About the SANS 2020 Women in Security Survey
Women may only represent about 20 percent of the cybersecurity workforce as of 2019[1], but when it comes to leveling the playing field, this number is up from 11 percent since 2013. It’s progress. In fact, there are many indicators that women are joining the cybersecurity forces and advancing more than ever before. For instance, Forrester predicted that the number of female CISOs at Fortune 500 companies would hit 20 percent in 2019 — up from 13 percent in 2017.[2] Women also made up 32 percent of the speakers at the RSA Conference in 2019.[3]
So how are women entering the cybersecurity field? And what are they learning about breaking down the barriers to advance their careers and become leaders? In its 2020 Women in Security Survey, SANS targeted successful women working in various roles in the cybersecurity community. SANS asked their respondents about how they broke into the field of cybersecurity, gained career momentum, chose a specialty, and found ways to remain relevant.
Following are three key takeaways from their research.
No. 1: Women Must Be Proactive to Get Ahead
You may have heard the shocking statistic that while men will apply to a job if they meet 60 percent of the qualifications, women will only apply if they meet 100% of them.[2] But when asked why women rose to a leadership role in cybersecurity — over other qualifications that included “experience,” “certifications,” and “education” — 41 percent of respondents cited “being in the right place at the right time” for why they were promoted.[1] What does that mean, exactly? They were willing to throw their hat into the ring when an opportunity presented itself. While experience, certification, and education are certainly important, they aren’t the only things.
Takeaway: Be willing to go outside of your comfort zone and put yourself out there when an opportunity presents itself.
No. 2: A Degree Can Help You Break into Cybersecurity, But Ongoing Training Can Also Get You There
SANS reported that 16 percent of their respondents were hired immediately after completing their undergraduate degree. If you already know the field you are interested in pursuing, gaining a bachelor’s or master’s degree can help — nearly half of the survey respondents reported having either a bachelor’s or master’s degree — but a degree isn’t everything. Nineteen percent of the respondents credited ongoing training as the reason they achieved their leadership position, while another 34 percent attributed their success to gaining certifications.
In fact, when the questions turned to training, a whopping 86 percent said they got the bulk of their training on the job, while another 75 percent cited certification programs.
Takeaway: While a degree can help you be hired straight into the field, it’s not a deal-breaker for a successful career. On-the-job training and certifications can play a huge role in helping you become a leader in the cybersecurity field.
No. 3: Mentoring Matters
The cybersecurity community is a strong one. We are lucky to be in a field where information and support are shared freely. SANS reported that having a strong mentor or champion was the most helpful element in securing a move up the career chain. Another 34 percent reported that having a strong mentor helps them stay current in their field. But because women are still underrepresented in the cybersecurity field, only seven percent said they had been mentored by a female. Many women have been mentored by men and are also mentoring men. In this field, mentorship seems to be gender-neutral. In fact, many of the respondents credited men for their growth in the field.
Takeaway: Actively seek out a mentor and cultivate those relationships, regardless of gender. And don’t forget to pay it forward!
Action Items from the SANS 2020 Women in Security Survey
While men still make up the lion’s share of our community, most women feel supported and that they have potential to grow. So how do you help impact this continued shift and grow your own career?
- Keep up with certifications. Obtaining certifications and keeping them current can be a huge help in advancing your career. Some of the more popular certs include the Offensive Security Certified Professional (OSCP), the Certified Information Systems Security Professional (CISSP), and 500–600-level SANS security certifications. If you have a CISO title in your sights, getting an MBA can be very helpful, but if that is not in the cards, the Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and Certified CISO (C|CISO) certifications can also be helpful in getting ahead.
- Find a mentor and be a mentor. This is good advice for any field, but it’s especially important in cybersecurity given the lesser rate of female representation in the field. Seek out a mentor you admire who can give you guidance — and maybe even more importantly, once you become a leader, be sure to pay this guidance forward. Building these relationships can be invaluable for growth.
- Overcome imposter syndrome. Imposter syndrome is not specific to a single gender. But it can certainly play a role in holding you back if you are afraid to ever put yourself forward when an opportunity presents itself. Learn how to identify imposter syndrome and when you should take some guidance to acknowledge it and overcome it so you aren’t your own worst enemy.
- Surround yourself with a strong community. Connect with other women in your field. There are many Women in Security groups (like this one in Denver) that you can join to build your network. Seek them out and extend the support and partnership that is available to you.
To learn more about this research, download the full SANS 2020 Women in Security Survey here.
[1] 2020 SANS Women in Security Survey
[2] https://hbr.org/2014/08/why-women-dont-apply-for-jobs-unless-theyre-100-qualified
[1] https://cybersecurityventures.com/women-in-cybersecurity/
[2] https://go.forrester.com/blogs/predictions-2019-cybersecurity/
[3] https://www.rsaconference.com/blogs/international-womens-day-a-time-to-reflect-back-and-peer-forward