A push to hire and retain more women will help close the cyber security talent gap, experts say © Montage: Esan Swan/FT

The pandemic-led jump in homeworking has not only resulted in more opportunities for hackers to exploit, it has also increased demand for more cyber security analysts.

“People are starting to understand the role of cyber security in a business, there is much more interest,” says Clar Rosso, chief executive of (ISC)², a non-profit group specialising in cyber security training.

According to an April-June 2020 survey by the organisation, 3.1m people are needed in cyber security worldwide, with 22 per cent of companies reporting a significant shortage of dedicated cyber security staff in that period.

Jane Frankland

The best way to narrow the talent gap, says Jane Frankland, a veteran cyber analyst, is to hire and retain more women, who make up just one-quarter of the sector’s employees, according to 2020 (ISC)² data.

“Cyber is historically a very male-dominated industry,” says Ms Frankland, “and as it has been very technique-focused, it can feel intimidating to women.”

Some institutions have aimed to involve women from a younger age in cyber to correct this discrepancy: the UK government launched a CyberFirst Girls Competition in 2017.

But the main hurdle facing recruiters is retaining female hires, says Emily Stapf, US cyber security leader at PwC, the financial services group. “There is plenty of talent,” she says, “but companies need to create a culture and opportunities to keep the few women they have.”

The National Cyber Security Centre’s CyberFirst Girls Competition last year © Ben Davis

As well as reducing the talent gap, hiring and retaining women could also contribute to the evolution of cyber security from simply protecting assets to creating value for the company, argues Ms Stapf. “Many women have a risk management mindset, think differently about balancing tasks and are able to sort through the noise to identify a threat,” she says. “Those skills are essential.”

Carolyn Crandalll

Carolyn Crandall, chief security advocate and chief marketing officer of Attivo Networks, a cyber security group, advocates “the creation of programmes which, for a period of time, could subsidise the payroll of female graduates or women who are looking to change careers”.

“The women involved will gain valuable skills and experience that could help them advance in their cyber security career and add value to their employers,” she adds.

Ms Crandall says the industry in general should “be more welcoming to women who are beginners or on a learning curve. Too much criticism and a perception that one cannot succeed is a huge deterrent and can cause women to give up. Providing a teaching environment and taking the time to educate women interested in learning will pay itself back in spades.”

The lack of cyber security analysts — regardless of gender — is partly the result of companies prioritising revenue-making sections of their businesses and often relegating cyber security procedures to IT.

“Historically, cyber security grew out as a sub function of IT teams,” says
Ms Stapf. “It has evolved since to be considered a corporate risk imperative, but some companies still lag behind.”

Cyber attacks cost targeted companies an average of $3.9m, according to a 2020 global survey of mostly mid-sizes companies across all sectors by IBM Security, the US tech company’s cyber security arm.

Although most companies recognise the need for robust cyber defence teams, some say finding the right candidates is challenging given the technical abilities required as part of the role, and the proper certifications or specific degrees.

A recent addition to the industry is John Watts, who was hired in September as a cyber security analyst for a US government agency straight after graduation. Jobs usually have a starting salary of $75,000 and with analysts in demand, the 23-year-old says his choice of the cyber security industry has left him feeling “very confident in my job prospects [for the future]”.

As the field is relatively new and few educational institutions have dedicated cyber security programmes, many cyber experts have migrated from software engineering backgrounds.

That is the case for 37-year-old Dhruv Ahuja, who worked as a reliability engineer — a job that involves improving the resilience of his company on the cloud — before moving to a cyber security role. “I had a knack for it and I had been working with similar software for 10 years so it was a natural, lateral move,” he says.

Cyber security roles tend to provide secure and relatively high-
earning careers for those with the technical skills, says Mr Ahuja. “It is a
great job to have,” he says. This past year, (ISC)² noted a 15 per cent increase in people taking their cyber security exams compared with the same period in 2019. “It's a growing field,” says Ms Rosso.

Despite cutting back their hiring in 2020 due to uncertainty related to the pandemic, companies are likely to increase their spending on cyber teams this year, according to Ms Rosso. “It has been a pivotal year with many security incidents shining a light on the need to invest in tech and staff,” she says. “I think we are going to see a lot of hiring happening in 2021.”

For trailblazing companies, cyber security has evolved from being a strictly reactive technical-minded field to a more thoughtful and forward-thinking part of the business, according to a 2020 PwC global digital trust

According to newly employed cyber analyst Mr Watts, the outlook
for women in the industry is positive: “My director is a female,” he says, “and I think we are going to see more and more women in these roles. They bring in such great view points, we need them.”

Copyright The Financial Times Limited 2022. All rights reserved.
Reuse this content (opens in new window) CommentsJump to comments section

Follow the topics in this article