A new report states that though women make up just 11 percent of the global information security workforce, they possess the communication skills and diverse academic backgrounds needed to bolster security performance in the enterprise.
Market research firm Frost & Sullivan interviewed 5,814 information security professionals for "Agents of Change: Women in the Information Security Profession," which is sponsored by (ISC)2 and Symantec. Respondents came from businesses that had workforces of more than 500 employees.
The research reveals that women's tendency to have strong communication skills and a broad understanding of the security field are essential to enhancing information security. It also notes that the industry is poised for transition and that women could be natural leaders.
"One of the major conclusions in the research is that this industry is changing significantly, and women are in a good position to lead that change as well as thrive in the changed environment," wrote Julie Peeler, (ISC)2 foundation director, in an email to Baseline. "For example, the information security industry was initially defined as a subfield in information technology; now the industry is evolving to include legal issues, risk assessment and compliance issues, and with that redefinition of the industry, new sets of skills are desired."
Women's emphasis on the importance of training, as indicated in the study, shows that they believe education is critical across a workforce, not just for select security professionals. In fact, in seven out of eight categories—including those for cloud computing, mobile device management and information risk management—women were stronger advocates than men for workforce training. Only in one category, forensics, did women and men emphasize workforce education equally.
In addition, female information security professionals reported that they were more likely to spend time handling governance, risk and compliance (GRC) issues. This responsibility typically requires planning across different departments and that may aptly fit women's communication skill sets.
"When we look at where the field is heading in the future and how the lines are being blurred to includes things like risk management and GRC, the number-one sought-after skill set is that of a security analyst," Peeler said. "By and large, women are more likely to possess this skill set than men."
The research also reports that women are more likely than men to be employed in occupations such as technical or security advisors or consultants, executives, and project or operations managers, while men are more likely to be employed as security engineers, security systems administrators, network administrators, and network, security or software architects. The study also showed than more male respondents had undergraduate degrees in computer and information sciences, engineering and engineering technologies. In contrast, female respondents had more degrees in business, math, the social sciences and communications.
Peeler wrote that she once spoke with a senior executive at a large firm who told her, "I'd rather recruit someone with a liberal arts [degree] because I can teach them the IT skills, but I can't always teach an IT person the human skills." In response, she pointed out that "companies need to be flexible in their recruiting practices and policies."
Peeler believes that women security professionals can have a positive impact on end-user compliance. Women's understanding of human behavior could enable them to "apply those skills when trying to get compliance from end users," she explained.
Women information security professionals may also thrive as leaders in an organization because they often have the diverse background and skills necessary to bridge the communication gap with departments and employees outside the IT and security organizations.
"Communication skills are paramount in your ability to sell security policy and risk management within an organization," she concluded.