Where are the women in cybersecurity leadership roles?

This post originally appeared on the OECD Forum’s site.

It’s easy to feel like everything has already been said about why we need more women in cybersecurity. I’ve been explaining the economic benefits of hiring women as engineers, bringing in women as senior information security leaders, and going to work for women as board members and national influencers for a long time. 

I felt so much like I didn’t know what was left to say on women in cybersecurity. Women in my field have been pointing out the efficiencies, the improved problem space, and the improved outcomes for years. 

So I went and asked my husband what to say.

Stay with me on this one. I said, “I can’t think what’s left to say on the topic. Women have been decreasing in their representation in cybersecurity C-suite roles and board memberships for years, and the entire trend of women in technology and engineering positions has been steadily decreasing, at least in the United States, since 1984. There’s been no real improvement on about 1% women in senior engineering positions holding steady for a decade”. And my lovely spouse said to me, “Well, if you’re writing a piece for the OECD, what’s happened with the European numbers over the last year? What’s happened to women in cybersecurity according to the statistics during the pandemic? Can you talk about that?” I was drying a dinner plate and I stopped, shoved the plate and the towel at him, and ran to a keyboard because I realised what the problem was.

Reader, I cannot. I can’t talk about what happened to senior women in cybersecurity during the pandemic because they’ve all disappeared. 

It will be decades before the career gaps experienced by women and primary caretakers during this pandemic are fully erased, and we’re back to the “normal” gender pay gap. 

During the pandemic, every technical woman with children I know has stepped back from her job. Every single one. She’s already being paid 81% of what her male spouse is being paid, if she’s a married parent. Women who are primary caregivers are buried in childcare, family care, and the absolutely never-ending drudgery of cleaning the house. Their spouse makes more than they do, so it makes sense that if one spouse must pull back from the workforce, it should be the one making less money.

It’s a cruel and economically inefficient joke that during this worldwide pandemic, the women and non-gender binary people who have the most to gain from upskilling and negotiating new salaries and charging ahead in the workforce—because the difference between their realised and potential values is so much greater due to discrimination—are the ones losing the most ground. 

It will be decades before the career gaps experienced by women and primary caretakers during this pandemic are fully erased, and we’re back to the “normal” gender pay gap. 

In the early 1990s, Nobel Prize-winning economist Amartya Sen posited that there were more than 100 million missing women in the world based on sex-selective abortions, undereducation and health care provision to women, and a multitude of factors that prioritised the health and education of boys over girls. As academics, professionals of all kinds, essential workers and health care experts are again noticing that women are going missing, we have to ask ourselves: so what? Why does it matter that women are missing from cybersecurity? 

I have pointed out that the potential gains in efficiencies in salary and benefits for women being properly compensated are far higher than for men. But without the perspectives of diverse professionals in cybersecurity, gaps and problem spaces remain unidentified and, statistically speaking, are larger than they would be with the active participation of all the potential perspectives in the field. Inventions arising out of mixed teams, or women-only groups, appear to have wider technological breadth (and may therefore be more economically valuable) and higher impact from a technological viewpoint than those in which only men are involved.

What can we do to solve this situation?

  1. When vaccines for COVID-19 come out, lobby to have child care workers in as early a priority tier as possible, in order to support primary care givers for children and families (most of whom are women) to have an outsised impact on economic gains.
  2. When hiring and creating leadership roles in the next decade, acknowledge women and primary care givers/workers as being so essential that human beings couldn’t do without them, let alone companies. 
  3. Make your protections against groupthink in your organisations robust and antifragile by ensuring that you have more than one diverse voice in each section/team/location of your organisation. Millennial men expect to spend as much time as their spouses on child and family care, so don’t be surprised if requests for family leave come from an unexpected quarter. Hire, promote and sponsor multiple people from all parts of society, education and the gender spectrum to strengthen your organisation’s impact and resilience.

Finally, none of this is fair. Stop trying to make it fair: instead, try to make your solutions just and robust. No single organisation can fix all of the horrors and unfairnesses visited upon women and families during this period of global mourning and recovery—but each person can choose to see the future as different than the track we are on now. Women belong everywhere in cybersecurity to make the world more efficient, to make problem space more known and to keep the world safer than it would be without our voices added to the chorus.

Leave a Reply