2.5 million-plus cybersecurity jobs are open—women can fill them

 This month is Women’s History Month and today is International Women’s Day—a time to reflect as individuals, societies, and industries on our progress for quality and equity for women. As a woman working in cybersecurity, I know firsthand that engaging girls, women, and people of color in cybersecurity as early as possible is critical to the growth and impact of our industry. Security threats are increasingly complex, frequent, and impactful; they come from outside and inside the organization and everyone is vulnerable. The landscape requires a workforce of security professionals who bring diverse expertise, backgrounds, and skills to these cybersecurity challenges. And we know there is a huge opportunity with estimates of one million unfilled cybersecurity roles.

Yet, in 2021, women represented about 25 percent of the global cybersecurity workforce—only one-fourth!1 We can and should do more to encourage more people with diverse perspectives to enter the profession. As we reflect this month, it’s a great time to think about how we can bring more women into cybersecurity and why it’s mission-critical we do so. I promise it’s a great industry to work in!

Encouraging and nurturing the careers of women in cybersecurity is important for a number of reasons:

1. Our cyber adversaries come from diverse backgrounds, which means that our defender community must be equally diverse in order to understand and succeed against them.
2. We are facing a massive talent shortage in cybersecurity of more than 2.5 million job openings. This is putting a strain on security teams and organizations of every size. We can vastly decrease the deficit by deliberately expanding our hiring and mentorship of underrepresented groups who can bring so much to the table.
3. Innovation is everything! And what’s more conducive to innovation than bringing together new perspectives, ideas, and experiences to solve today’s challenges? Cybersecurity depends on it because cybercrime tactics keep evolving. In fact, an MIT Technology Review article referred to cybersecurity versus cybercrime as “an innovation war.”2  
4. Studies show that diversity of thought and leadership is just good for business. A study from Cloverpop showed that gender-diverse teams make better business decisions 73 percent of the time.3 

With all these compelling reasons to promote diversity, why is there such a shortage of women in cybersecurity?

What people believe about women in cybersecurity

To learn more, Microsoft Security commissioned a survey to find out what is contributing to the skills shortage gap. Our main goals were to identify the dynamics fueling the gender gap in cybersecurity and to explore strategies for Microsoft to overcome those barriers.

Although most respondents (83 percent) said they believe there is an opportunity for women in cybersecurity, less than half of female respondents (44 percent) believe they’re sufficiently represented in the industry. A lack of representation can then reinforce the gender gap by dissuading women from entering cybersecurity. More women than men (54 percent versus 45 percent) say there is gender bias in the industry that results in unequal pay and support. It’s extremely important to break through biases that limit women’s career options.

Many respondents indicated a bias that cybersecurity isn’t a traditional career choice for women. Several respondents revealed how entrenched such beliefs are: “There are fewer women interested in high tech,” said one. “Women get bored with computers because they are better caregivers,” said another.

Some women expressed these biases themselves. The survey indicated women are more likely than men (71 percent versus 61 percent) to think that cybersecurity is “too complex” of a career. Men are more likely than women (21 percent versus 10 percent) to feel qualified to apply for a cybersecurity job posting. And more women than men (27 percent versus 21 percent) believe men are seen as a better fit for technology fields.

That breaks my heart.

Many believe gender bias starts early. More than one in four (28 percent) believe that parents are more likely to steer their sons to technology and cybersecurity fields than their daughters. The women surveyed are more likely than men (31 percent versus 26 percent) to believe this. Another possible contributor is that women typically have fewer cybersecurity role models—parents, mentors, or peers—who could spark their interest in the profession.

My journey in cybersecurity

I grew up in India, not knowing anyone in cybersecurity. But I was fortunate to have strong women in my life to encourage me, and great role models in my parents and grandparents. Eventually, I became the first woman in my family to work outside of the home. My interest in science was sparked when I was 10 or 11 by my love of the science-fiction television show Star Trek, which was one of the few available in India. It led to a dream of being captain of the Enterprise, and a life-long passion for technology and innovation.

