Cybersecurity

Gender Diversity Can Aid Cybersecurity: CISO Panel Suggests Keys to Greater Female Participation

Scott LaliberteTricia Wagner
February 11, 2020
5 min read

It’s no secret that the current skills shortage is especially acute in the area of cybersecurity. A 2018 study by the International Information System Security Certification Consortium, or (ISC)², reported a shortage of nearly 3 million cybersecurity professionals globally, including a gap of roughly 500,000 trained staff in North America alone. And CIO/CTO respondents to Protiviti’s latest Top Risks survey identified succession challenges and the ability to attract and retain top talent their second top risk overall, right after economic concerns.

The shortage not only creates greater vulnerability for IT systems, but it also puts current cybersecurity personnel under increased pressure and leads to job stress and dissatisfaction, according to the report.

Closing that talent gap was one of the main topics of a Women Leaders in Cyber Security panel in mid-December that we attended (Scott as moderator and Trish as attendee). The panel was held under the aegis of the Delaware chapter of the Information Systems Security Association. Some of the suggestions made by the panelists we anticipated, such as raising the proportion of female professionals, who account for only 24% of the cybersecurity workforce, according to (ISC)². Other comments, however, were eye openers, such as how to attract more women to the field and the overall value of gender diversity.

Among the biggest surprises: Only two of the panelists started their career with a technical background, and yet all of them found success as female cyber leaders. The one trait they had in common was that they excel in translating security problems into business terms, which they believe is the key to their success.

Their experience should be instructive to IT executives going forward, according to Donna Ross, senior vice president and chief information security officer (CISO) at Radian Group.

Value of Diversity

“Cyber needs diversity,” Ross said. “When you are in the war room, you need diverse ideas, and diversity comes in many different types — gender is just one of them.”

Ross’ use of the war room metaphor has a basis in fact. A study produced by the U.S. military, “Women in Battle: What Women Bring to the Fight,” found that the overall intelligence of a combat group increases as the proportion of women rises. Protiviti has compiled similar research and identified the gender imbalance in the technical fields as an emerging risk.

Gender Imbalance in the STEM Fields: A Growing Concern

Diversity should trump technical experience, according to Kelly Uhrich, senior vice president and deputy CISO of KeyBank. Uhrich was one of the panelists with previous technical skills. Despite her capabilities, she had to apply for a lower-level position to get into IT security.

Companies should consider widening the aperture of candidates by focusing on sourcing for foundational competencies they are looking for, such as critical thinking, communication skills, leadership and business acumen and then training up for specific skills, according to Uhrich. Diversity needs to be at the forefront of these efforts.

“Organizations put up artificial walls and barriers,” she said. “They should look at their job descriptions and ask themselves, ‘Have we made it too difficult to source good candidates by artificially inflating the requirements to fulfill the job?’”

More than that, women need to be encouraged to take the leap of pursuing a new professional area, according to Nancy Hunter, vice president and CISO of the Federal Reserve Bank of Philadelphia, who came from a programming background.

“Many women will not apply for a position unless they meet 95% of the qualifications,” she said. “By contrast, men tend not to wait. They get the interview and the job.”

Hunter’s advice to students and new hires is instructive: “You may be the only woman in the room. Remember: You have earned the right — step up and sit at the table. If you are at the table, you have the right to give your opinion — you have been invited to give your opinion.”

Culture Is Important

Even if a woman lands a job in cybersecurity, it is only the beginning of the process, noted Tammy Klotz, director of information security at Versum Materials, a subsidiary of Merck KGaA. For female cyber workers to thrive, the company culture must be inclusive.

“Look at the language used in meetings,” she said. “Is it confrontational? It shouldn’t be. You want your culture to be accepting and supportive. The tone starts at the top, and it should support both men and women in taking risks.”

For their part, women can help their own cause. Ellen Rinaldi, retired chief security officer and CISO of the Vanguard Group, urged women to “pursue a certification and do the homework” and to be more social in every venue of the workplace. “Often, women will sit in the back of the room and wait to be called on,” Rinaldi observed. “But they must learn how to introduce themselves, how to have two or three questions at the ready to work a room. Even if it doesn’t come naturally, they can learn to be part of the conversation. It’s such a valuable tool.”

This blog is also available on The Protiviti View.

Scott Laliberte

Global Lead
Emerging Technology Solutions

View all posts

Tricia Wagner

Associate Director
Security and Privacy

View all posts

You may also like

Subscribe to Topics

Protiviti Technology Follow

Protiviti leverages emerging technologies to innovate, while helping organizations transform and succeed by focusing on business value.

ProtivitiTech
protivititech Protiviti Technology @protivititech ·
18 Apr

Learn more about what GRC Managed Service is and what it can do for SAP S/4HANA and SAP cloud solutions in the latest #SAP Blog post. https://ow.ly/OMaL50RfsHw #ProtivitiTech

Reply on Twitter 1781035159438954997 Retweet on Twitter 1781035159438954997 Like on Twitter 1781035159438954997 Twitter 1781035159438954997
protivititech Protiviti Technology @protivititech ·
17 Apr

Protiviti is a proud sponsor of ServiceNow Knowledge 2024—a three-day conference all about #AI. Stop by our booth (#2503) to visit with our team and learn how the #ServiceNow platform makes business transformation possible. https://ow.ly/qa6p50Rh9wf

Reply on Twitter 1780627914964308382 Retweet on Twitter 1780627914964308382 Like on Twitter 1780627914964308382 Twitter 1780627914964308382
protivititech Protiviti Technology @protivititech ·
16 Apr

What is #DesignThinking? Could it help your organization? Find out how Protiviti uses it to help clients build net new applications and modernize legacy systems. https://ow.ly/fMK550Rfsoi #ProtivitiTech

Reply on Twitter 1780204913663873376 Retweet on Twitter 1780204913663873376 Like on Twitter 1780204913663873376 Twitter 1780204913663873376
protivititech Protiviti Technology @protivititech ·
15 Apr

Join our May 2 webinar designed for privacy and security professionals seeking to navigate the intricate nuances of data governance within the ever-evolving global regulatory landscape. Register today! https://ow.ly/hzrG50R4fTX #ProtivitiTech #DataPrivacy

Reply on Twitter 1779872392535212145 Retweet on Twitter 1779872392535212145 2 Like on Twitter 1779872392535212145 1 Twitter 1779872392535212145
protivititech Protiviti Technology @protivititech ·
12 Apr

The latest Technology Insights Blog post offers insight into the unique risks associated with Large Language Models (LLMs) and how to establish strategies to mitigate them. https://ow.ly/q3w550RfbXm #ProtivitiTech #TechnologyInsights

Reply on Twitter 1778890996282982442 Retweet on Twitter 1778890996282982442 Like on Twitter 1778890996282982442 Twitter 1778890996282982442
Load More