The 2015 (ISC)2 Global Information Security Workforce Study documented that the information security (InfoSec) profession is growing in numbers yet falling increasingly behind in meeting market demand. Furthermore, the complex demands on this profession have contributed to a workforce that is disproportionately older than 40 years old (70% are at least 40 years old versus less than 7% younger than 30 years old) and highly educated (more than 45% have either a Master’s or Doctorate degree). At the same time, job satisfaction is quite high, with more than 75% stating that they are either somewhat or very satisfied, plus the surveyed InfoSec professionals expressed a strong proclivity to invest in their careers through a myriad training opportunities.
InfoSec employment is also predominantly male. At approximately 10% of InfoSec professionals, attracting more women into the InfoSec profession would lessen the workforce shortfall. Yet, as the Global Information Security Workforce Studies have illuminated, the proportion of women to men has been stubbornly stagnant. The number of women in information security employment is growing, but only at the rate of growth equal to that of the profession as a whole.
The aggregate numbers, however, mask the progress being made by women in the InfoSec profession. For instance, the undergraduate degrees of women in InfoSec are converging on those of their male counterparts. An increasing percent of InfoSec women have an undergraduate degree in either computer science or engineering, a noteworthy observation given the general affinity to hire people with similar backgrounds as the current workforce.
More interesting, however, is the path that women are taking once in the profession. Women are increasingly taking a career path that has a primary functional responsibility in governance, risk, and compliance (GRC). The Global Information Security Workforce Studies show that GRC is one of the growing InfoSec roles. Women, therefore, have positioned themselves wisely in an InfoSec profession that should not be defined by sheer headcount, but in the roles of those that are shaping the future practice of InfoSec.
In this paper, we describe gender differences within the InfoSec workforce based on surveys of InfoSec professionals sponsored by (ISC)2 in partnership with Booz Allen Hamilton. In our analysis, we examined the survey results in three groups: (1) the total global survey, (2) leaders versus practitioners (“doers” was the term used in the 2013 paper on this same topic), and (3) survey respondents that selected GRC as their primary functional responsibility. Through a progression of examining smaller subgroups, homogeneity of the sample improves as does the robustness of the inferences (i.e., by minimizing the effects of exogenous factors such as cultural, economic, and locational). Additionally within this report, we interspersed perspectives from a panel of women leaders in the InfoSec profession.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program