With an extreme shortage of trained cybersecurity professionals, it's becoming increasingly common for people--especially women--to enter the field from other careers, including IT, law, compliance, and government. These employees form a group of "accidental" cyber professionals who are filling the need for cyber professionals and offering a different view on security threats.
Job postings in the cybersecurity field have gone up 74% over the past five years--a Cisco report estimates that there are currently 1 million unfilled cybersecurity jobs worldwide. US News and World Report ranked a career in information security analysis fifth on its list of best technology jobs. Average salaries nationally are $88,890, and significantly higher in cities such as San Francisco and New York.
"The job prospects are excellent," said Deborah Hurley, a professor for Brown University's executive master in cybersecurity program. "The demand far outstrips the supply."
Yet women make up only 11% of the world's information security workforce, according to the Women's Society of Cyberjutsu, and just 1% of its leadership.
Part of the reason for this is that there are few women in technology in general, Hurley said. "Sometimes it's perceived that the only way of entering cybersecurity is through the technical door, but that's not the case," she said. Hurley started her career as a lawyer, and launched the Working Group on Innovation and Technology Policy at the Organization for Economic Cooperation and Development (OECD).
Cybersecurity involves knowledge in tech, human behavior, finance, risk, law, and regulation. "Whatever a person's talent, with people, administration, management, education, or technology, there is almost certainly an aspect of cybersecurity for which their skills and experience are needed," Hurley said.
An interdisciplinary field
Cybersecurity is inherently interdisciplinary, Hurley said. "One thing I've done over and over is bring people from different disciplines into a room, to create a common vocabulary and work through a particular issue or problem that needs to be resolved," she said.
Depending on your background, you may be able to make the leap to security within your own company, Hurley said. "There are tons of opportunities in cyber and many doors of entry," Hurley said. "Whatever doorway you come through, you will be working with colleagues from many disciplines, and becoming more expert."
Shelley Westman, senior vice president of alliances and field operations at Protegrity, started her career as a lawyer. She left the field and went to work at IBM in a number of different roles ranging from procurement to product management. Eventually, she was assigned a role in hardware security. "I knew nothing about security, and had to self-teach everything," she said. "I fell in love with the space--it's very analytical and very fast moving."
At IBM, she started the group Women In Security Excelling (WISE), which grew to 850 members.
"It's a myth in the industry that you have to be technical to be in the field of cyber," Westman said. "We need people who have deep analytical skills, who can talk to clients, and translate technical speak to business value." That includes marketing and finance pros as well. "It's an end-to-end business," Westman added.
It also requires strong communication skills, and the ability to work as a team. "This is not a business where you can get things done by yourself," Westman said.
Since cyber is a relatively new field, it makes sense that women in the mid to late stage of their careers started in another area and made the move, said Sherri Ramsay, senior advisor at CyberPoint International and member of the board of directors for the National Women in Cybersecurity Conference. "What you want to see is many more younger women choosing to go into that field," Ramsay said.
The STEM issue
The dearth of women in cybersecurity and technology in general starts as early as middle school, when many young women opt out of STEM courses, said Deidre Diamond, founder and CEO of CyberSN and #brainbabe.
"We're behind in marketing and representing all of the jobs that exist--our schools have no idea about all of these jobs," Diamond said. "It's starting to change, because there is so much money to be made in this business. When it's sold correctly, women will flock to it."
Westman said she has had a similar experience. "When I talk to a lot of young girls, they've never heard of cybersecurity as a career path--they have a picture in their mind that cybersecurity involves sitting in a dark room by yourself working alone chasing down hackers and bad guys," Westman said. "They don't seem to be interested in that, but it's a misperception."
While undergraduate cybersecurity programs are growing, it's difficult for them to draw in enough students to meet demand, and to keep up to date on all of the latest threats, Ramsay said.
"It's going to take government, industry, and academia to partner together in ways they've never done before," Ramsay said, to ensure people go into the field and are trained appropriately.
Ensuring women enter the field also helps businesses succeed, Ramsay said. "It's proven that the way men and women think about and solve problems is different--because cyber challenges are so difficult and complex, we need to bring all these different ways of thinking about problems to the table," she added.
How to make the switch
Lisa Kendall, marketing and media manager of CyberSN and #brainbabe, parlayed prior marketing experience and additional cyber training into her current role. "Take what you already know how to do and see what there is out there for you," Kendall said. "Cybersecurity companies are made up of dozens of different roles and only a handful are technical. Security orgs need sales, marketing, HR, operations, account management and many other professionals, and all the security industry knowledge needed can be learned on the job."
Women are much more likely to self-exclude when job searching, Kendall said. "Instead of assuming you can't do the job, take a chance and put yourself out there," she added. "If you can paint the story for the hiring team using your cover letter and a thoughtful resume, you can often get in the door for an interview."
Different companies have different requirements for entry, Westman said. She recommends reading about the field, and finding coding or cybersecurity courses online (find certifications and degree programs here). You can also reach out to your company's current cybersecurity professional and ask to shadow them, Westman said.
Companies should look at their current cybersecurity assets for gaps, and look for people in the company to fill them, Hurley said. For example, someone from human resources could potentially spearhead employee cybersecurity training, she added.
Both women and men in the industry must be allies in advocating for the profession, Westman said, and get involved in mentoring and speaking to groups of young people to raise awareness of the field. "Be public about why you love the field of cybersecurity," Westman said. "If girls don't see people like them in the field, they are not going to be interested in going into it."
- Report: 57% of businesses can't find enough IT security pros (TechRepublic)
- Video: What the Secret Service can teach us about cybersecurity (ZDNet)
- Cybersecurity: Two-thirds of CIOs say threats increasing, cite growth of ransomware (TechRepublic)
- IoT devices can be hacked in minutes, warn researchers (ZDNet)
- Report: Despite growing security threats, CXOs struggle to find cybersecurity professionals (TechRepublic)