Cyb(Her) Security: Experiences of Women in the Cyber Industry  
By Tom Inouye

Why are women increasingly active members of cybersecurity forces? And how are women treated in cyber careers?

           

Disclaimer: This paper touches on gender-sensitive issues of sexual harassment, discrimination, and exclusion.

 

History of Women in Cyberforces

            Ada Lovelace, born in 1815, is well known as the first-ever computer programmer.[1] As an associate to computer inventor and mathematician Charles Babbage, Lovelace wrote the first algorithm for his early data processing prototypes. Without her contributions, the functions that modern-day computer programmers use– like “looping” and “conditional testing”– to complete both simple and complex tasks would be nearly impossible.[2]

            British codebreaker Joan Clarke was instrumental in cybersecurity operations during World War II. By solving codes provided by Enigma machines, she deciphered Nazi messages, providing Allied Powers with invaluable advantages in message processing, reconnaissance, and technical prowess.[3]










Without her cybersecurity expertise, the outcome of WWII may have been significantly more violent.

Valerie Thomas spearheaded NASA’s cybersecurity initiative in the late 1980s and early 1990s. As the head of this program, Thomas developed standards and protocols for emerging space technology while emphasizing the importance of gender equality in NASA’s technical leadership.[4] Along with her monumental achievements, including inventing the illusion transmitter– a piece of technology allowing for the transmission of long-distance images using a camera, still used today– Thomas is also one of the first black women to become involved in NASA’s computational forces.[5]

            These three women are only a few of the female pioneers in the history of cybersecurity. And while their contributions to the world of programming are monumental, they had to overcome misogyny, racism, and belittling at nearly every stage of their careers. While many of them have since gained widespread recognition for their revolutionary ideas, many were discredited during their time. As the internet has grown more accessible, the cybersecurity industry has expanded to ensure data privacy, prevent destructive cyberattacks, and curtail financial loss.[6] This expansion has created new jobs and challenges for policymakers and computer scientists. How have women fit into the picture since this increase in the twenty-first century?

            While the stories of Lovelace, Clarke, and Thomas are inspiring, the field has a much darker side in relation to gender today. Sexual harassment is rife at cybersecurity conferences and in the office. One-fourth of all women (26%) have experienced sexual harassment at a cyber-related conference, 12% of which claimed that there were multiple incidents of harassment.[7] Especially concerning is that 35% of women who issued complaints claimed that the harasser was an “executive or in top-level management.”[8] These statistics reveal an upsetting power imbalance between men serving in upper management and many women who only recently successfully gained access to jobs in the industry and thus fill lower-level positions. As revealed in a 2022 study, women are only 1% of senior leadership positions at cybersecurity companies,[9] indicating not only a clear structural inequality between men and women, but also a culture of sexual harassment.

            This isn’t to say that high-ranking women in the cyber field are immune to sexual misconduct and aggressive, nonconsensual pursuit by men. According to a report by Forbes, a senior-ranking woman attending a cybersecurity-related event was groped by another executive, but justice was not brought; it wasn’t even attempted.[10] After the female executive reported receiving unsolicited texts like:

 

“You’re too cute, remind your boyfriend how lucky he is… Good night, I need to quit while you still think I am a good man”[11]

 

            When this executive brought the complaint to event staff, she was told that “she hadn’t even been touched.” The blame was turned on her, with one member of male staff claiming that she was just “a flirt.”[12] Dismissiveness and victim-blaming are common when women bring up their experiences as survivors of assault, but such excuses for sexual misconduct and violence are amplified in spaces where women are a minority.[13]

            More generally, male-dominated industries tend to see higher numbers of reports of sexual harassment and gender inequality. As in the cybersecurity industry, companies of predominantly male employees result in outcomes for women: “lower rank, shorter tenure, the physicality of the job, job insecurity, negative relationships with peers and/or supervisors, treating women as outsiders, exaggerated gender differences, unequal gender ratios, and promotions based on gender.”[14] Such cultures of misogyny, as seen in many cybersecurity firms across the country, are crucial facets of sexual assault culture. When women are degraded and subverted by men in the workplace, they are not seen as equals deserving of respect or autonomy, but instead as “under men.”[15] Thus, the cybersecurity industry’s lack of women in roles of authority has created a pervasive gender hierarchy that places men at the top and perpetuates sexism and harassment against the few women who have been able to make space for themselves in cyber careers.

