Exploring the Benefits of Gender Diversity in Cybersecurity

Research shows more diverse teams are higher performing when compared to homogenous teams. Yet today, only 11% of cybersecurity professionals are women. This gender discrepancy, coupled with the cybersecurity skills shortage, offers women a valuable career opportunity, and gives organizations a means for filling the skills gap that currently plagues the industry.

The already problematic shortage of cybersecurity workers and security skillsets is forecasted to get worse, with 51% of the 3.5 million security job openings predicted to be unfilled in the year 2021. However, the cybersecurity skills gap and the skill shortage can be partially addressed by building more gender-inclusive teams. The recruitment and inclusion of more women in the space will not only fill some of these gaps, but research shows this will simultaneously create higher performing organizations.

Fortinet recently conducted a webinar entitled “Realizing the Benefits of Gender Diversity in Cybersecurity” to explore this topic. This analytical webinar featured two of the industry’s most highly-qualified leaders, Joyce Brocaglia and Renee Tarun.

Joyce Brocaglia, is the CEO and founder of Alta Associates a leading executive search firm specializing in cybersecurity and the founder and president of the Executive Women’s Forum the largest member organization for women in Cybersecurity, IT Risk, & Privacy. She has over three decades of experience as a career advisor and women’s advocate in the IT and security space. Renee Tarun serves as the VP of Information Security at Fortinet. Before joining Fortinet, Renee spent more than 20 years with the U.S. Government and served as the Director of the National Security Agency’s Cyber Task Force. Currently, Renee oversees security compliance and governance, enterprise security, and product security at Fortinet. In addition to Renee and Joyce’s own professional experiences, our discussion also addressed some of the findings from Fortinet’s recent cybersecurity skills gap assessment series on the gender gap, along with some additional external research. Utilizing these key findings and discussion points, this conversation focused on why diversity delivers business advantages and how female cybersecurity professionals can advance their careers.

Defining the Problem

Research shows that while women represent close to 50% of the overall population and global workforce, only 11% of the cybersecurity workforce is comprised of women. Even more alarming is the fact that men are:

  • 4x more likely to hold executive roles than their female counterparts
  • 9x more likely to hold managerial roles than women
  • Paid 6% more than women
  • Experience 240% less discriminatory treatment than females

The glaring question facing our industry is, why?

The truth is, gender bias is a prominent issue in the cybersecurity workforce. According to Joyce Brocaglia, there are many women currently in the cybersecurity space (and outside of the space) that are opting out of certain roles due to a perfect storm of unconscious (and sometimes conscious) bias, resulting in women being underrepresented—especially when they represent a dual or multiple minority, such as being a woman of color.

To combat this issue, companies must stop siloing talent and start changing the way they look at skills in the hiring and promotion processes. A renewed focus on minimizing biases to better engage and retain the talent already present within their organizations will allow organizations to prosper in ways not possible otherwise.

How Women Can Help Fill the Cybersecurity Skills Gap

In our project with Datalere, we used natural language processing and ingested thousands of job ads—and resumes—for job types ranging from Incident Response Specialist to CISO. In looking at these job ads and resume structures, we analyzed the presence of hard and soft skills as well as a range of demographics, including job hopping, tenure, and gender diversity. From there, we broke soft skills down into four quadrants in order to conduct a deeper analysis of role requirements and the individuals that meet them.

The four quadrants include:

  • Leadership
  • Interpersonal/Communications
  • Analytical
  • Personal Characteristics

Of the top 20 skills employers list as a requirement in their job descriptions for CISO placements, 17 are considered soft skills.

Further, resume analytics reveal that women bring broader skill diversity to cybersecurity roles. For example, women cite more soft skills across all four quadrants, and do so more often than men. Research shows these soft skills are key differentiators for leaders in the space. Female job seekers cite:

  • 52.5% more soft skills across all four quadrants
  • Analytical skills 150% more often
  • 46% more skills in the leadership quadrant in resumes. 

Based on this analysis, women across industries are clearly highly qualified to fill open roles in the cybersecurity industry, especially as they not only bring experience and technical skills to the table, but those essential soft skills that make teams more diverse, and in turn, more productive. To better capitalize on the value these women possess, our research shows that organizations should pay more attention to soft skills when reviewing candidates in order to generate more gender diversity and thereby increase business success.

That success can be specifically identified and quantified. According to Fortinet research, for example, gender-diverse teams make better decisions 73% of the time versus 58% of the time for all-male teams. Venture capitalist (VC) funded, women-led teams bring in 12% higher revenue for their organizations than male-dominated VC firms do, while VC firms with at least one woman in a leadership position outperform all-male peer organizations by 63%.

