Women remain under-represented in the information security workforce, yet represent a talent resource that the industry should tap into, a report has revealed.

Despite the desperate need for information security

professionals, the report released by education and certification body for information security professionals (ISC)², in collaboration with Booz Allen Hamilton, shows that while women have represented only around 10% of the information security workforce for the past few years, they are quickly converging on men in terms of academic focus, computer science and engineering, and have a higher concentration of advanced degrees.

The report is aimed at identifying the unique differences between men and women in the industry to to encourage more women to pursue this career and is based on data from the two most recent Global information security workforce studies with more than 14,000 industry respondents, which have been commissioned by (ISC)² and conducted by Frost & Sullivan.

According to the Women in security: Wisely positioned for the future of InfoSec report, women are making their largest impact in governance, risk and compliance (GRC), with 20% of women identifying GRC as their primary functional responsibility, compared with just 12.5% of men holding similar positions.

GRC is one of the fasting growing information security roles where women tend to dominate, the report said, with women typically possessing key character traits that enable them to succeed in GRC roles.

Despite this, the report notes that in the GRC subgroup of respondents, women’s average annual salary is 4.7% less than men. However, the report also points out that the data shows a difference between the importance men and women place on monetary compensation. Men value monetary compensation slightly more than women, who look for other incentives from their employers such as flexible work schedules.

The report said the percentage of women with either a master’s or doctorate degree is relatively high, with 58% of women having advanced degrees compared with 47% of their male counterparts.

Read more about women in information security

The data also shows that women are more progressive in their views on training methods. The report notes that offering increased accessibility and wider diversity of information security training opportunities may prove to be increasingly valuable in retention and in elevating professionals’ readiness to succeed in new roles.

“The information security field is expected to see a deficit of 1.5 million professionals by 2020 if we don’t take proactive measures to close the gap,” said (ISC)² chief executive David Shearer.

“Knowing this, it is rather frustrating to realise that we do not have more women working in the industry. Only 10% of information security professionals are women, and that needs to change,” he said.

Empowering under-represented minority groups

According to Shearer, through collaboration, research and partnerships, (ISC)² is committed to empowering under-represented minority groups in the industry, such as women, who bring skillsets that are critical to this industry’s future growth.

Allison Miller, product manager at Google and member of the (ISC)² board of directors, said the findings of the report are heartening.

“We are starting to see a full career progression for information security professionals. We’ve moved past the stage where people say, ‘You do what for a living?’, and have matured into an industry that needs and demands more diverse skillsets, and more sophisticated differentiation of roles,” she said.

According to Miller, the statistics show that the industry needs more talent. “Let’s foster more talent and innovation, everywhere in information security. That means taking more risks and including more voices. Having hard data gives us the ability to assess industry gaps and shortages – and individual career objectives and expectations – in a more thoughtful and systematic way,” she said.

The adaptive nature of cyber threats demands a talent management strategy that will broaden the skillsets and knowledge of the information security profession, said Angela Messer, the executive vice-president leading Booz Allen’s predictive intelligence business in the firm’s strategic innovation group.

“The adaptive nature of cyber threats demands a talent management strategy that will broaden the skillsets and knowledge of the information security profession. We must demonstrate to young women thinking about entering the industry the many opportunities that await them and reinforce for those currently working in cyber security that they have bright futures ahead,” she said.