Gender Diversity Lacking in Cybersecurity Leadership

Written by Kelly Thibault

August 30, 2022 

Secure Diversity exists to address the gender diversity gap in cybersecurity, from entry-level to leadership. An oft-cited metric about women in cybersecurity is from ISC²’s women in cybersecurity 2018 report. The survey suggests that women hold approximately 24% of all cybersecurity roles. Yet this data is from 2018 and includes those who work in an IT role with some cybersecurity responsibilities. A more recent report from ISC² showed that the number of women professionals in formal cybersecurity roles decreased from 2019 (30%) and 2020 (25%) to 20% in 2021. This data makes sense as Builtin.com found that the pandemic disproportionately impacted women. 

• Women in the tech industry were twice as likely to be furloughed or laid off than their male counterparts (2020 layoffs)
• A total of 2.5 million women left the workforce in the US
• 43% of women report remote work as being a positive experience, while 42% of women have negative views
• 54% of women say that the pandemic is making it harder for them to break into the tech industry

Several sources provide reasons why women experience barriers to jobs in technology. They may struggle to find mentors and sponsors, not see role models who look like them, experience bias in the workplace, face unequal growth opportunities and pay gaps, and experience discrimination, harassment, and bullying. It’s also systemic. 

“Women don’t have decades and decades of generations before them who went to college, got into the top jobs, and can now hire their fellow alumni’s kids. This is one of the reasons there aren’t more women in executive roles. They don’t have the same networks.”

Deidre Diamond, Founder of Secure Diversity

To further the impact of women in the workspace, the United States is seeing a surge in the attack on women’s rights. Women face an upward battle, whether it’s a separation of church and state, the right to make individual reproductive choices, or outlets to report harassment and discrimination. In a Bloomberg article by Claire Suddath, she pulled together facts and stories of women’s experiences in the United States and how regulations, laws, policies, and workplaces don’t support women – personally or professionally. In fact, women are consistently traumatized.

“These facts tumble around in my mind. They feel unrelated, but they’re not. They’re the byproduct of a system that’s working as intended: to allow for the employment and economic advancement of women without actually supporting them.” 

– Claire Suddath

The lack of gender equity and representation worsens as we move up in the organization. I researched CISOs at the largest 25 tech companies by market cap and in the Fortune 100. One organization’s executive team website was so homogeneous that I called my wife over to show her. It was all middle-aged white thin men in black suits who all looked very similar. We don’t address body size and gender expression often, but of the women I found in the security leadership roles, all of them could be described as attractive by US societal standards. Gender can be very personal and as I was unable to verify with each individual their identity (though some shared pronouns), I used their photos to determine gender. In the Fortune 100, 87% currently have a CISO or CSO. Individuals presenting as women held 22% of CISO/CSO roles within those 87 organizations. Honestly, this number was higher than I expected. When I looked at the largest 25 global tech companies by the market cap on August 1, 2022, 76% had a CISO or CSO. The percentage of women-presented individuals who held those roles? 5% or 1 person, the CISO of Oracle. Yes, tech still has a gender diversity problem, especially at the executive level, and even more so in cybersecurity leadership. 

To improve gender diversity in the workplace, we need supportive policies and environments, we need to change how things have traditionally been done, and we need cisgender men who bring in diverse candidates at all levels and advocate for those voices at the table. At Secure Diversity, we see the need to shatter the glass ceiling of cybersecurity leadership and executive roles. We’re working on this with the Secure Diversity Leadership Academy. In partnership with SANS GIAC Certifications, program participants will be in one of three tracks: Operational Cyber Executive, Transformational Cyber Leader, or Cloud Security Leader. Secure Diversity will provide scholarships to all selected participants. Applications close on August 21, 2022, and sponsorship remains open. Want to help us achieve our goals of shattering that glass ceiling and making it easier to get more gender diversity in cybersecurity leadership? Then we want to work with you. Visit our sponsorship page or email us to get involved.

Secure Diversity is a 501(c)(3) organization; all sponsorship and donations are tax-deductible. 

Data Sources

• 52 Women In Technology Statistics: 2022 Data On Female Tech Employees, 2022
• Diversity In High Tech Statistics, 2022
• Diversity In Tech 2021 U.S. Report, 2021
• Fortune 500 Rankings, 2022
• (ISC)2 Cybersecurity Workforce Study, 2021
• (ISC)² Cybersecurity Workforce Study: Women in Cybersecurity, 2018
• It’s Getting Harder to Be a Woman in America, 2022
• Largest 25 Tech Companies, data accessed August 1, 2022
• Women In The Tech Industry: Gaining Ground, But Facing New Headwinds, 2021
• Women In Tech Statistics: Girls Get Tech, 2022
• Women In Tech Statistics: The Hard Truths Of An Uphill Battle, 2021
• Women In Tech Statistics: The Latest Research And Trends, 2021
• Women In Tech Statistics Show The Industry Has A Long Way To Go, 2021