On April 11-12, the 1st National Women in Cybersecurity (WiCyS) conference (www.wicys.net) to be held in Nashville, Tennessee, will provide an exclusive opportunity to bring together women students, faculty, professionals, and researchers in cybersecurity from academia, industry, research, and government organizations in efforts aimed at increasing the pipeline of women security professionals and improving the diversity of our cybersecurity workforce.
In the computing field, security remains an essential skill for today’s digital workforce, as the lack of security awareness costs businesses, government, and citizens severely every year. The role of cybersecurity professionals in protecting cyberspace and critical infrastructures is crucial. Therefore, the demand for cybersecurity professionals is estimated to increase significantly. Over the last five year period it was more than three times the demand of the overall IT job market. The number of security professionals worldwide is expected to increase to nearly 4.2 million by 2015. Further, for information security professionals the U.S. Department of Labor Occupational Outlook Handbook projects faster than average and much faster than average job outlooks between the years of 2012 to 2022. These projected job outlook growths are even greater than the projections for computer occupations.
Despite the growing demand and tremendous job opportunities, cybersecurity remains an area where there is significant shortage of skilled professionals regionally, nationally, and internationally. Currently, the information assurance and security pipeline is not producing enough cybersecurity professionals. Without proactive efforts to fill and maintain this crucial pipeline, the nation will run into the crisis of shortage of skilled professionals protecting our cyber infrastructure.
Compounding the problem of the security professional shortage is the fact that women’s representation in this male-dominated field of security is alarmingly low. While 25% of IT workforce is women, they represent only 8 to 13% of cybersecurity workforce. Why does it matter? Research shows that diversity brings a variety of experience, perspective, knowledge, and skill together to find more and better solutions to challenging problems. Diverse thinkers with diverse perspective can analyze and address the complex problem space of cybersecurity to find innovative complementary solutions. The constantly changing aspects of the information assurance and cybersecurity field makes it all the more essential to ensure full participation of a diverse workforce that will integrate more creativity and multi-perspective problem solving to shape technology in cybersecurity. Today’s cybersecurity workforce could increase diversity through women and minority professionals.
Just recently the Center for Strategic and International Studies described the importance and need for increased numbers of people interested in cybersecurity as a career option, regardless of gender. So, how can we increase the number of cybersecurity professionals and supply the pipeline for future needs? Women are half of the US workforce and represent an excellent resource for filling and diversifying our current and future needs for the cybersecurity workforce.
To realize the value of diversifying and increasing the pool of our cybersecurity workforce we must identify and overcome the challenges for why women are underrepresented. The lack of women in cybersecurity is a result of the lack of women in computing in general. Of all education disciplines, women college graduates in science, technology, engineering, and mathematics (STEM) remain at all levels remain low. The identification of the primary challenges and reasons for the underrepresentation of women in STEM majors is a first step towards actions for overcoming these challenges. The significant underrepresentation of minorities, especially women in cybersecurity, is due to the following probable reasons:
- Stereotypical notions
- Lack of social support
- Lack of confidence in women
- Lack of exposure to role models
- Lack of integrated efforts to recruit women
- Lack of opportunity to connect with mentors
- Lack of knowledge about the field of cybersecurity
- Lack of directed effort to eliminate unconscious bias
- Lack of awareness of professional development resources
- Lack of awareness of opportunities in Cybersecurity related occupations, education, and research
While many challenges are present for women in cybersecurity, there are many positive benefits for cybersecurity professionals that are worth the time and effort invested into overcoming these challenges. There are few current efforts addressing the need for a diverse cybersecurity workforce, and collaborative projects are beginning to emerge.
