There is a massive skills gap in cybersecurity. There is also a massive gender gap. Perhaps solving one can help solve the other.
It’s indisputable that there is a massive talent gap within the cybersecurity industry and it’s only set to get worse. In fact, there is a predicted shortage of 1.8m workers within cybersecurity by 2022.
Cybercrime is becoming more sophisticated all the time and 2018 has already been an intense year in the world of infosec. According to data from Risk Based Security released last month, more than 2,000 publicly announced data breaches occurred, with 2.6bn records exposed along the way.
This data alone is proof that we need far more infosec professionals in the industry to keep up with the level of cyberattacks, and one major gap springs to mind: there aren’t enough women in cybersecurity.
Last week, Kacy Beitel wrote about how she broke into the cybersecurity industry. She pointed out a recent ESG study that showed none of the female millennials and post-millennials surveyed were currently working in cybersecurity and only 7pc were interested in pursuing this field.
So, why are there so few women in cybersecurity? What does that mean for those who are in the industry? What can be done to change the current state of play and bring more women into infosec?
I spoke to Jessica Ortega, a web security research analyst at SiteLock, about her thoughts on the industry. She has spent more than a decade working with websites and web hosting providers. Through self-teaching and on-the-job experience, Ortega was able to move into more technical roles, which piqued her interest in cybersecurity. Over the past few years, she has progressed her current role as a technical writer and product marketing associate.
What first stirred your interest in a career in cybersecurity?
All the way back to childhood, I’ve loved solving puzzles and mysteries. The more I got into diagnosing performance issues on web hosting servers, the more I found that one of the leading causes of server overload was malware on customer websites. Digging in on these issues more closely led me to the realisation that I could potentially combine my love of puzzles and my passion for website hosting into a career in cybersecurity.
Why do you think the number of women in cybersecurity is so low?
The fact that there are so few women in cybersecurity has a couple of different causes. Starting with primary and high-school education, girls and young women are not often encouraged to pursue computer sciences or other STEM degrees or hobbies.
Security knowledge is commonly thought of as a sort of magical superpower held only by a special few ‘hackers’ – a traditionally male stereotype. Plus, if you examine today’s media landscape, there are very few images of women as hackers, software engineers, coders or security analysts.
Additionally, cyber is not currently recognised as a field of study within the traditional education curriculum. There are very few courses, if any, that focus on cyber or related areas at all. This makes it even more challenging for women to find a solid place to begin learning and exploring a career in infosec.
What has your experience been like as a woman working in cybersecurity?
Overall, I’ve been very fortunate to have been surrounded by supportive leaders who have helped me hone my craft. This, combined with my own innate ambition, has made me a formidable force in the cybersecurity field.
However, few of my technical leaders and colleagues have been women, which can make being a woman in the field a unique and lonely experience. While technical skills can be gleaned from any mentor in any field, networking for men is a completely different world than networking for women.
Lacking strong female role models and networking mentors has, at times, made navigating the cybersecurity community difficult and nerve-racking. Without strong women holding leadership and mentoring roles in the security world, I continue to face challenges common to women in tech, such as struggling to be taken seriously as a resource compared to my male counterparts.
Do you think things are changing for women in tech?
The number of women pursuing security and privacy careers is increasing, which is great! However, more needs to be done to encourage girls and young women to pursue STEM and cybersecurity careers in school.
Girls should be encouraged to learn about software development, computer engineering and coding languages. I would also like to see more representation in popular culture for women in cybersecurity roles – more movies featuring lady hackers!
Is there anything you wish you knew earlier on in your career?
I wish someone had told me that the skills necessary to be a security analyst aren’t magical or mysterious. They are accessible to everyone, and the infosec community as a whole is extremely supportive and inclusive of everyone who wants to learn these skills.
I really liked a piece of advice I got while attending Def Con in Las Vegas this year: read a lot, code a little, repeat. The more you read, the more you’ll absorb and be able to apply and retain.
Do you have any productivity tips that get you through your day?
Heavy metal! I know it sounds cliché, but music is my number-one productivity boost. Invest in the music streaming service of your choice and a really good pair of headphones (mine light up) to get you through those long lines of code review.