FEMALE SKILLS WANTED
Globally, it is estimated[1] that women make up only 24 percent of cyber security experts, a figure matched by an even smaller percentage if we narrow the research to the Italian level, where it is estimated that only one in 10 cyber security professionals is a woman[2].
It is no surprise then that a Bocconi University study ranks Italy 25th out of the 27 European Union countries for gender parity in digital.
And a global finding also comes from the World Economic Forum’s Global Gender Gap Report 2021, which reports that the gender gap is particularly pronounced in areas where highly specialized technical skills are required, such as cloud computing (where only 14 percent of women work), data engineering (20 percent) and Artificial Intelligence (32 percent).
These are all figures that, although slightly increasing year on year, highlight that there is still a long way to go to achieve a more homogeneous representation and benefit from an equally distributed contribution between men and women. And which highlight a strong need to address the issue from the standpoint of cultural change, and overcoming those stereotypes that make technical subjects perceived as the preserve of the male gender only.
This picture is even more critical at this moment in history, when the entire cyber security sector accuses a systemic shortage of professional profiles capable of coping with a veritable explosion in the number of cyber security events, now spread across every sector and organizational dimension.
It is recent news that the Conti gang alone, responsible for most of the ransomware attacks in the last two years, has received transactions of illicit proceeds of more than $2B on its primary Bitcoin address. According to the World Economic Forum’s Global Risk Report 2021, the costs of cybercrimè are expected to exceed $10 trillion by 2025.
Skills are needed, skills are needed in ever-increasing numbers and ever-diminishing time frames, both globally as well as domestically. L’National Cybersecurity Agency estimates that more than 100,000 cyber security experts are needed in Italy over the next three years.
And how many women will be in this issue? And what role will they play?
WHAT INITIATIVES?
There are many initiatives that aim to raise awareness among institutional decision-makers, business organizations, industry communities, and specialized companies about the need to close the gender gap in the world of cyber security, while at the same time offering professional development paths to actually increase the active and conscious participation of women in a field that needs new protagonists and trained resources now more than ever. These are initiatives that also aim to stimulate the social fabric, families, in encouraging the study of cyber security for women as well, for example through mentorship programs.
This is the case of Women4Cyber Italia, the Italian chapter of the European Women4Cyber Foundation established in 2019 within ECSO “European Cyber Security Organization.” The goal of Women4Cyber is precisely to bridge the gender gap of cybersecurity professionals at the European level and to encourage and promote the training, skill enhancement and retraining of women towards cyber, both in STEM disciplines and in disciplines with a humanities focus (psychology, international relations, law, political science).
The initiatives conducted by Women4Cyber include awareness campaigns, sharing of best practices, targeted training and networking activities to foster job placement, institutional activity to represent the demands of its target community to EU institutions, and incentives for national and international partnerships.
Also in the Italian context, we then highlight CyberEquality.IT, the coordinating group formed within the CINI National CyberSecurity Laboratory, whose aim is to bridge the gender gap in Italy by attracting those talents who are commonly not motivated to pursue careers in STEM fields and, in particular, in cyber security. The initiative develops training and mentoring activities, strategies to increase girls’ participation in the CyberChallenge.IT contest, and activities to analyze barriers to broader female gender involvement in cybersecurity, with a particular focus on younger girls.
At the European level, we note the Cercle des Femmes de la CyberSécurité (CEFCYS), a French organization dedicated to women in cybersecurity. It provides education, training, mentoring and awareness programs, publishes reports and white papers, educates recruiters on the gender gap in cybersecurity, and hosts and sponsors events. The organization is for women who work in the cybersecurity field or who wish to pursue a career in cybersecurity. It also welcomes men who want to work to help increase the number of women in the field.
Also in the EU sphere is the periodic focus devoted to the topic by the European Commission through the event Women in cybersecurity 2022, in which women leaders in the field discuss the most contemporary pressing issues, share their success stories, and aim to inspire other women who want to pursue careers in this field.