            Women also face stigma and gender bias in the workplace. Compared to their male colleagues, women are more likely to be given “less complex or important tasks under the presumption that they lack the necessary expertise.”[16] This prejudice translates to not only unfulfilling careers and pervasive belittling of women, but worse results. Women who have faced more pervasive discrimination in their field of work are shown to perform worse than if they worked with companies with more equitable environments.[17]

However, cybersecurity firms are in the process of hiring more women into their ranks, indicating a shift in cultural dynamics and promising inclusion of historically marginalized gender minorities. What has caused the shift towards more gender diversity in the field, and has it improved the quality of life for women working in it?

 

Rising Representation and Contributing Factors

            Compared to other branches of hard security, women make up a greater proportion of the total staff of private cyber protection firms and cyber-focused government jobs. In 2022, women held 25 percent of cybersecurity jobs, a 5 percent increase from 2019. As recently as 2013, only 10 percent of the cyber industry was composed of women. The upward trend is not expected to stop anytime soon, with projections ranging as high as 35 percent by 2031.[18] Thus, while women will remain a minority in this branch of cybersecurity, representation is increasing significantly faster than in other sectors of hard security. For example, women compose only 18.8% of total US Army forces, 9.8% of Marine Corps forces, and 19% of Air Forces. Overall, women account for 19.7% of DoD jobs compared to nearly 80.3% of men.[19]

            Why have we seen such a vast increase in the number of women joining the cybersecurity industry? There are several possible reasons.

            First, cybersecurity firms are in need of technical workers. A study conducted by the Associated Press found that the number of unfilled cybersecurity jobs sits at 3.5 million across the world and 750,000 in the United States.[20] Women in the industry who have been pursuing cybersecurity certifications are well qualified for these vacant roles. As shown in the chart below, women are pursuing certifications at a marginally higher rate than men, even though the industry has historically excluded women from joining the workforce.[21]









Cybersecurity firms, many of which are struggling to fill labor shortages, have consequently begun to include more gender diversity in their operations.[22]

            Second, cybersecurity firms are seeing a genuine benefit in including women in leadership and technical roles. Artificial intelligence has changed the nature and means of cyberthreats and diversity of opinion and risk mitigation strategy is crucial in solving those issues. 73 percent of women have experienced online abuse, including stalking, harassment, and other cyber-financial crimes. The United Nations estimates that “95 percent of online aggression, harassment, abusive language, and denigrating content are directed at women.”[23] Women, who face disproportionate harm online and in cyberspace have experiences and input that help to guide cybersecurity strategies.

 

“If you’re faced with solving complex problems and managing complex risk on a daily basis, the more diverse backgrounds you have helping you do that, the better off you are. Different people see problems from different perspectives.”[24]

 

            Although it may seem intuitive that gender diversity in any industry can reduce inequality and increase efficiencies, and perspectives, and motivate underrepresented groups to participate, cybersecurity firms only recently began to hire women at higher rates, many of which are now seeing workplace benefits and a greater array of perspectives.

 

Hurdles for Gender Equality

            While more representation for women in cyber careers has translated to fewer microaggressions and more diverse perspectives in business operations, women still struggle to feel included. In 2023, a report by the ASIS Foundation found that 60 percent of women feel discriminated against at work compared to only 22 percent of men.[25] Such a jarring discrepancy is a clear indication that women face barriers to financial and personal success in cybersecurity spaces. Sexual harassment, pay disparity, and exclusion have not completely fizzled away with new diversity initiatives.

            As of 2021, women are still earning less than three-quarters (72 percent) of their male counterparts’ salaries while working in private or public cybersecurity organizations.[26] Gendered pay disparities send the signal to women that they are somehow less qualified, less important to cyber operations, and less deserving of compensation. Without a reexamination of pay inequities, women may be dissuaded from entering the cybersecurity industry, reinforcing the same gender employment gap that has historically excluded female participation.

