In an international economy which is becoming increasingly dependent on technology (i.e. Smart Grids, Cryptocurrency, Biometrics), the increased demand for skilled professionals is rapidly exceeding supply. Amidst this general trend, the cybersecurity industry is also suffering a critical gender disparity problem. According to a recent GISWS (Global Information Security Workforce Study) analysis on Women in Cybersecurity, the number of female professionals in the industry has remained stagnant at 11%, despite the global expansion of the cybersecurity industry.
Realizing the value of attaining corporate diversity, achieving gender-equality has been a major focus and discussion topic over the last several years. This has resulted in multiple initiatives designed to increase industry awareness and encourage women to join the cybersecurity profession. These initiatives range from sponsorship programmes (i.e. Raytheon Women’s Information Security Scholarship Program; Rebecca Gurley Bace SWSIS Scholarship) seeking to cultivate the next generation of cyber-ninjas, specialised events (i.e. Ally’s Skill workshop) that raise awareness amongst mid-senior level professionals, expert-panel discussions (i.e. Palo Alto, Black Hat USA) guiding c-level executives, and even a Women in Cyber Security Steering Committee.
Despite these initiatives and the abundance of research available, the statistical stagnation of 11% still comes as a discouraging blow. Especially when viewed against a projected workforce gap of 1.8 million vacant positions by 2022 looming ever closer. Which begs the question, did we miss something?
Rinse and Repeat
The unhelpful yet simple answer is yes. Almost all available investigations tale a ‘rinse and repeat’ approach when identifying the challenges associated with gender diversity in cybersecurity. Cross-examining different research articles ranging from cybersecurity to human resources, common challenges identified include:
- negative work environments (i.e. Chauvinistic Marketing Tactics);
- discrimination (i.e. Tokenism);
- opaque and intimidating recruitment tactics;
- inconsistent or delayed career experiences (i.e. Pay Gap, Delayed Promotions); and
- cross media misrepresentations (i.e. Entertainment, News, and Industry Conferences).
While it is regrettable that such challenges persist, most investigations often neglect to explore associated factors outside of mainstream cybersecurity and business development. This limitation is actually indicated on page 6 of the widely referenced 2017 GISWS report as part of its introduction, questioning whether ‘cultural issues, discrimination, access to education, or a combination thereof are contributing factors’. It is important to stress at this point that it seems that various cultural traditions and outdated gender perspectives remain the greatest impediments to greater diversity and gender equality at the workplace.
Culture, Gender and Technology
According to a YouGov investigation in 2015, which examined the attitudes of 24 countries regarding gender progressiveness, several European countries displayed more progressive attitudes towards gender equality than their American, Asian, and Middle Eastern counterparts (see full poll results). One explanation for such an outcome is that contemporary gender perceptions simply evolved from attitudes historically engrained deep within local cultures.
For example, Sweden displayed the most progressive attitudes towards gender equality. Recent discoveries at a Swedish burial site identified the potential existence of female Viking warriors, although the role of warrior was predominantly perceived as an exclusively male domain in ancient Viking communities that existed across the Fjords, or modern-day Scandinavia. According to Charlotte Hedenstierna-Jonson, the leader of the excavation, ‘the gender roles may have been more fluid…and that…women may have been regarded as socially male…able to assume positions of military leadership’. If her inferences are accurate, it corresponds with the contemporary development of gender neutral schools and the general progressive views towards gender equality in Sweden and other Scandinavian countries such as Norway. Whilst gender issues still regrettably exist, the OECD (Organization for Economic Development) Education at a Glance research revealed greater empowerment of women in STEM (Science, Technology, Mathematics, and Engineering) degrees in these geographical regions. However, if we apply a similar investigatory framework to the Asia-Pacific, we see a slightly – if not vastly – different story.
In comparison to other developed regions, the Asia-Pacific is still suffering from an inherent gender imbalance, attributed to many of the traditional roots of the multiple ethnicities populating the region. According to a report by Channel News Asia, even in countries like Singapore, which possesses a highly international profile, women are still facing multiple challenges when climbing the corporate ladder in the technology industry. This could be a result of ‘sticky cultural factors’, a concept proposed by Dr. Astrid Tuminez, the Regional Affairs Director for South-East Asia at Microsoft, and Philip Brett, president of TBWA\Asia, in their article for The Drum, commemorating International Women’s Day 2017. A similar argument can easily be identified in Mihoko Matsubara’s 2015 article for Palo Alto Networks on the limited number of Japanese women in the tech industry. Her investigations concluded that inherent Japanese traditions regarding ‘confrontation’ can further discourage women from entering the tech industry, let alone undertake leadership positions and becoming role-models for future generations.
