Over the past 30 years of being in information technology and security, it has always been obvious that there is a huge need for diversity in this field. It’s a common topic that comes up often, especially in security circles. Just a few weeks ago, there was a special Black Hat panel session dedicated solely to addressing this topic: “Beyond the Gender Gap: Empowering Women in Security.” Also, certification body (ISC)2 reports that just 10 percent of information security professionals worldwide are women.
While this is an upsetting statistic to many, and I do agree that we need more women in the workforce, I firmly believe that we need to consider an even more pressing issue that I hear time and time again when I’m meeting with CISOs all over the globe: we simply do not have enough skilled security professionals to meet the need right now. (ISC)2’s latest global workforce study, sponsored by Frost & Sullivan, finds that the shortage of security professionals will reach 1.5 million within five years. That’s a startling number, and why I believe that employing qualified, skilled IT security professionals—both women and men—should be the priority.
So, how do we build the next generation of cyber warriors, both men and women?
First, we need to encourage kids to study Science, Technology, Engineering, and Mathematics (STEM) at a young age so that they will be interested in pursuing more technical degrees and certifications later on. Most high schools are offering basic computer classes, and colleges all over the globe have courses in computer science and cyber security. And even if you don’t go to college, there are great certifications and workshops you can take to obtain and learn the skills yourself. Trust me, I’ve hired a lot of security professionals over the years and the main thing I always look for is actual, real-world, hands-on experience.
We also can help lead the way by setting a good example and showing kids and teens that they can have successful and rewarding careers in IT security. In my own career, I started at the IT helpdesk and was able to work my way up the ladder into holding several leadership positions at major corporations and now Venafi. Also, security pays well! IT security professionals, on average, make $90,000 or more a year! And there’s a lot of job security in security—companies are always hiring and looking to fill jobs quickly.
As you can imagine, I have managed many security teams during the course of my career so I’m very passionate about sharing my own insights into how to grow and build successful careers and teams in IT security. In fact, I’m actually presenting on October 12 at 3pm CT at the ISSA International conference on “Diversified IT: Why the Security Workforce Needs Qualified Women...and Men.” If you’re there, definitely stop by my session!
While these are just a few of my thoughts, there are probably many more things that we can be doing to build up the security workforce to meet the demand. I just hope that over time, we do start to see the tables turn with a more diversified and skilled workforce. This is definitely a fight we can’t win alone!