Moving Forward in Cybersecurity

Over the past few years, companies have shown a heightened desire to increase diversity in their hiring practices. Collectively, we must move forward more aggressively on that desire by adopting more focused and inclusive recruiting strategies to hire more women into critical cybersecurity roles.

At the same time, there are things that women can do to proactively manage their careers in the tech space. By taking just a few simple steps, women can shrink bias in the field and move toward greater equality. These include:

Assume New and Different Roles: Try to take on a variety of roles and responsibilities to round out your skill sets, as Renee Tarun has done. Sometimes, you have to take jobs outside of your comfort zone to advance your career. Doing so enables you to gain valuable skills and experience and build lasting relationships that will aid in further career assignments. This will help you grow both professionally and personally.

Leverage Mentors and Advocates: Identify professionals (both men and women) who are in a position you aspire to hold and ask them for career advice or to serve as a mentor. Join internal and external professional organizations and take on an active role. The Executive Women’s Forum is the largest member organization dedicated to engaging, developing and advancing women leaders at every stage of their careers. Their members participate in LIFT, a formal mentorship program that engages hundreds of mentees and mentors. These actions will help promote your personal brand and get you noticed and recalled when an open position needs to be filled. When analyzing the benefits of leveraging professional networks and mentors, we found that:

  • 76% of people were recommended for a high-profile project by their sponsor
  • 55% were proactively introduced to other people within their professional network
  • 44% had the opportunity for formal or informal mentoring
  • 38% had the opportunity for non-technical skill development
  • 63% had a sponsor recommend them for a promotion
  • 100% had an opportunity for leadership coaching

Concerning Equal Pay: According to Joyce Brocaglia, women tend to not ask for more competitive compensation both early on in their careers  and during subsequent job changes. This initial reluctance can multiply and get compounded over the years, in part because women generally do not change jobs as frequently as their male counterparts, which leads to a lag in compensation. Brocaglia suggests, to address this issue, there are two things that are very important for women to note when considering their own compensation. First there is new legislation which precludes companies from asking candidates what they are currently earning. So that means the compensation discussion when changing jobs should focus on the base salary and total compensation that you are seeking to achieve and not what you are currently earning.  Second, be aware of the gender pay gap itself, and see if your company has any metrics reported on pay gap and determine what the current salary range for your position is to ensure that you are at least at the mid-point.

Final Thoughts

Cybersecurity can be a great career for just about anybody who possesses the skills that matter. A combination of soft leadership skills and hard skills in cybersecurity strategy, management, user education, risk assessment, and security operations qualifies anybody, regardless of gender, sexual identity, race, or background for a position in the cybersecurity space. And more importantly, those individuals are desperately needed.

Organizations can take part in closing the skills gap by actively improving gender diversity within the industry. There is also some interesting data around job descriptions containing too much male-gendered language. This disparity can be remedied by reviewing current openings and intentionally writing more inclusive job descriptions, adjusting interviewing and vetting approaches, and building more inclusive company cultures.

No matter what type of background you come from, you can help play a critical role in closing the growing cybersecurity skills gap. 

Check out our entry level designation of the Fortinet Network Security Expert (NSE) program. It is intended to provide a basic understanding of the threat landscape facing networks today. Anyone interested to learn about the threat landscape and cybersecurity should take this course for more learning. Also learn more about the Fortinet Network Security Academy available to educators and students or the FortiVets program.

Additional Resources


About Fortinet

Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network – today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 375,000 customers trust Fortinet to protect their businesses. Learn more at //, the Fortinet Blog, or FortiGuard Labs.    

Copyright © 2019 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiCare, FortiManager, FortiAnalyzer, FortiOS, FortiADC, FortiAP, FortiAppMonitor, FortiASIC, FortiAuthenticator, FortiBridge, FortiCache, FortiCamera, FortiCASB, FortiClient, FortiCloud, FortiConnect, FortiController, FortiConverter, FortiDB, FortiDDoS, FortiExplorer, FortiExtender, FortiFone, FortiCarrier, FortiHypervisor, FortiIsolator, FortiMail, FortiMonitor, FortiNAC, FortiPlanner, FortiPortal, FortiPresence , FortiProxy, FortiRecorder, FortiSandbox, FortiSIEM, FortiSwitch, FortiTester, FortiToken, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLCOS and FortiWLM.

Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments. This news release may contain forward-looking statements that involve uncertainties and assumptions, such as statements regarding technology releases among others. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.