I am very excited to contribute to this new Equal Respect dialogue! Chenxi has created a community and started a movement that impacts so much more than women in the information security field. She is working to find solutions that will benefit the entire world.
This is part one of a two-part article. In this first part, I look at the real-life challenges we face from a lack of diversity in the information technology and security industries.
I have been in the software or cybersecurity field for 16 years, and have been fortunate to work for, and with, some incredible mentors – male and female. However, I currently sit at a leadership table surrounded by only men. And not because this is a backwards organization – on the contrary, Carnegie Mellon University is dedicated to diversity and inclusivity – but because we simply cannot make improvements to the number of women in the infosec workforce if the resources from which to draw them are shrinking.
Let me be clear, I am not pointing this out to say that these men do not deserve their spots at the table or that they should be arbitrarily replaced by women. Nor do I want any position handed to me based on my sex. But there are reasons to be concerned about the lack of diversity in this field – and the future of information security looks as male-dominated as ever.
As Chenxi pointed out in her first column entry, females represent only 10% of the information security industry. Here are a few more sobering facts:
- The National Science Foundation notes that “women have earned 57% of all bachelor's degrees and about half of all Science and Engineering (S&E) bachelor's degrees since the late 1990s.”
- However, the number of women obtaining bachelor’s degrees in Computer Science (a field from which many information security positions draw) dropped significantly from 2002 to 2012. Women received 27.5% of bachelor’s degrees in Computer Science in 2002 and only 18.2% in 2012.
- Even more sobering is a Stanford University study showing that 56% of women in high tech companies leave their organizations at the mid-level point in their careers. A research report in Harvard Business Review reveals that many women leave these positions because of the hostile work environment.
No wonder we don’t have more young women lining up to fill the projected one MILLION open cybersecurity positions.
There are two main reasons that this should concern both the information security field and consumers of the products and services created by the same industry:
1. Companies with a diverse workforce and leadership outperform other companies.
2. The Internet of Things impacts everyday life and yet we are depending primarily on the male point of view, not just to secure the world for all of us but to design and make it more convenient, too!
There are numerous studies on the positive impact that gender-diverse teams have on a company’s bottom line. In my own non-scientific observations, I see this in the graduate courses that I teach at Carnegie Mellon University’s Heinz College. In classroom exercises, the teams with at least one female have outperformed the all-male teams in the Marshmallow Challenge almost every semester. Nothing speaks to a CEO like the ROI, so this diversity needs to be addressed in boardrooms, human resources departments, and on tech teams.
The second point is even more poignant. It seems that Marc Andreesen was correct, and software really is eating the world, as technology rapidly becomes more widespread and thus the interconnectedness of everything poses new security and privacy challenges. Artificial intelligence, machine learning, and information security are so intrinsic to our way of life that, as Melinda Gates pointed out, we ought to care that women are not participating in shaping this world. And as Walt Mossberg said at the same Vox Media’s Code Conference, “Women’s participation in artificial intelligence can’t just be limited to being the voice of AI assistants like Amazon’s Alexa or Microsoft’s Cortana.”
If you think that women in science is just about being politically correct, think again. The healthcare field realized that women were needlessly suffering or even dying from medications “because the recommended doses were based on clinical trials that focused largely on average-sized men.” As the number of females in medicine increased, the healthcare for women improved.
We need to address the fact that women are not a part of the pervasive information security field that impacts each of us on a daily basis.
So what can we do to solve the disturbing fact that the number of women in computing are actually declining?
I’ll be discussing that in part 2 of this post.
Summer Fowler is the Technical Director of the CERT Cybersecurity Risk & Resilience Directorate in the CERT Program at Carnegie Mellon University’s (CMU) Software Engineering Institute (SEI). Summer is responsible for executing the strategic plan for a research portfolio focused on improving the security and resilience of organizational assets, including people, information, technology, facilities, and infrastructures.