Regardless of how globalised an enterprise, regional leaders must learn to work within local cultural paradigms. Only after a degree cultural intelligence is cultivated, can regional leaders begin removing unconscious biasness, improve attitudes and sustainably empower local female talent.
Cultural Intelligence, Diversity and Strategies
Cultural Intelligence or cultural quotient (CQ) is a theory in organizational psychology which posits that it is an essential skill to be able to interpret unfamiliar actions, behaviours and motivational elements in a similar way as a person’s immediate compatriots would. In business, academic and government research, the term is used to represent one’s ability for cross-cultural adaptability. According to Livermore, understanding other cultures can underline workplace cohesiveness through shaping how potential diversity-related barriers are handled, and is especially important in the context of stressful situations. We are briefly reminded that the term ‘culture’ can also refer to a unified identity, such as an industry culture. In the context of diversity, where does CQ fit in within the gender discussion in cybersecurity?
The answer is: In its solutions. According to a Dark Reading article by Jodie Nel, it remains difficult for women to break into both the security or technology sectors. According to the research mentioned earlier, the inherent masculine representation of the field, and accompanying chauvinistic culture, is thought to be the main cause of discouragement amongst women. As such, most solutions and strategies suggested to executives tend revolve around three main objectives:
- Encourage the incoming generation through education and exposure;
- Raise awareness amongst existing staff; and
- Empower existing female professionals to dispel existing misrepresentations.
Most of these solutions inform and have flourished in the various scholarship programmes, discussion panels and workshops mentioned earlier in this article. However, it remains the uncomfortable truth that not all organisations are as progressive, or have the equity for such initiatives. Ergo, they could begin their own path towards better workplace gender-diversity through employing the BCIQ (Business Cultural Intelligence Quotient) developed by IIan Alon, Michele Boulanger, Judith Meyers and Vasyl Taras at the University of North Carolina. The BCIQ framework enables the assessment and measurement of cultural appreciation within a workspace. The scalable nature of BCIQ allows workforce managers at all levels to measure gender diversity trends within their relevant industries. A key benefit of the BCIQ is that is data is generated from observation and direct measurement against a pre-established standard at the company level. Unlike the self-reporting nature of most CQ frameworks, this significantly increases the accuracy.
Progress, not Perfection
Whilst the statistical stagnation of 11% is particularly discouraging in the light of the projected workforce gap of 1.8 million vacant positions by 2022, there have been positive developments in the pursuit for greater gender diversity in the field. In a recent report developed by cybersecurity veteran Caroline Wong titled ‘Women in Cybersecurity: A Progressive Movement’, women are actually thriving in the profession and are feeling valued at their workspace. Whilst her study mostly comprises of female executives with over 5 years’ experience in the field, it still signifies a positive outcome.
Understanding the limited amount of perspectives from women at the entry-level in the cybersecurity industry, a few small interviews were conducted with women aged 22-26 who have just joined the industry less than a year ago. Whilst the abundance of research has stressed the importance of technical demands, it still boils down to supply-and-demand. Once enough STEM professionals exist, coding and other technical skills might just become the next ‘Blue Collar Job’ – according to Wired.
Therefore, one of the respondents believed that with the rapid expansion of the field: ‘there will be more opportunities for women in cyber if a wider range of backgrounds…[as most women] often come from backgrounds such as audit, intelligence, forensics, physical security, and ISMS experience. With the new GDPR legislation I believe the field will need lawyers with cyber competence too’. In the context of the negative landscape portrayed in much contemporary research, this is a very positive response coming from a young professional who feels that opportunities remain plenty.
In this article, the various elements of ‘culture’ were examined. We have explored the correlation between gender perceptions and traditions being passed through history. We examined how inherent ‘sticky cultural factors’ can undermine the effectiveness and confidence of women interested in the technology and cybersecurity sector. We have explored the importance of cultural intelligence and even proposed a highly scalable framework for organizations. Finally, we learned that it is not all negative, and that women in both senior and entry level positions in the industry are feeling optimistic about their place in the industry and the opportunities arising from its expansion.
The takeaway point here is literally ‘Progress, Not Perfection’. The road towards gender equality has been treaded, with many ups and downs and often far too slowly, by other communities, industries and even governments for many decades. In addition, the gender problem is part of a wider diversity issue plaguing the cybersecurity industry on a whole.
Change is happening, however slow it remains. It is with hope that by updating our current initiatives – by accounting for cultural influences at localised levels – that we can increase the efficiency of how solutions are executed. As one of the interviewees mentioned, the cybersecurity sector is rapidly expanding. With the advent of the GDPR and incoming Chinese Cybersecurity law, industries will require more talent from a much broader background to support its technical operations, which will hopefully provide further opportunities to narrow the gender gap.