Font Size: A A A


Closing the gender gap

It starts with school, says Debbie Tunstall, pictured, Head of Education Programmes at Cyber Security Challenge UK – the gender gap in the cyber security industry, that is. She considers how we can tackle this.

From the lowest rungs on the ladder to the top, the cyber security industry is dominated by men. With security and privacy issues becoming more prevalent than ever and a skills gap that continues to widen, the sector is still struggling to find and retain women. There is no lack of opportunity in the sector either, with more and more cyber security jobs being created each year. It is important for us to look at why the industry is formed by over 90% males and incorporate solutions that will not only work to closing the gender gap but the skills gap as a whole.

A recent study revealed that just 7pc of females will choose a STEM subject at GCSE level, showing a gender bias from an early age. This adversity towards STEM subjects in females often carries through to the point at which they are choosing careers, with just 2pc of females taking up a computer science or engineering degree at university and very few selecting cyber security as a career after graduation.

There is a need to highlight the careers available in cyber security to younger audiences, creating a change in the way the industry is perceived and tackling unconscious bias from the very start. While organisations like ours can initiate this, we need help from across the industry, the media, schools, teachers and parents to change this. Cyber security should be a career path talked about at school careers days and parents’ evenings and become as recognised as other professions such as doctors, architects or even a ‘YouTuber’, which is the ultimate dream for many young people these days despite being a relatively new industry itself. The conversation should begin at school, with more young people being encouraged to take computer science as an option throughout education. At University, computer-related classes are majority male, which often puts women off as they don’t want to be that minority in the classroom. If these stereotypes and biases are removed earlier in education, we will see this change trickle through to universities too.

While many talented females – and individuals in general – may have the skills and enthusiasm to pursue a career in cyber security, there are many problems with the recruitment of talent that is contributing to the gender gap. The general recruitment problems faced in the industry often lie within a broken system. Many people in cyber security will perform brilliantly in day-to-day jobs or their specific roles, but don’t have a CV that matches with HR departments’ tick boxes; whether it’s because they’ve taken an alternative path into the industry, have non-traditional qualifications or are just bad at presenting themselves on paper. Therefore, these individuals are automatically rejected on those grounds rather than having the chance to demonstrate their full talent. There is also a high proportion of people in the cyber security industry that are on the autism spectrum. Many people on the spectrum can struggle with these traditional HR processes and perhaps not perform as well as other, less-skilled people that have a better ability to ‘talk the talk’.

The best way to spot cyber talent is by seeing it in action. Cyber Security Challenge UK stages competitions and events in order to create a platform which makes it much easier for companies to see raw talent in a working environment. This bypasses the outdated processes and connects the teams on-the-ground with the people they are desperately seeking. However, this is just the start. There is a need for companies to adopt new methods of recruiting that reflect the diversity of talent within the sector and encourage women to apply. Women don’t tend to ‘sell’ themselves on paper like men do; so, a fresh approach to appraising someone rather than just reading a CV is needed and these alternative methods can really help to highlight hidden talent. This is also an action that needs to be replicated by HR and marketing teams in making sure the full breadth of careers available are communicated externally. Very few companies place emphasis on advertising their cyber roles, particularly among younger audiences. Hirers should get out to networking events, competitions and careers fairs.


It is also the job of HR and marketing teams to ensure that women are getting the right idea about a career in cyber security. The common perception among many people is that cyber security is a deeply ‘techie’ industry, in which you must be a hoodie-wearing male, perched in a basement and unsociable, to even be part of the industry. However, cyber security is such a diverse industry and needs all kinds of people from different backgrounds to make it work well. There has to be initiatives put in place which are set to change these misconceptions and advertise the diversity of roles within the sector. It appears that, while the industry is changing and innovating at a rapid pace, the perception has not exactly done the same. IT and cyber security has become as normal a topic as politics or fashion in everyday life, so why is there still a portrayal of employees as ‘geeky’? It is time for the industry to be marketed in a way that is appealing to all, by advertising all roles – not just the technical ones – which showcase the variety of skills and jobs available. This again needs to be done throughout school years, ensuring that the male-dominated, ‘techie’ perceptions of cyber security are disregarded from a young age.


If we are to change perceptions of the industry and encourage more women to take up a career in cyber security, it is vital then to have practices in place that ensure female employees are retained. There are a number of ways companies can improve workplace opportunities for women and safeguard retention levels of female employees. The first step is, of course, addressing the gender pay gap. There is almost a 5pc difference between male and female wages in the industry. Ensuring that female employees are paid the same as their male counterparts is something that needs to be implemented across the entire workforce, both in and outside of the cyber sector. Equal pay means that women feel equally valued which in turn leads to workplace satisfaction and the desire to build a career with the same company.

Similarly, ensuring that women are given the same opportunities as their male counterparts is vital as it ensures that job satisfaction is maintained. While not all women are confident enough to stand up and take an opportunity out of a colleague’s hands, they do want the opportunity to prove they are the person for the job. All it takes is to create a fair working environment, which gives women the opportunity to thrive. This is something which should be seen and promoted throughout an organisation to empower existing female employees. By having visibility of women in managerial (and higher) roles, businesses are creating inspirational role models for employees and young people to aspire to. Women are strong at coaching and supporting each other and there are lots of successful women in our industry who are willing to help others. Having mentoring programmes in place is a great move to encouraging female employees as well as a training initiative that has a positive impact on the business. We need support to lobby for these to be initiated by all companies; a motion which can be implemented by both males and females.

Closing the gender gap in cyber security is a social responsibility and it’s happening now. We can see a shift in attitudes and behaviours already and this needs to continue – women are starting to speak up with the expectation that they will be listened to. It’s also the responsibility of industry – Government can do so much but this is too big a job to police, so industry needs to make sure they themselves are behaving responsibly. We need to work together and put industry-wide initiatives and groups in place that can ensure we are doing everything we can to close the gender gap and make the bigger changes; together we can begin to make a difference.

About Cyber Security Challenge UK:

With the backing of founding sponsors like the SANS Institute, the Challenge started in 2010 to create virtual and face-to-face competitions to identify talented people for the cyber security industry. Now in its eighth year, the Challenge is backed by over 50 UK public, private and academic organisations, and hosts activities designed to spread the word about why cyber security is a fulfilling and varied career, and to help talented people get their first cyber security jobs.

Cyber Security Challenge UK is supported in part by the National Cyber Security Programme – the Government’s £1.9 billion investment to significantly transform the UK’s cyber security. Visit


Related News