The good news is women are moving up in the ranks in the field, but the bad news is that women in the information security field comprise just 10% of the workforce. That’s according to The 2015 (ISC)² Global Information Security Workforce Study conducted by Frost and Sullivan in partnership with (ISC)² and Booz Allen Hamilton.
The study found that while more women work in information security today than two years ago, their numbers are only keeping pace with the growth of the industry and remaining steady at 10 percent of the workforce.
According to the survey, which was conducted by 13,930 qualified security professionals from October 2014 through January 2015, one in five women in cybersecurity works in a governance, risk, or compliance position.
In addition, the report found that women are more likely than men to believe that simply raising the pay for information security positions won’t solve the perceived cybersecurity talent shortage. The women surveyed believe that life-quality incentives would help to attract more professionals.
Such incentives would include “flexible work arrangements, and varied training and education methods will be important in attracting and retaining the talent the InfoSec profession requires,” the report stated.
Some potential ways to broadly attract more female talent to cybersecurity include “supporting cybersecurity education in primary schools, offering internships, pairing new InfoSec hires with mentors and adapting compensation plans and training to better align with the flexible working arrangements and diverse training options women expressed as important in retaining and engaging InfoSec professionals,” the survey found.
While it showed that women aren’t gaining in the growing security profession on a percentage basis, the report did have positive news when it comes to women in the information security field. The data show that women are gaining presence in computer science and engineering.
In his conclusion, Michael P. Suby, Stratecast VP of Research at Frost & Sullivan provided advice on direct actions that organizations can take to attract more women to the information security workforce. These included supporting cybersecurity education in primary schools, offering internships, pairing new InfoSec hires with mentors, and, as the survey described, adapting compensation plans and training to better align with the flexible working arrangements and diverse training options that women said were important to engage and retain InfoSec professionals, Suby wrote.
Survey respondents predict that in the years ahead there will be greater emphasis on managerial roles and fewer roles involved in operations and security consulting, while GRC is expected to gain prominence and network security architecture is expected to decline somewhat. Here is a chart from the survey:
The chart below shows the six top competencies information security leaders will likely need to succeed in the years ahead, according to respondents: