This is among the findings revealed in an analysis of research from the ISC2 Cybersecurity Workforce Study. This analysis, published Friday, is the latest in a Women’s History Month series from ISC2 — a member association for cybersecurity professionals across sectors.
The lack of women in the IT workforce creates unique cybersecurity risks, attributed in part to the areas women prioritize, so governments have taken action in recent years to attract and retain more women in these roles.
While the majority of survey respondents, both male and female, previously worked in an IT position before getting their first cyber job, new pathways are emerging. Nearly a quarter of female respondents came into the profession through a non-IT job compared with 17 percent of male respondents.
And on the hiring side, 56 percent of women surveyed said that their organizations are changing hiring requirements to bring people in from non-cybersecurity backgrounds compared to 41 percent of men surveyed.
The public sector, specifically, has seen a shift to skills-based hiring in recent years, with agencies like the Indiana Office of Technology (IOT) turning to on-the-job training as a solution to bolster their workforces.
“I’ve got line cooks, truck drivers, factory workers, a mail carrier, teachers, grocery store employees, and now those folks serve in IOT,” Jon Rogers, Indiana’s director of strategic workforce planning, previously told Government Technology.
The analysis also highlighted that 43 percent of women said their organization still needs to hire more people from non-cybersecurity backgrounds — and 33 percent of male respondents agreed.
Higher education is identified as a significant pathway into cybersecurity roles, with 24 percent of women saying they came into the field with a cybersecurity-related undergraduate degree and 23 percent with an undergraduate degree in another area. This compares to 18 percent of men in each category.
Overall, female respondents had higher levels of formal education than male respondents.
Female respondents are also prioritizing pre-career experience such as internships and apprenticeships at a higher rate than male respondents. Female respondents were also more likely to hold a cybersecurity certification before entering their first job in cybersecurity, with 18 percent doing so compared to 16 percent of men.
ISC2 recommends that hiring managers expand their potential talent pool through nontraditional hiring strategies and consider the value of cybersecurity certifications — both those currently held and those that candidates plan to pursue.
Notably, this study included respondents identifying as female, male, intersex, transgender, nonbinary, and those who prefer not to say or prefer to self-describe.
This is significant, as a survey during the summer of 2023 indicated that nearly 60 percent of nonbinary employees in the U.S. have experienced discrimination or harassment at work, and 16 percent of nonbinary employees at that time reported being fired, not hired, or not promoted due to their orientation or identity, within the prior year.
Cohorts — from those for women, to nonbinary individuals, to veterans and beyond — can be a valuable part of diversifying tech.
Anushree Bag, a former public-sector CIO who created the Government Women in Technology group during her time with Indiana, told Government Technology in 2022 that nearly 150 women were meeting monthly to discuss work challenges and opportunities: “That has been a huge source of energy for me personally and for all these women who have joined.”
