All 50 states now have a CISO, but as Maria Thompson notes, only five of them are women. At 10 percent, that is not far off the average when it comes to women’s representation in government cybersecurity roles, and that low figure is distressing to Thompson, who is the chief risk officer for North Carolina.
Along with Laura Bate, a policy analyst at the think tank New America, Thompson extolled the importance of increasing gender diversity in government cybersecurity during a panel at the NASCIO 2019 Midyear Conference in National Harbor, Md., on Tuesday.
“You need to be able to see people who look like you and understand there is a possibility to advance in that position and own it,” Thompson said.
Bate noted three key reasons for increasing gender diversity in cybersecurity. First, there are a lot of unfilled cyber jobs, and they won’t be filled if government agencies ignore half the population. Of the nearly 314,000 cybersecurity positions open in the U.S., about 17,000 are in the public sector, according to CyberSeek, a National Initiative for Cybersecurity Education online tool that collects employment data.
“We need more people,” Bate said.
Also, diverse teams simply perform better, Bate said, citing an enormous amount of research to back this up. For example: “In recent years a body of research has revealed another, more nuanced benefit of workplace diversity: nonhomogenous teams are simply smarter. Working with people who are different from you may challenge your brain to overcome its stale ways of thinking and sharpen its performance,” the Harvard Business Review noted in 2016.
Finally, Bate noted, increasing gender diversity “is the right thing to do” from a social and economic justice viewpoint. Cybersecurity jobs typically pay quite well, and if “there are systemic reasons certain members of society aren’t getting those opportunities,” hiring more qualified women will help address that, Bate said.
How to Get More Women into the Cyber Pipeline
In March, New America released a report, “New Ways to Bring Women Into and Up Through Cybersecurity Careers,” which was based on the findings of an interdisciplinary group of experts.
“Depending on the source of the data, women make up 11 percent, more than 20 percent, or 24 percent of the cybersecurity workforce,” the report notes. “However, overall participation in the field is just part of a complex problem. Women at nearly every level of cybersecurity are paid less than their male counterparts, and 51 percent report that they have experienced discrimination, compared with only 15 percent of men.”
The report calls for three executable strategies. One is to empower organizations and coordinators that can change hiring practices at cybersecurity companies and drive up women’s interest in the field. Another is to engage with the private sector business community to get them on board with hiring more women. The third is to use marketing, entertainment and media platforms to change the narrative around women in cybersecurity.
Bate noted that the report included the input of a woman who runs a cybersecurity camp for girls in South Dakota. “We asked, ‘How do you tell them this could be an interesting career path, but no one looks like you?’ She said, ‘We don’t talk about that.’” Instead, the camp gets girls interested in technology concepts like networking but putting them in a room with string and asking them to build their own networks.
Thompson spent 20 years in the U.S. Marine Corps and retired as a master gunnery sergeant and information assurance chief for the Marines, where she served as the senior enlisted cybersecurity adviser to the CIO and the senior agency information assurance officer.
“Every step that I made, I was always 1 in 10” as a woman, she said. “Unfortunately, it is what it is. But it made me a lot stronger. It made me understand where we are right now.”
Thompson said her career in the Marines made her appreciate “why we need to be a little more proactive in getting women into IT.”
Both Thompson and Bate said that apprenticeships and internship programs are key, and that K–12 education systems need to start teaching girls about cybersecurity at a young age. Girls also need to see that women can rise to leadership roles in cybersecurity organizations, Thompson said.
“Leadership at the top is important,” she said. “If everyone you see looks the opposite of who you are, you will not feel like that is a welcoming organization for you.”
Read more articles from StateTech’s coverage of the NASCIO 2019 Midyear conference here.