I moved from India to the US when I was 18 after earning a scholarship to the University of Minnesota, where I earned my Master’s in electrical engineering. After graduation, I took an engineering role at Intel. A curiosity about how technology influences the world led me to cybersecurity and I’m so glad that it did. It is such fulfilling, mission-driven work that has a real impact and the power to make our world a safer place for everyone.

I’ve always felt that cybersecurity is a calling but as our survey shows, the journey isn’t always easy. I’ve often been the only woman or person of color at the table. And, while I’ve tackled every challenge thrown at me, I sometimes doubted myself and struggled with imposter syndrome. Most of us do— women especially. The important thing is that over time, we find our voice and learn to speak up.

For myself, I’ve come to understand that my unique set of experiences has tremendous value in the collective wisdom of my chosen field. And I have enjoyed overwhelming gratification in the work I do and the positive impact I can have in the world. So, to anyone considering a career in cybersecurity, I say go for it! You’ve got this. Cybersecurity is an incredible field, and it needs you and everything you bring to the table.

What’s Microsoft doing to help?

As you embark on a career in cybersecurity, know you are not alone. There are so many amazing women and men in our field to support and encourage you. I’m also so proud that Microsoft is partnering on several programs aimed at encouraging girls and women to consider careers in cybersecurity and expanding career opportunities for women. I hope you’ll take advantage of them. These programs include:

• Girl Security: This program builds equitable pathways in security for girls, women, and gender minorities through identity-centered learning, training, and mentoring, beginning in high school. Girl Security’s two-track approach provides girls from underrepresented communities interested in cybersecurity with e-mentorship, professional development, and skill-building. Girl Security’s e-fellowship provides advanced participants with 15 weeks of training, mentoring, and professional development, led by leading women across government, industry, and the social sector.
• CyberStart America: Built by a team of cybersecurity professionals, this immersive cybersecurity training game lets participants try real-world cybersecurity tasks and simulations that help them learn skills. More than 200 fun-to-play challenges are available to play.
• Cybersecurity Converge Tour: In partnership with organizations like the Security Advisory Alliance (SAA), Microsoft hosted students in New York City for a Capture the Flag interactive education and mentorship event with the goal of creating 20,000 internship opportunities and increasing the number of women and minority security professionals. We’ve also sponsored key events that support women like Executive Women’s Forum, The Diana Initiative, and Wicked6 Cyber Games.
• Women in Cybersecurity (WYiCyS): Established in 2012, this global community creates opportunities for women in cybersecurity through professional development programs, conferences, and career fairs.
• Microsoft Women in Security: This long-running, company-wide initiative was started with the goal of building a strong internal community of female cybersecurity professionals through programs, mentorships, and week-long events.
• Cyber Shikshaa: Launched in 2018 by Microsoft India and the Data Security Council of India, this program is creating a pool of skilled female cybersecurity professionals.
• Microsoft DigiGirlz: This program gives high school girls the chance to participate in hands-on computer and technology workshops, learn about careers in technology, and connect with Microsoft employees. We also help girls grow their skills and love for technology through our support of TECHNOLOchias, Black Girls CODE, and Girls Who Code.
• Elevate Initiative: Formed by Mandiant, Microsoft, NightDragon, and the Athena Alliance, this industry consortium offers a supportive community and networking and mentoring opportunities for female leaders in cybersecurity.

Our mission as women in cybersecurity

As we dispel harmful myths about cybersecurity careers, engage in dynamic skill-building, and share stories from female leaders in cybersecurity, Microsoft is also building a stronger global community by partnering with Girl Security in the development of the Cybersecurity Superpowers open-source curriculum, a series of pathways focused on a variety of skill sets. If you are a female leader in cybersecurity, let’s work together to build our support for all those who embark on the journey with us. Stay tuned throughout March 2021 as we showcase fearless women in cybersecurity and new opportunities to learn and grow together. Explore Microsoft Security for customer stories, the Total Economic Impact of Microsoft security solutions, and Zero Trust details.