In light of the recent repugnant comments from an engineer of the world’s preeminent search engine provider, it seems appropriate to use this vitriol as an opportunity to set the record straight. The engineer’s diatribe not only revealed a deep-seeded personal resentment of women but brought attention to an overall misconception of the pervasiveness of woman in the IT field.
The reality is, women working in IT is on a decline. Deloitte Global analysis in 2016 called out an alarming statistic – women graduating with an IT degree in 2015 was a mere 18 percent, down from 37 percent three decades earlier. That’s either a marked increase in the number of men or a concerning decrease of women interested in the field. Worse yet, in the rapidly expanding IT subset of cyber security, the number of women has remained stagnant at a whopping 11 percent of the workforce since 2013.
The Cyber Security Equation
What the manifesto characterized as an attempt at social engineering couldn’t be further from the truth. The industry is challenged as a whole in terms of encouraging women to enter, but there are qualities they can uniquely bring to the equation that can be capitalized upon. In fact, most of the attributes being criticized in the engineer’s tirade on diversity are actually for cyber security.
The sparse number of women entering cyber is particularly concerning considering constant media attention about the large amount of open jobs in the sector. The number of unfilled positions currently hovers around 1.5 million, with ISACA (Information Systems Audit and Control Association) estimating the number of vacancies to reach two million by 2019. ISACA also found that 55 percent of open cyber positions take at least three months to fill, 32 percent at six months, with 27 percent unable to fill the positions whatsoever. This means that Security Operations Centers (SOC) are running and operating shorthanded. As SOCs are the first-line of cyber defense for most companies, understaffing leaves the organization vulnerable to suffering a delayed response to attacks or missing attacks entirely.
Given the lack of skilled personnel in cyber security, companies are increasingly making the choice to fill the positions using uncommon methods. Some are taking a chance on moving unqualified, but otherwise high-performing candidates from other areas and departments into the vacant cyber roles. If done correctly, this can prove a great benefit to both the company, that no longer has to endure understaffed shifts, and the employee, who will acquire a new and highly sought-after skillset. The benefits are apparent since the employee will already have familiarity with company policies, tools, departments and personnel. If the right candidate is selected, it usually doesn’t take long for the new transfer to begin performing basic analysis under the tutelage and oversight of senior cyber analysts.
Another way companies are filling vacant cyber positions is by scouting for and hiring non-traditional candidates to fill roles. Whereas companies once set a minimum amount of cyber or SOC experience to even be considered for an analyst position, many companies are choosing to take a chance on applicants with non-traditional backgrounds. Network administrators, IT helpdesk and support personnel, summer interns, veterinary and nursing assistants, archiving personnel, psychology majors and more. A resume from an unrelated field can highlight personal initiative, adaptiveness, value of improving processes, importance of team, and many more traits if a prospective employer takes a closer look.
Opportunity for Women
All of this leads to a promising conclusion. One of the added benefits to hiring untraditional candidates is the establishment of a new stream of women into the field. Generally, women often want the comradery and support that comes with being a part of something bigger than themselves. They want to be able to use skills that are not traditionally associated with IT, such as communication, organization, and people skills. These skills aren’t typically emphasized in the industry, but are tremendously valuable nonetheless.
SOCs are leading the way in the departure from the typical IT mindset. They are emphasizing the unified group based on the value of the team as a whole, rather than rewarding individuals, and as well they should. When a company is breached, those at the top are not going to care who was on shift when the breach took place. Protection of a company, either small or worldwide enterprise, requires a herculean group effort. In an industry known for lone wolves and uber-geeks, forming foundations built on teamwork and collaboration towards a singular goal is probably just what the industry needs to start attracting more women.
When companies find the right candidates that possess the aptitude to learn and quickly adjust to their new surroundings, the results to untraditional hires or transfers are often astounding. Not only is it rare that they disappoint in their new position, but few fail to rapidly advance their skills to where they are able to move beyond the original position.
From my observations, promotions to shift lead or even to management positions within two to three years isn’t unusual for employees hired or transferred from outside of cyber security. The primary indicator of performance and outcome post-transition is usually personality of the hire. Did they have the right temperament for the job? Was the personality that of a tinkerer, a life-long learner, someone who would not only figure things out on their own but would work to continually improve and grow? Would they not only learn the processes and procedures but continually question the status quo and keep improving the team?
Marissa Mayer once said “Find something you’re passionate about and just love. Passion is really gender-neutralizing.” Not all women will be attracted to IT as a whole, but getting women passionate about protecting the world from wrongdoers, one network at a time? Well, that’s not quite as difficult. Once they find a passion, women are just as dedicated if not more-so than their male counterparts. Give women a solid team to work with, a friendly environment to work in, and a goal to work towards, the team will be unstoppable!
The reality is the IT industry truly does have an issue with a lack of diversity, particularly females. There will undoubtedly be ongoing challenges that must be addressed constructively and dealt with in a manner that is good for both employee and employer. Fortunately, there are subsets of IT that are particularly suited for women that should be embraced and capitalized upon. Cyber security is one example of this. It needs unique, non-conventional thinking to learn and adapt to the evolving sophisticated threats currently plaguing the globe across all industries. Women should be encouraged to pursue this and other endeavors to the benefit of not only the IT industry but society as a whole.
Let’s all step back and use this incident as a trigger point to remedy glaring problems – a scourge of cyber attacks and a lack of participation of women in IT. This could be a winning proposition!