Synack, the most trusted crowdsourced security platform, and the Center for Equity, Gender, and Leadership at the Haas School of Business at the University of California, Berkeley worked together to understand the barriers for women and people of color working in information security professions.
Our goals: Spotlight the problems and spark the new conversations to find actionable solutions that increase diversity and inclusion in all aspects of the cybersecurity field.
Diversity and equity are essential in cybersecurity. Teams with more women and people of color are better equipped to identify and confront emerging threats. Diverse teams and organizations are more innovative and increasing diversity is the only way to close the cybersecurity skills gap.
But increasing diversity requires a serious commitment. To better understand where change is needed, we asked nearly 300 cybersecurity professionals about the barriers they’ve faced as women and minorities, and what the industry should do differently to foster inclusion.
Their responses offer invaluable insights for industry leaders —and anyone committed to making positive change. It’s clear there’s progress, but gender diversity appears to be advancing faster than inclusion for minorities. There’s much more work to be done to reach true parity across the security field even though we’re moving in the right direction.
Diversity is incredibly powerful. It leads to smarter and more innovative thinking. It creates better performing teams and allows companies to more effectively serve global customers. It’s especially important for cybersecurity, which requires teams from different countries and cultures to work together to defend against new and dangerous threats.
The problem is we don’t have enough diversity in cybersecurity. Companies ignore the data and remain biased toward a more homogenous workforce — especially at the most senior levels. Beyond cybersecurity, a lack of diversity in different industries exacerbates economic and social problems inside our homes and communities. In 2020, the gender pay gap remains a troubling concern. We’re facing a global health crisis driving more female employees out of the workforce. When it comes to racial equality, the unrest on our streets is a painful reminder of the institutional barriers for African-Americans across all levels of society.
There is some progress in many sectors, however. Many organizations are looking inward, asking hard questions and working to find solutions to develop new pathways for women and minorities to succeed. In an effort to measure the progress for women and minorities in cybersecurity, as well as identify the troublespots, we worked with the Center for Equity, Gender, and Leadership at the Haas School of Business at the University of California, Berkeley on our first Cybersecurity Diversity and Inclusion Report.
No, our report doesn’t tell the entire story. But it does illuminate some strides and unfortunately ongoing troubling trends. For instance, 39 percent of respondents told us that four or more women hold executive roles in their organizations, yet the vast majority of minority women said advancement is limited due to race. That needs urgent attention. In cybersecurity, diversity and the ability for all voices to be heard is so important. To build TRUST and make the cyber world a safer place, we truly need a diverse, representative crowd working together. We hope this report can add to the vital conversation on how to make our industry more equitable, inclusive and, as a result, better equipped to improve security for everyone.
— Aisling MacRunnels, Synack Chief Business & Growth Officer
The industry is more diverse than ever — and that’s progress. Women are seeing gains, but still face real and troubling barriers. Minorities are making progress, too, but they face more obstacles than women in cybersecurity.
Most women told us they feel their ideas are welcome and they see better representation within the middle ranks of their organizations. But a majority still said that a “glass ceiling” exists for women and especially female minorities when it comes to advancing to the C-Suite.
A majority of respondents said diversity efforts require funding and specific support to increase the flow of diverse candidates.
Even with the growing representation of women and minorities in cybersecurity, the overwhelming view among male and female professionals is that there still isn’t enough diversity. A majority of women told us they continue to face adversity, lack a “seat at the table” and representation at all levels.
Voices from the Field*: “Women have to climb mountains and adapt just to be successful.”
Voices from the Field: “Few females or minorities have been given the opportunity in the past, so it is hard to break through.”
* Voices from the Field will be quoting survey respondents throughout the report who shared their personal views about the issues they face in the workplace.
Pew Research found that Blacks working in STEM felt that ongoing discrimination in hiring and recruitment is a major contributor to the lack of diversity in tech. In our survey, some respondents told us they didn’t feel welcome working in cybersecurity due to their race or gender. One person said: “I'm not a white male, in fact, I have the most experience on the team, but culturally, I'm not the greatest fit.”
Fifty-four percent of minority respondents said they experienced either a great deal or a moderate amount of bias based on their ethnicity or background. Meanwhile, 71 percent of white male respondents said they have never experienced bias or lack of opportunity based on their backgrounds and ethnicity.
Voices from the Field: “Dudes feel like they should get credit just for listening, not for changing.”
“My ideas are welcomed, however can be railroaded by larger personalities and voices.”
Fifty-three percent of all female respondents told us a “glass ceiling” prevented them from obtaining certain positions in their organizations, while 71 percent of minority females responded that a “glass ceiling” prevented their advancement.
Overall, women make up about 24 percent of the overall cybersecurity workforce, according to the (ISC)2 Cybersecurity Workforce Study. It also found that women are advancing in executive roles, proportionately gaining more leadership positions than their male counterparts. In our survey, nearly 40 percent of respondents said four or more women and minorities fill executive seats.
But more men are still graduating with computer science degrees. The National Science Foundation’s 2019 report found that computer science has one of the lowest shares of female degree recipients (18.7 percent) among the broad fields of science and engineering, even as more are pursuing these areas.
Voices from the Field: “My primary challenge is the recruiting pipeline. Diverse candidate pools are difficult to create in the cybersecurity field.”
“A lot [of women] are spooked by the ‘boys club’ environment that exists within many organizations.”
“Funding, opportunities, and mentoring,” is how one person responded to this question about what resources are essential for building a more supportive environment for women and minorities.
We heard that sentiment often. People said the issue requires not just acknowledgement, but also funding and specific support to increase the flow of diverse candidates. One person said: “Just the common acknowledgment that there is an industry-wide problem and diversity is an important thing to invest in.”
Forty-six percent of respondents cited that they do not receive enough qualified diverse applicants as a reason for the lack of diversity on teams.
Voices from the Field: “I mentor women who want to work in security and have to push them because just doing their job well doesn't get them promoted or respected as influencers.”
More companies are making diversity and inclusion a priority. Eighty percent of respondents thought the industry has made some progress and is moving in the right direction.
Still, more is needed. Thirty two percent of women and 17 percent of men do not feel they belong in security. We also heard from people that an “old boys network” still exists in the industry, limiting advancement and hiring for women and minorities.
Voices from the Field: “Those in positions of power need to advocate for diversity and demonstrate support by putting minorities and women in key positions.”
“It won’t be easy, but we need to work harder to ensure everyone — regardless of race or gender — has a chance to succeed in this industry. We need a diversity of people and ideas if we’re going to make everyone more secure. It’s imperative that we make this community more inclusive and find new and engaging ways to create opportunity for women and minorities.” —Jay Kaplan, Synack CEO
“There doesn't just need to be more women in leadership positions in cybersecurity firms, there needs to be more opportunities for them to get there. For far too long, the industry hasn’t taken diversity and inclusion seriously. It’s time we make it a priority.” —Aisling MacRunnels, Synack Chief Business & Growth Officer
Methodology: Survey was distributed across a large group of security professionals. We received 276 respondents. Thirty percent of respondents identified as women and thirty percent were from an ethnic minority. The survey was designed and distributed in partnership with students from the Center for Equity, Gender, and Leadership at The Haas School of Business at the University of California, Berkeley.