce.” However, despite improvements in recent years, the pool of skilled cybersecurity professionals is marked by a visible and pervasive lack of women. Between 2013 and 2020, the number of female cybersecurity professionals rose from a mere 11 percent to, by some estimates, slightly more than 24 percent (depending on how the group defines a cybersecurity position, this number can be slightly higher or lower). While certainly an improvement, increasing the percentage of women in cybersecurity would drastically improve the ability of the United States to develop its cybersecurity workforce and aid in its cyber-preparedness. These numbers show women as an underdeveloped source of skill – and one that is desperately needed, with an estimated 1 million cybersecurity jobs going unfilled in the US by the year 2022.
These unfilled positions have translated to less secure and more vulnerable American companies. The Council of Economic Advisers reported in 2018 that the economic cost to US companies was between $57 billion and $109 billion in 2016 alone. Internationally, some experts estimate that cybercrime will cost the world $6 trillion by 2021.
With this in mind, greater inclusion of women as cybersecurity professionals must become part of the United States’ approach to “Defense in Depth.” Defense in Depth (DiD) is defined as “an approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information. If one mechanism fails, another steps up immediately to thwart an attack. This multi-layered approach with intentional redundancies increases the security of a system as a whole and addresses many different attack vectors”.
In this case, greater inclusion of women in cybersecurity means a greater talent pool of skills, experiences, and opinions can be brought to bear on attackers – part of the defensive response to “many different attack vectors.” As shown by the Global Information Security Workforce Subreport, the skill sets and backgrounds of women who are currently working in cybersecurity are already more varied than their male counterparts. Women are more likely to possess degrees outside of majors traditionally associated with cybersecurity (computer science, information science, engineering, etc.), and they outnumber male coworkers in areas such as business, social sciences, mathematics, biological and biomedical sciences, communications and journalism.
So why are there so few women in cybersecurity? Perception. STEM and technical fields are historically depicted as being masculine professions – a stereotype that pervades even the earliest levels of education. One study found that, when asked to draw a scientist, children overwhelmingly depicted them as male. Girls were twice as likely to draw a male scientist as they were to depict a female one, and boys almost exclusively depicted men in those roles. These perceptions are further entrenched when women who do choose to enter a STEM profession find themselves to be one of the only (if not the only) female in a room full of men. “At the end of the day,” says Rose Elliott, senior director of product engineering of Tenable.io, “the only way to change the industry is for more women to get in and break down those barriers.”
I implore those of you who even remotely have interest, to consider cybersecurity as your future profession. You are wanted, and you are desperately needed to help create a safer world – both online and off. And, in taking those brave first steps into this field, you will be paving the path for future female professionals in normalizing the presence of women in cybersecurity. Remember, you are not alone! Below, I’ve included some resources to help get you started in cybersecurity:
- https://www.cybher.org/ – CybHER: provides resources for women and girls, from middle school through college and into professional careers, with the goal of empowering, motivating, educating, and changing the perception of girls and women in cybersecurity. Its most notable project is GenCyber Girls in CybHER Security Camp — supported by the NSA and the largest girls-only residential camp in the country.
- https://www.dianainitiative.org/ – The Diana Initiative is a non-profit corporation that encourages diversity and supports women who want to pursue a career in information security. The initiative also provides scholarships to three students for its annual conference.
- https://www.ewf-usa.com/default.aspx – The Executive Women’s Forum (EWF) on Information Security, Risk Management & Privacy has engaged over 10,000 women since 2002. The EWF provides education, mentorship and leadership development programs for women at every level of their career as well as a National Conference attended by over 500 emerging and accomplished leaders. The EWF partners with over 700 world-class Corporate Benefactors to achieve their mission.
- https://www.girls4tech.com/ – GIRLS4TECH: an educational program created by Mastercard to inspire young girls to pursue STEM careers through a fun, engaging curriculum that includes topics such as encryption, biometrics, fraud detection, and detective work — all skills needed for cybersecurity.
*Resources and descriptions courtesy of Cybercrime Magazine – a fantastic resource for those interested in all things Cyber. For more information please visit https://cybersecurityventures.com/.