Gender gap: Why information security needs more women

The Information Security field is not keeping up with the bad guys. And, that’s with companies throwing gobs of money, software, and equipment at the problem.

That said, the International Information Systems Security Certification Consortium (ISC)2 and the consulting firm of Frost & Sullivan feel they understand why digital bad guys are winning. Information-Security departments are not paying enough attention to company business objectives, they are unable to communicate effectively with other departments, and team members have a homogenous set of skills.

Women under represented

The two organizations go on to explain why the situation is what it is in their report, Agents of Change: Women in the Information Security Profession [PDF]. Quite simply, the group feels there are not enough women in the Information-Security field. Women only represent 11 percent of the Information-Security workforce which is discordant with other professions where women are near parity with men. According to the report:

“In comparison to representative labor statistics—women in 2012 accounted for 46.9% of the United States total labor force and 51.5% of United States management, professional, and related positions—it is clearly evident that women, at just 11% of the Information-Security profession, are greatly under represented.”

The report did not go into detail as to why the dramatic difference, but did say it was crucial that the status quo change.

Why women are needed

As to why it is crucial to change the status quo, the report was clear. The expertise needed to get Information Security back on track requires skills that are not prevalent and not considered crucial by today’s Information-Security departments. The (ISC)2 news release for the report explains: “While technical skills are integral to developing a strong security posture within organizations, it’s important to supplement the proper skills and perspectives necessary to make impactful businesses decisions.”

The news release then hints at why it is important to have qualified women working in Information Security: “The report findings demonstrate that the surveyed women believe a successful information security professional should maintain a variety of skills vs. surveyed men, who believe technical skills should be the priority.”

The group running the survey came to that conclusion based on how participants responded when asked to determine how important the following attributes were:

• Communication skills
• Broad understanding of the security field
• Awareness and understanding of the latest security threats
• Technical knowledge
• Security policy formulation and application
• Leadership skills
• Business management skills

Here are the results.

It may seem too close to call, but Michael Suby, author of the report and Vice President of Research at Frost & Sullivan spoke to the significance of the results: