Is cybersecurity a male-only environment?

Back to Press Archive

Despite being dynamic and well-paid, the cybersecurity sector is faced with a talent shortfall – particularly in terms of female talent. According to a study by the (ISC)² consortium, women account for just 11% of cybersecurity employees. Could a better gender balance help to eliminate this skills shortage?

If the cybersecurity sector was shrunk down to a class photo of 20 students, it would feature just two women. A study published in 2017 revealed that women account for just 11% of cybersecurity employees. Stormshield has also noticed this imbalance in its training programmes. “Over the course of 2018, our level 1 training courses were 95% men, 5% women, and our level 2 courses were 98% men, 2% women,” says Xavier Prost, Head of Training. But what causes such a big discrepancy?

A lack of female role models

According to data revealed by Syntec Numérique (the leading digital ecosystem syndicate in France), women account for just 27% of employees in the digital sector, compared to 50% in South-East Asia and the Middle East. “The figures speak volumes, and the situation in France is particularly concerning when compared to South-East Asia and the Middle East,” notes Syntec Numérique. “The stereotypical image of a computer scientist doesn’t appeal to girls! It’s a cultural and social problem.

And stereotypes are hard to overcome. “Just look at magazines: women are confined to beauty and fashion. Girls and women grow up in a stereotyped society, and many are apprehensive of studying computer science, thinking that it’s just not for them,” Ilijana Vavan, Managing Director of Kaspersky Lab, told Les Echos last June. A third of women think that cybersecurity professionals are geeks. It’s an image that TV and cinema – where women rarely take on these roles – does nothing to dispel.

The result is that the cybersecurity sector – and the digital sector in general – still lacks leading female figures. Mention Facebook and everyone’s heard of Mark Zuckerberg, but who could tell you what Sheryl Sandberg does? “People have forgotten that women played an essential role in the development of computer science in the 1970s. Nowadays, who knows who Grace Murray Hopper is, for example? We have to fight these stereotypes and showcase women working in the sector. You can’t ignore 50% of talent!” says Sylvie Blondel, Stormshield Human Resources Manager.

The feminisation of the digital world starts in school

And the key lessons start in school. “Cybersecurity needs to convey an image of an industry that’s much more inclusive, diverse and egalitarian. The earlier you start, the easier it is to break down stereotypes,” says Charlotte Graire, Head of Strategy & Business Development at Airbus CyberSecurity. “Boosting girls’ awareness before they choose their options in secondary school is essential.” “Women are under-represented in scientific and technical sectors. We have to fight prejudices at the earliest possible stage,” adds Maryse Levavasseur, a software development engineer at Stormshield.

With the Femmes Ingénieurs group, they visit schools to show that their fields aren’t just for men. Giving talks to students aged 14-16, the organisation aims to inform and motivate girls just before they make the crucial choice of what direction their studies will take in secondary school. The Femmes@Numérique foundation is also heavily involved in improving women’s representation in the sector, and works with students in the final two years of primary school, as well as throughout secondary school.

It’s an excellent way of offering female role models and addressing the lack of information about these expert roles: according to a study by Kaspersky Lab (read the pdf here), just 20% of those surveyed knew exactly what a cybersecurity expert does, with this figure falling to 16% among women. “The cybersecurity sector is poorly understood and associated with technical computer attacks, while in fact, it’s a much broader sector,” says Charlotte Graire. Working in development requires a significant amount of creativity, and awareness of this aspect remains low.

Showing that women can

But getting degrees isn’t enough by itself. Once they’ve entered the world of work, female engineers often have to fit in in a man’s world. The only woman in her department, Maryse Levavasseur has a strong argument should anyone try to call her skills into question. “At Stormshield, the technical tests are extremely demanding. At my interview, I took the test and I passed it. It’s an objective way of assessing someone’s skills, whether they’re a man or a woman.

Despite their skills, women who make it into the industry can still be seen as inferior. “Being taken seriously is a real problem. I remember one event where the people I was speaking to only addressed my male colleague, whereas I was the one responsible for buying my department’s cybersecurity programme!” says Florence Lecroq, a doctor in electrical engineering and industrial computing at the University of Le Havre. “Despite my CV, I still need to prove my worth – I have to try 50% harder than a man does.

The figures show that the digital sector is no stranger to gender inequality: women hold fewer key posts and are paid less than men, despite the fact that they are better qualified (51% have a master’s-level qualification or higher, compared to 45% of men).

Organisations such as the CErcle des Femmes de la CYberSécurité (CEFCYS), founded by Nacira Salvan, are helping to increase the number of women in the sector and change people’s mindsets. But do we need to take things further and implement a quota policy? “I don’t believe in introducing a legal obligation – it doesn’t work and many companies prefer to pay fines rather than comply with requirements,” says Sylvie Blondel. “I think that rather than imposing quotas, the best approach is to demonstrate by example and to show that women can work in IT, that they have the knowledge and that they have a place in the sector. Providing information and fighting stereotypes requires better visibility for women working in the sector.

                                                                              Sylvie Blondel – Direttrice HR di Stormshield

But time is of the essence. According to an assessment by the European Commission, Europe will be short of 756,000 digital professionals in 2020 – and in France, according to France Stratégie and DARES (the French government department for statistics and research), between 170,000 and 212,000 roles will need to be filled in the digital sector by 2022. Could tomorrow’s solutions rely – at least in part – on training today’s schoolgirls?


Stormshield

A European leader in digital infrastructure security and a wholly-owned subsidiary of Airbus CyberSecurity, we offer smart, connected solutions in order to anticipate attacks and protect digital infrastructures. Our mission: to ensure the cybersecurity and data protection of organizations, their employees, and their customers. Our expertise is available in three complementary product ranges for seamless security: Protection for industrial and IT networks (Stormshield Network Security), protection for servers and workstations (Stormshield Endpoint Security) protection for data (Stormshield Data Security). As per our Multi-Layer Collaborative Security approach, our product ranges interact with one another to raise the security level of IT, OT, and Cloud environments, regardless of the attack point.
These trusted, cutting-edge solutions are certified at the highest level in Europe (EU RESTRICTED, NATO, ANSSI EAL3+/EAL4+). Present in over 40 countries via our network of distributor partners, we ensure the protection of strategic information for companies of all sizes, public administrations, and defense agencies throughout the world.
For further information please visit: www.stormshield.com/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to Press Archive