The InfoSec Institute estimates there is a worldwide staffing shortage of nearly three million in the ranks of cybersecurity professionals, with the number rising to 3.5 million by 2021. Expectations are that the shortage will only get worse driven by rising demand for infosec resources for the foreseeable future.
A 2013 Frost & Sullivan study estimated that women accounted for 10-12% of the global cybersecurity workforce. A 2019 research article from Cybercrime Magazine concluded that women accounted for 20% of the global infosec payroll.
The interesting bit is that everyone in the C-suite, including HR, sees the security staffing shortage and in some ways the solution – women in cybersecurity and technology. So why aren’t the positions being filled and what’s holding back women from taking up the vacancies?
Vicki Batka, senior vice president of sales for APJ at Trellix, warns of an impending burnout facing the cybersecurity field – the folks that are running behind the scenes, ensuring that your organisation is safe and secure.
More important, she called out that present approaches to narrow the gap are not sustainable.
“It’s not enough to just hire and fill the skills shortage gap. We also need to train, enable, and educate people that cybersecurity is an exciting career path. We need to step back and think about the type of work that is being done every single day,” she added.
Some suggest outsourcing or bringing external parties as the answer to the internal skills shortage. What are the benefits of this strategy? What are the possible issues it presents longer term?
Vicki Batka: The challenge with outsourcing cybersecurity is about accountability – who should be held responsible for any leak of data? Who is going to fix it? We hold board members accountable for risk and compliance and therefore, outsourcing can sometimes seem like a risky strategy.
"I think there are benefits to outsourcing some services, but every organisation is different. There are different ways that we can approach this depending on the maturity of your cybersecurity strategy."
Vicki Batka
What should the industry, government and academia do to establish an atmosphere conducive to encouraging women with the right disposition to pursue a career in cybersecurity/security?
Vicki Batka: At Trellix, we talk about how the work we do is soulful – how do we create a path that people want to pursue? One of the things I’ve been doing recently is working with an organization called Tiger Hall, which provides real-time training and learning.
We’ve got to find these learning platforms – we need to work with government agencies, schools, and any STEM programs. It’s our responsibility as an industry to go and make cybersecurity fun to learn and easy to get into.
What would be the most desirable qualities that a woman would want or need to have to build a career in cybersecurity?
Vicki Batka: Naturally, it’s important to have some skills around maths and science. It’s also important to have a mindset around problem-solving, and a fondness for puzzles and games – especially with security as it is very process driven.
Additionally, cybersecurity sits across so much that we do, hence having a willingness to learn and a desire to work in an industry that’s changing and evolving is also important.
Having said that, how can we get more women to be part of this bandwagon?
Vicki Batka: That’s the million-dollar question, right? Because it’s a little bit harder. Again, we need to start early and start educating young girls through STEM programs at school. We also need to have role models in the industry and to dispel facts that you need to look a certain way. It’s important to break down barriers and help women understand that it’s achievable.
For women to take on leadership roles in cybersecurity, what needs to happen? What are the things that organisations need to provide to encourage more women to take up leadership roles?
Vicki Batka: Traditionally, when women look at job descriptions, we look at what skills we lack and what we haven’t achieved. I’ve noticed that men tend to say, “I haven’t done that, but I know I can.” Having the confidence to deliver is important.
We must put our hand up. I want to help my team get to their goals and dreams; hence we need to have a conversation on where they’re at and what steps they can take to get there.
What is your advice for women with aspirations to work in tech and security?
Vicki Batka: I get this question a lot. For women in tech, there are so many roles and opportunities now. You must put yourself out there, but don’t just ask someone for a referral and not be honest or truthful with them.
Be honest about what you’re trying to achieve and see how they can help you. There’s so much information on the internet and it’s important to look and leverage tools like LinkedIn and use your network.
Click on the PodChat player to her Batka elaborate on how organisations can break the cybersecurity glass barrier.
- It is our understanding that leadership across the C-suite recognises the skills shortage. What are they doing about it?
- Is this strategy sustainable?
- Some suggest outsourcing or bringing external parties as the answer to the internal skills shortage.
- What are the benefits of this strategy?
- What are the possible issues it presents longer term?
- Should industry, governments and academia work together to establish an atmosphere conducive for women with the right disposition to pursue a career in cybersecurity/security?
- What are the qualities most desirable on which to build upon a career in cybersecurity/security?
- How can we have more women in cybersecurity? [Where should we start]
- For women to take on leadership roles in cybersecurity, what needs to happen today?
- What is your advice for women with aspirations to work in tech and security?