 

Conclusions

            Since the birth of computer programming, women have been key players in the direction and methods of cybersecurity. However, the industry in the last two decades has been male-dominated, leaving women with fewer opportunities to join the workforce and more barriers to personal and financial success. Women are harassed at cybersecurity conferences and in their offices, receive inadequate compensation, and are frequently belittled by their male coworkers and supervisors.

            What can the industry do to ensure their employees come from diverse backgrounds?

1.     Cyber firms must ensure that men and women working the same jobs get equal compensation. Closing this gap will encourage women to become technical programmers for cyber firms. More generally, closing the pay gap for women interested in cybersecurity will “help create economic security and stability for women and their families, providing economy-wide benefits as women can spend, save, or invest more and are more likely to remain in paid employment.”[27]

2.     DEI initiatives and harassment prevention training focused on intersectional gender equality in the workplace must be implemented. These trainings, which can range from boundary-setting exercises to forming community accountability mechanisms, ensure that women feel safe and comfortable in cybersecurity offices.[28] Further, those who feel they are being discriminated against on the basis of gender, race, or identity should have access to effective reporting and investigation systems. Cybersecurity conferences must ensure that complaints of sexual harassment and violence are taken seriously. Rather than having general staff members or organizers address grievances of harassment, conferences, and offices should have designated DEI and sexual assault staff.

 

            Public and private cybersecurity forces are only effective when the experiences and insights of a diverse and expansive population are taken into account. But for too long, women have had to pass overwhelming barriers to their participation in cybersecurity. Only with careful and inclusive policies that aim to improve the experiences of marginalized groups in the industry will women feel like they have a place in it.

 

[1] The Editors of Encyclopedia Britannica. 2018. “Ada Lovelace | Biography & Facts.” In Encyclopædia Britannica. https://www.britannica.com/biography/Ada-Lovelace.

[2] “Ada Lovelace, an English Mathematician, Wrote the First Algorithm for a Machine.” 2021. AWIS. May 11, 2021. https://awis.org/historical-women/ada-lovelace/#:~:text=Ada%20Lovelace%2C%20an%20English%20mathematician%20and%20daughter%20of%20the%20poet.

[3] Austin, Karen. 2022. “The Untold History of Women in Cybersecurity.” United States Cybersecurity Magazine. March 23, 2022. https://www.uscybersecurity.net/the-untold-history-of-women-in-cybersecurity/.

[4] Austin.

[5] “Valerie Thomas | Biography, Mathematician, Invention, & Facts | Britannica.” n.d. Www.britannica.com. https://www.britannica.com/biography/Valerie-Thomas.

[6] Patterson, Nicholas. 2021. “What Is Cyber Security and Why Is It Important?” Www.snhu.edu. December 3, 2021. https://www.snhu.edu/about-us/newsroom/stem/what-is-cyber-security.

[7] O’Flaherty, Kate. 2023. “Why Is Cyber Security’s Sexual Harassment Problem so Rife?” ITPro. January 9, 2023. https://www.itpro.com/business-strategy/careers-training/369817/cyber-security-sexual-harassment-problem.

[8] Ibid.

[9] “The Importance of Women in Cybersecurity.” 2020. Utica University. October 7, 2020. https://programs.online.utica.edu/resources/article/importance-women-cybersecurity.

[10] O’Flaherty, Kate. n.d. “Sexual Harassment in the Cybersecurity Industry -- How One Woman Is Fighting Back.” Forbes. Accessed April 22, 2024. https://www.forbes.com/sites/kateoflahertyuk/2018/08/15/sexual-harassment-in-the-cyber-security-industry-how-one-woman-is-fighting-back/?sh=5c99eb5f576e.

[11] Ibid.

[12] Ibid.

[13] Cortina, Lilia M., Verónica Caridad Rabelo, and Kathryn J. Holland. 2017. “Beyond Blaming the Victim: Toward a More Progressive Understanding of Workplace Mistreatment.” Industrial and Organizational Psychology 11 (1): 81–100. https://doi.org/10.1017/iop.2017.54.