How can government, academia, and industry help to advance underrepresented groups in this field? If we want to broaden the pool of our cybersecurity workforce in terms of both quality and quantity, we have to invest time and effort in recruiting for diversity. Some actions that can be utilized include:
- Spread the word
- Create opportunities
- Break stereotypical notions
- Provide access to resources
- Contribute to support community
- Provide access to mentor network
- Attract and engage through gender equitable environment
- Initiate and engage in directed efforts to recruit diverse groups
- Create a path that is more affordable and appealing to women
Tennessee Tech University (TTU) is leading a collaborative partnership with the National Centers for Academic Excellence in Information Assurance Education at the University of Memphis (UofM) and at Jackson State Community College (JSCC) to overcome the challenges faced by women interested or involved in cybersecurity. This is a NSF SFS funded Broadening Participation of Women in Cybersecurity Project that is a directed effort to build momentum towards a movement of proactive efforts to diversify the cybersecurity workforce. There are four main components of this project and the WiCyS Conference is a major piece.
The conference is designed to increase women’s participation in cybersecurity through research-supported practices that include intentional role modeling, networking, mentoring, and access to career information. The foundation of these approaches are endorsed by National Center for Women and Information Technology (NCWIT), Computing Research Association Committee on the Status of Women in Computing (CRA-W), Association of Computing Machinery’s Women in Computing (ACM-W), Anita Borg Institute (ABI), Grace Hopper Regional Consortium (GHRC), and others who have used these as means to improve gender balance in computing.
WiCyS 2014 will offer keynote speaker sessions, technical presentation sessions, panel and birds-of-feather sessions, lightning talks, student poster sessions, student and faculty workshops, and career and graduate school fair. It will build and support an online community for Women in Cybersecurity. Speakers include (among others): Dr. Ernest McDuffie, NIST Lead for National Initiative for Cybersecurity Education (NICE), Dr. Deborah Frincke, NSA/CSS Associate Director for Education and Training, Julie Talbot-Hubbard, Vice President and Chief Security Officer for Symantec, and Dr. Valerie Barr the chair of ACM-W. To continue the momentum of recruiting and retaining outside of the conference, the Women in Cybersecurity online community resource and network will be made publicly available.
Assessment and evaluation to demonstrate impact and determine whether the WiCyS initiative makes a difference, we plan to measure the following after the upcoming WiCyS conference:
- Do WiCyS student workshops increase women students’ awareness of and interest in pursuing further study of cybersecurity?
- Do WiCyS faculty workshops increase faculty expertise to teach cybersecurity issues?
- How has women students’ participation in security internships and security research experiences been – as a result of contacts made/resources offered during the WiCyS conference and related activities?
- What are the results of women students’ recruitment into the SFS Program and graduate school – as a result of contacts made/resources offered during the WiCyS conference and related activities?
- Is there evidence of interaction and networking in the community of women in cybersecurity?
Evaluation will consist of participant observation of the WiCyS conferences and its workshops for students and faculty, and surveys of conference and workshop participants. A series of surveys will be given to workshop and conference participants. All assessments will be shared with WiCyS advisory board and any recommendations to improve will be implemented in future WiCyS events and activities.
The first WiCyS conference (2014) and the second WiCyS conference (2015) are both excellent venues for government, academia, and industry to proactively support the broadening participation of women in cybersecurity. Volunteers, sponsors, speakers, and participants are welcomed and information is provided through announcements and the conference site at www.wicys.net. With support from community, we hope to sustain WiCyS as a bi-annual event.
About the Authors
Dr. Ambareen Siraj is serving as the PI for NSF SFS Project “Capacity Building in Cybersecurity” and NFS DUE Project “Security Knitting Kit”. She is serving as the chair of the WiCyS 2014 Conference, Co-Chair for the Southeast Women in Computing Conference 2013, Co-Chair of the NCWIT Aspiration in Computing in Tennessee. Additionally, Dr. Siraj is an advisor to the TTU CyberEagles Club and a working group member of Cybersecurity Competition Federation. Her research interest is in security in smart grid.
Ms. Summer Prince is a programmer analyst at Tennessee Valley Authority with a M.S. in Computer Science Information and Assurance Security specialization. Her research work has a focus in smart grid cybersecurity. She also serves as the Social Media Coordinator for WiCyS committee.