Certainly important initiative at the international level is WiCys (Women in CyberSecurity). WiCys is a nonprofit organization that aims to bring together women in cybersecurity to share experience and knowledge and provide mentoring and networking opportunities. WiCys serves both women in cybersecurity and companies who can benefit from their expertise and also provides companies with a pipeline of qualified cybersecurity candidates at all levels.
But there are also many more initiatives that have been launched both nationally and internationally, as highlighted moreover in a recent survey “35+ initiatives to get more women into cybersecurity,” a sign that the issue has finally become a topic of global interest and that a shared approach is perhaps finally developing to find solutions that are concretely implementable.
WHAT TO DO IF YOU WANT TO PURSUE A CAREER IN CYBER SECURITY?
To pursue a career in the cyber security world, a first essential point is to be able to refer to professional networks, not only to increase individual opportunities, but also and especially to benefit from shared experiences and opportunities for training and skills development. In this direction, certainly the mentorship programs of organizations that promote inclusion and gender equality are a strong value-added element. They are pathways in which one can be inspired: some women simply love what they do and cannot imagine doing anything else. Conveying this passion is something that goes far beyond simply teaching technical skills or adding a new business contact.
But it is equally important to explore and determine what area you feel you can best express your potential in. Be it risk assessment, threat intelligence, governance, operational security and incident management, security frameworks and standards, communication aspects of cyber security, sociological aspects, user training. Cyber security is a truly cross-cutting area and offers to be declined really on all areas of expertise.
For those who are new to the field, you may consider doing an internship. Very often opportunities can be found online, for remote roles, even part-time. In this case, choosing a company that explicitly and visibly promotes gender equality is certainly an important factor, not only because it may increase your chances of being hired, but also because you will be more likely to find a company culture that welcomes diversity where you work with more motivation.
It is certainly useful then to participate in community events to hone one’s skills, such as:
– Capture the Flag (CTF): competitions in which individuals or teams compete to solve a security problem, such as taking over or defending a computer system.
– Hackathon: hackathons often take place over several days and involve programmers collaborating on software projects on an intensive basis.
– Bug bounty: many companies offer a monetary or other reward to people who discover and disclose vulnerabilities in company systems. For example, Facebook’s bug bounty program offers rewards of up to $40,000. BugCrowd provides an up-to-date list of bug rewards.
Although there is a plethora of information related to women in cyber security, fortunately these days it is relatively easy to keep up with what is happening in the field. Simply by following relevant hashtags on Twitter and LinkedIn, one can stay up-to-date on news, initiatives, events, networking opportunities, job openings and more.
Here are some examples:
#cyberwomen
#womenincyber
#women4cyber
#cybersecuritytraining
#cybercapacitybuilding
#womenincybersecurity
#womenintech
#womeninsecurity
#cybersecurity
#infosecurity
#infosec
#CTF
#hackathon
#bugbounty
CONCLUDING
Before concluding, it is also important to emphasize that the success of any action to promote gender equality in any field should not be perceived as an action that is developed in the women’s circle alone, rather as an undertaking in which the involvement of the male side is necessary.
As mentioned, that of gender equality and the representativeness of the female universe in the world of cybersecurity is an issue that is creating a growing number of interest groups and activities, which are increasingly coordinated and structured.
An issue on which a collective awareness of the international community, and not only of experts in the field, seems to be finally developing.
And it is certainly an issue on which an evolutionary leap is expected in the near future.
But in order to achieve structural results that ensure a solid foundation on which to build broader and more homogeneous inclusion, it is imperative that a concrete path is developed to bring the issue to the attention of institutional decision makers, to make it an integral part of national cyber security strategy documents, starting with the initiatives that will be launched in the context of the NRP.
[1] (ISC)2 Cybersecurity Workforce Study: Women in Cybersecurity, 2021
[2] CyberSec 2022, March 2022, Panel “Future challenges: bridging the gender gap in cybersecurity”