Shockingly, only 24% of the cybersecurity workforce are women, according to a study by (ISC)². The key reasons for this are unequal job market access and a lack of opportunities for younger women breaking into the industry.
To help us understand how to tackle these issues, we spoke to Lindsey Polley, Director of Cyber & Space Intelligence at MACH37, and Jennifer Addie, COO & Strategy Director at MACH37, a start-up accelerator designed to facilitate next-gen cybersecurity companies.
According to Jennifer, who has been working in cyber for 22 years, recruitment has historically been very narrow. Job roles were based on very specific technical skillsets and didn’t invite other skills in, which had two effects.
The first was that people would self select themselves out of the running, effectively turning themselves down for the role without even applying. The other is that it made the candidate pool very narrow, which no longer benefits companies: cyber has become a horizontal that touches every industry.
Now, says Jennifer, entering the industry can mean that someone begins at a point unrelated to technology, “then sort of meandered into cyber and realized it had this really great nexus.” Opening the way for women to take on roles in cyber means allowing for “organic entry points where people can start from the skill set they have and see all the overlaps.”
For Lindsey, there’s a concurrent issue preventing women from entering the sector. Although society in the US has improved at engaging younger girls in STEM, with a lot of schools adding coding and engineering courses to the curriculum, there’s a “critical pipeline” where the industry loses women and girls.
The transition from late high school to college is overwhelming in general, but Lindsey points out how girls will lose their networks and resources, entering a new environment that they don’t know how to navigate. They’re also suddenly one of only a few women; by grad school they might be the only female student in a class.
This is discouraging and makes girls more likely to opt out of technological studies. Further, being in a minority of women creates a sense that their male counterparts are getting more support from professors. For Lindsey, something as simple as having school administration assign work areas so that girls are intermixed and not pushed, literally, into a corner, would help to strengthen the pipeline.
There’s also the issue of a pay disparity in the sector that doesn’t correspond to qualification level so much as it does time spent at a company: 62% of women don’t feel they have the same opportunities as men.
Often, there are women within companies that are actually well-positioned to move across into more tech-focused roles. Jennifer sees a combined need to creative better incentives for women, as well as incentivize cross-training. In smaller companies, it’s often easier for women to get a foot in on multiple responsibilities. It’s bigger companies that tend to unnecessarily compartmentalize people into very specific roles that require a deep expertise.
An example of why this approach restricts business potential is Jennifer herself, whose career started more broadly in problem solving and only focused on cybersecurity over time. Lindsey, too, began in Policy, and “worked [her] way down to technical.”
Another issue Jennifer highlighted is that it’s difficult to know what to what to study to appeal to employers. There are initiatives in place to help with this: the Commonwealth Cyber Initiative (CCI) in the state of Virginia that forges links between businesses and startups, and academic institutions.
A lot of companies don’t necessarily know what they really need, either. They’re advertizing jobs based on older job descriptions and working from assumptions about what it is to be in cyber. This prevents many people, and particularly women, from making the cut, when they could have a specific skillset crucial to the role.
In this way, Jennifer looks at the evolution of cyber as running parallel to that of mathematics, “when they […] first had women coming into math. Women were naturally beginning to solve a lot of the problems differently. And they would say, no, no, your order of operations was incorrect.” Women were still able to get correct answers with different workings, “and it actually blew math open.”
Lindsey’s work with MACH37 and VentureScope are examples of what companies can do to welcome people into roles that they don’t, on paper, have qualifications for. You can find someone who has experience and is a great fit for a company but doesn’t have the certification. With help to achieve it, though, it’s not difficult to obtain. Maybe the barrier was financial; an organization could provide funding. It’s about “demonstrating […] to the rest of the industry, [it’s] doable, it’s a solvable problem.”
In part two of this two-part article, Jennifer Addie and Lindsey Polley talk more about building familiarity with technology from as early as possible, and how to facilitate avenues for women into cyber.
Dr. Polley is VentureScope’s Director of Disruptive Technologies, and MACH37’s Director of Cyber & Space Intelligence. She is a futurist who specializes in the emergent landscape around cyber and “cyber-adjacent” technologies, providing C-Suite and SES-Level leadership with strategic and advisory services related to the research and analysis of disruptive technologies within the commercial sector. Dr. Polley also leads embedded strategic advisory cells that provided emergent technology solution identification for segments of the DoD, with an emphasis on space applications.
As COO and CWO of VentureScope and MACH37 Cyber Accelerator, Jennifer Addie helps lead the consulting, investment, emerging tech scouting, training, accelerator operations and entrepreneurial wellbeing practices. Jennifer also serves as an adjunct professor of Entrepreneurship teaching Lean Startup at six universities, a Creative Problem Solving (CPS) facilitator, a certified instructional systems designer (CISD), and leader in entrepreneurial wellbeing with a BA in Cognitive Neuroscience from the University of Virginia as well as a Master of Science in Creativity and graduate certificate in Creativity and Change Leadership from the International Center for Studies in Creativity (ICSC).
8 June 2023