While the underrepresentation of women in cybersecurity is starting to improve – 20% in 2019 compared to 10% in 2013, that trend isn’t translating in the higher echelons of cybersecurity power. An Altrata report estimates that only 16% of CISOs in the US are women. With the world continuing to experience a gap in the number of filled cybersecurity jobs – 3.5 million unfilled roles in 2024 – there is room for relief as more women pursue a career in cybersecurity in the years ahead – 25% in 2022 and predicted 30% by 2031.
While reports involving gender equality almost always suggest that women continue to earn less than men on average (17% on average), the take-home pay may not be the sole reason for women in CISO roles.
Forrester Research suggests that women only hold 16% of CISO roles in 2022 – up 3 percentage points from 2021. But pay may not be the only issue for women in CISO roles, according to Forrester. Other issues like support by other members of the executive suite, access to or the importance of certifications and shortcomings in succession planning may further add to the challenges for women security leaders.
Forrester estimates that the average time to become a CISO from entering the workforce is over 20 years, emphasizing the longevity and experience required for success in the role. Of course, this applies to everyone regardless of gender.
FutureCISO spoke to Rupal Hollenbeck, president of Check Point Software Technologies, on the long road for women in cybersecurity.
Hollenbeck noted that women's participation in cybersecurity reflects the overall situation in the technology space. She acknowledged that the challenge is more acute in the cybersecurity space as she sees fewer women in cybersecurity compared to other roles in the broader technology-career landscape.
“We have a talent gap. We are short worldwide of 3 million people in cyber. If companies continue to look at half the population to fill that huge gap, we are missing out.”
Rupal Hollenbeck
Hollenbeck believes that education, recruitment, nurturing progression, and executive positions all conspire to limit women's participation in cybersecurity. “There is nothing immune in terms of being a challenge,” she pointed out.
She concedes that the tremendous pressure cybersecurity professionals face every day – just because of risk factors. While acknowledging that the staffing shortage is leading to a financially lucrative career for those choosing a career in cybersecurity, she believes the opportunities are broader than what people think they are.
She says cybersecurity is no longer a pure-play technology issue. “Cybersecurity has so many elements today. It is not just being in development. It is about being in the business. It is about understanding regulatory matters. We have a tremendous need for lawyers in cybersecurity and to begin to be educated on how legislation and regulations help and hinder keeping organisations safe,” she continued.
“Today’s cybersecurity professional has to be a technologist and has to be commercially oriented. They have to be operational, and they have to be regulation-savvy. So, the careers in cybersecurity have never been broader than they’ve been.”
Rupal Hollenbeck
What follows is an interesting revelation on Hollenbeck’s passion – women in cybersecurity.
Click on the link to listen to Hollenbeck’s opinion and experiences in leading other women
- What is your view of women's representation in the cybersecurity space?
- Estimates put women professionals in cybersecurity at 24%. What is driving this inequality in representation in the cybersecurity space?
- What needs to happen to encourage greater participation of women in the cybersecurity space?
- For women aspiring to enter the security space, what characteristics must they hone, qualifications do they need to build?
- What personal risks should those interested in pursuing a CISO career keep in mind?
- Any advice for those interested in pursuing a career in cybersecurity? (including fatigue or burnout)