When I was in school, just five percent (5%) of my engineering class were women. Today, according to the 2017 Global Information Security Workforce Study: Women in Cybersecurity, just 11 percent of information security jobs are held by women. And if you look at many security technology providers, you often won’t see a single woman on the executive team. (I’m proud to say that Circadence® is a rare exception to this).
There’s a dire need for more cybersecurity professionals – and that gap is only growing. According to ISACA, there will be a global shortage of two million cybersecurity professionals by 2019. It’s a huge challenge for the industry, but also an opportunity to bring more people, and especially women, into computer sciences and specifically careers in cybersecurity.
There are some terrific programs for women in technology. Girls Who Code is one of the best. It helps volunteers and clubs aimed at closing the gender gap, but more can be done to make it a standard in primary education. Google.org is also instrumental in (almost counter-intuitively) taking digital content offline for people who don’t have internet to help show a computer sciences and cybersecurity path to individuals born in remote and rural areas.
We need to bolster educational institutions, which lack resources, to deliver computer sciences (and specifically cybersecurity) training. In the U.S., the underlying curriculum for tech and cybersecurity is Computer Science, which is typically relegated to a single AP class in high school. It is viewed as a separate field from the Arts and Sciences, and frequently portrayed in media as appropriate for male nerds. Unless a young lady was exposed to the field earlier through a special program or perhaps from a parent role model, they are not likely to take an “introductory” AP class stigmatized in that manner.
So how do we get there?
Start Early and Often. The U.S. should take cues from other countries, such as Singapore, Hong Kong and Israel, where elementary school children are taught computer science and robotics as early as kindergarten. We should offer computer science and coding programs starting in kindergarten with safe online resources, and then offer specialization and a variety of experiences built on that base level of knowledge as they progress in age. Progress to logic and coding in Python and then introduce robotics in secondary school. And later in age, introduce competition and more advanced scenarios that mimic real-world challenges.
Modern, Immersive Mediums. We also need to look at the medium in which the training is delivered. Right now the security industry as a whole needs to migrate from its reliance on older, static training formats (classroom presentations, etc.). We need to leverage the technology readily available to create interesting and immersive experiences. Hackathons remain popular, but only crack what’s possible when you combine virtual reality, gamification, and team competition together into an ongoing training and learning experience.
One great example of how these combine is the CyberPatriot program supported by Circadence. In the CyberPatriot program, more than 4,400 schools (including 600 middle schools) compete in regions around the United States. Students are put in the position of a “newly hired” IT professional and tasked with managing and defending the network of a small company in an immersive, virtual platform.
With the daily race to stay ahead of threats, it’s tempting to not think long-term about information security. But with such a large skills shortage ballooning in cybersecurity, our industry needs to start children, and especially women, early on in computer sciences and information security, with modernized curriculums, and coach them to grab the opportunity just ahead.