[14] Riddle, Kimbely, and Karen Heaton. 2023. “Antecedents to Sexual Harassment of Women in Selected Male-Dominated Occupations: A Systematic Review.” AAOHN Journal, April, 216507992311570-216507992311570. https://doi.org/10.1177/21650799231157085.

[15] Herrera, Andrea P. 2019. “Strategies for Sexual Subversion: Informing the Future of Sexualities Research and Activism.” Social Thought & Research 35: 79–112. https://www.jstor.org/stable/48564079.

[16] “Breaking down Gender Barriers in Cybersecurity.” March 2023. Www.orangecyberdefense.com. https://www.orangecyberdefense.com/dk/blog/research/for-a-safer-digital-society-breaking-down-gender-barriers-in-cybersecurity.

[17] Excelsior Staff. 2024. “Why Cybersecurity Needs More Women.” Excelsior University. March 5, 2024. https://www.excelsior.edu/article/why-cybersecurity-needs-more-women/#:~:text=Diverse%20teams%2C%20including%20those%20with.

[18] Osbourne, Charlie. 2023. “Women to Hold 30 Percent of Cybersecurity Jobs Globally by 2025.” Cybercrime Magazine. September 27, 2023. https://cybersecurityventures.com/women-in-cybersecurity-report-2023/.

[19] Statista Research Department. “U.S. Military - Distribution of Commissioned Officers by Gender and Branch 2019.” 2023. Statista. December 13, 2023. https://www.statista.com/statistics/214875/share-of-commissioned-officers-in-the-us-military-by-gender-and-branch/

[20] Ibid.

[21]  “Cybersecurity Jobs Report: 3.5 Million Unfilled Positions in 2025.” 2023. AP News. April 14, 2023. https://apnews.com/press-release/ein-presswire-newsmatics/technology-steve-morgan-ein-presswire-newsmatics-2c99c00b8673966bde5eca81f6535320.

[22] “Women in Cybersecurity: Inclusion, Advancement and Pay Equity Are Keys to Attracting and Retaining More Women.” n.d. Www.isc2.org. https://www.isc2.org/Insights/2024/04/Women-in-Cybersecurity-Report-Inclusion-Advancement-Pay-Equity.

[23] “Protecting Women and Girls from Cyber Harassment: A Global Assessment.” n.d. World Bank Blogs. Accessed May 13, 2024. https://blogs.worldbank.org/en/developmenttalk/protecting-women-and-girls-cyber-harassment-global-assessment#:~:text=Young%20girls%20are%20particularly%20vulnerable.

[24] Wong, Kellie. 2023. “Diversity and Inclusion in the Workplace: Benefits and Challenges.” Achievers. August 25, 2023. https://www.achievers.com/blog/diversity-and-inclusion/.

[25] Briggs, Rachel, and Paul Sizemore. n.d. “Empowering Diversity, Equity and Inclusion EMPOWERING DIVERSITY, EQUITY, and INCLUSION in CORPORATE SECURITY.” Accessed May 10, 2024. https://www.asisonline.org/globalassets/foundation/documents/research/asis-foundation-dei-executive-summary.pdf.

[26] “Closing the Gender Gap in Cybersecurity | Cyber Security Career Advice.” n.d. CareersinCyber.com. https://www.careersincyber.com/article/closing-the-gender-gap-in-cybersecurity/.

[27] Khattar, Rose. 2024. Review of Closing the Gender Pay Gap. CAP 20. March 14, 2024. https://www.americanprogress.org/article/playbook-for-the-advancement-of-women-in-the-economy/closing-the-gender-pay-gap/#:~:text=Increasing%20the%20wages%20of%20women,to%20remain%20in%20paid%20employment.

[28] “Benefits of Adding Harassment Training to Improve the Impact of Diversity, Equity, and Inclusion (DEI) Training.” n.d. HSI. Accessed May 15, 2024. https://hsi.com/blog/benefits-of-adding-harassment-training-to-improve-the-impact-of-diversity-equity-and-inclusion-dei-training#:~:text=Coupling%20harassment%20training%20with%20DEI.