The problem is familiar. Cybersecurity is still a male-dominated field. Women make up only 10 percent of the global cybersecurity workforce. The field is missing out on a lot of capable people and women are missing out on an interesting, well-paid career path. There have been numerous initiatives trying to change the situation, but fighting existing stereotypes has proven to be hard.
The underlying problem: society still views technology as a ‘boy thing’. Boys are the inventors, the hackers, the tinkerers. Girls are not expected to have the same interest in building the cool stuff. They are expected to be better at soft skills like empathy, talking and feelings. These expectations still drive girls toward people-focused careers and away from science and technology, despite all efforts. Or perhaps, ‘despite’ is not the right word here…
Do not Focus on the T-word
There are several articles that aim to get girls interested in a career in cybersecurity. But even those articles cannot avoid that tech-avoidant girly girl stereotype from popping up from time to time.
It is very telling that the tech part is often assumed to be the ‘bad’ part. It is the part that needs to be sugarcoated somehow. Yes, it is somewhat reluctantly admitted that the field has its roots in technology. But these roots are to blame for the field’s poor reputation. The articles try to lure attention away from this ‘bad’ part by repeating over and over again that the field is so much more than ‘just tech’.
They keep going on about how the field needs to broaden its definition beyond the technical domain and that it is such a misconception to think that cybersecurity is only about keeping information and computers safe. Girls should not think that the domain is highly technically focused. They must know that cybersecurity is so much more than ‘hacking and passwords’. It is a multidisciplinary field, and if they do not like tech, there are plenty of non-technical areas to go into as well! And do not worry; a technical background or technical skills are not needed to get a job in cybersecurity.
Looking for tech skills and technical qualifications in cybersecurity candidates is condemned as a bad practice. It ‘puts women off’ and even ‘naturally excludes’ them. Girls and tech do not mix very well, apparently.
Girly Skills Wanted
Next to the assumption that the tech part in a career needs to be downplayed in order to sell it to women, there is the assumption that women will be naturally attracted by the people part. This is the part that gets advertised as a strong selling point.
These articles point out how professionals in cybersecurity have to deal with all kinds of different people. They argue how important it is to know a thing or two about business and organisational psychology. They stress the field’s connection with fields like behavioural science and politics. And they discuss the need for people who can serve as translators and bridge-builders. That is where the girls come in, with their naturally superior soft skills as strong communicators and collaborators.
This is not to downplay the importance of the people part in cybersecurity. It is just as important as the technology part. But it is very typical that in articles aimed at women, it is this people part that gets emphasised over the technology part. This echoes existing stereotypes of tech-avoidant, people-oriented females versus technical, tinkering males.
A lot of the opinions expressed in those articles come from women in cybersecurity themselves. But women can have gender prejudices too. These societal expectations are deeply ingrained in everyone and, as this article shows, it is hard to fight them, even with the best of intentions.
Back in the Real World
But what if the writers of those articles have intentionally sugarcoated the tech bits? What if they know that that is the only way to get their message across? What if too much talk about tech really does scare the girls away?
The people interviewed in those articles have years of experience as experts in the field. If there is anybody who knows what works and what does not, it is them. And probably, they are right. Emphasising all the different and interesting social aspects of the field is more likely to draw girls’ attention than talking about technical challenges. But this preference is, for a large part, the result of the subtle (and not so subtle) messages society keeps sending to girls: they are helpers, not tinkerers. A message this kind of article keeps reinforcing.
As long as this keeps happening, things are not going to get any better. If girls keep seeing themselves as non-tech people persons first, they are less likely to choose a career in cybersecurity. Cybersecurity might be broad and multidisciplinary, but it is still a tech field. Professionals work with tech people and get to deal with tech-related issues. Why would people go into a tech field when their natural talents lie in an entirely different domain? Not even cybersecurity’s bright career prospects seem enough to change women’s minds about this.
If the field really wants to get more diverse, playing into existing preferences (and reinforcing them) is not enough. It is those preferences themselves that need to be changed. Of course, that is going to be a difficult job. But unfortunately, no one said that changing the world was going to be easy…
What do readers think? Is it realistic to expect those preferences to change anytime soon? Or should the cybersecurity field accept gender preferences as they are today and play into those preferences in order to attract a more diverse workforce?
This article was originally posted at medium.com/storro-blog
Joke Noppers is a freelance cybersecurity writer working with Storro B.V. Storro is an application for secure collaboration, without the cloud. Visit storro.com for more information.