Missing Figures: The Cybersecurity Gender Gap

By Spencer Beall

By 2020, the number of Internet-enabled devices, also referred to as the Internet of Things (IoT),
is expected to exceed thirty billion.2 The number of security breaches alone is anticipated to
incur a global cost of six trillion dollars per year by that time, increasing from three trillion in
2016.3 While the cybersecurity industry will require approximately six million workers to meet
its projected job demand by 2019, many positions will remain unfilled without more female
cybersecurity professionals. 4 Currently, women comprise only 11 percent of global
cybersecurity professionals. 5
Women’s underrepresentation in cybersecurity is not just an economic workplace issue,
but also has a profound impact on the type of technologies being developed and hence impacts
everyone in the digital age.
In this report I will explore some of the main barriers that impede women’s entry,
professional advancement, and retention in cybersecurity, including the pervasive gender
discrimination in technology professions. Next, I will examine three core reasons why it is
essential to get more women in cybersecurity, namely (1) to maximize innovation potential; (2)
to expand usability of digital products to meet the needs of all consumers; and (3) to strengthen
the global economy by fulfilling the cybersecurity industry’s rapidly growing job demand. Finally,
I will present recommendations how to dismantle the gender gap in cybersecurity and how to
create in the digital age a global workforce that is safer, more efficient, and more prosperous.

1 This report relies largely on data from the gender gap in the American cybersecurity sector, in part because of the
availability of research, and because the U.S. remains a strong prototype for analyzing the causes and effects of the
global gender gap in cybersecurity. Not only does the U.S. employ slightly higher than the global average number of
female cybersecurity professionals yet exhibit the same shortcomings in product innovation and efficacy as foreign
cybersecurity industries, the American cybersecurity firms also illustrate many of the common difficulties that
women experience entering the field around the world. 2 Internet enabled devices (IoTs) include all technology that relies on Internet and/or cellular data to function,
including but not limited to: computers, smartphones, GPS devices, social media platforms, home security systems,
power grids, smart appliances (e.g. refrigerators, televisions, thermostats), cars and airplanes. See also Steve
Morgan, ed., “Cybersecurity Ventures predicts global cybersecurity spending will exceed $1 trillion from 2017 to
2021,” Cybersecurity Ventures (May 31, 2017), accessed June 7, 2017,
http://cybersecurityventures.com/cybersecurity-market-report/ 3 Steve Morgan, “Cybersecurity Industry Outlook, 2017 to 2021: Key economic indicators for the cybersecurity
industry over the next five years,” Cybersecurity Business Report, CSO (Oct. 20, 2016), accessed June 6, 2017,
Cybersecurity Ventures predicts global cybersecurity spending will exceed $1 trillion from 2017 to 2021, supra. 4 See Roy Maurer, “Why Aren’t Women Working in Cybersecurity?” Society for Human Resource Management (Jan,
10, 2017), accessed June 18, 2017, https://www.shrm.org/resourcesandtools/hr-topics/talentacquisition/pages/women-working-cybersecurity-gender-gap.aspx and Steve Morgan, “Cybersecurity Industry
Outlook, 2017 to 2021: Key economic indicators for the cybersecurity industry over the next five years,”
Cybersecurity Business Report, CSO (Oct. 20, 2016), accessed June 6, 2017,
5 Elizabeth Weingarten, “The Gender Gap in Cybersecurity Jobs Isn’t Getting Better,” Slate (Mar. 17, 2017), accessed
June 5, 2017,
Weingarten cites the 2017 Global Information Security Workforce Study: Women in Cybersecurity. According to the
Study, women’s representation in the North American cybersecurity industry (14 percent) is only slightly higher
than this global average.

Women In International Security (WIIS)
Where Are the Women?
Cybersecurity professions are defined as “any occupation that ‘plans [or] carries out security
measures to protect an organization’s computer networks’” from data breaches via hacking or
the spread of malware. 6 Cybersecurity ensures that our airlines, power grids, nuclear plants,
emergency communications systems (e.g. 911 and FEMA alerts) and other essential national
security technologies are protected from malicious attacks. Cybersecurity plays a critical role in
the development of apps, electronic services and IoT devices that shape our daily lives. Our
phones, online shopping platforms like Amazon, electronic banking systems, medical record
storage systems, video and music streaming services (e.g. Netflix, Spotify), social media (e.g.
Facebook, Snapchat, Instagram), home security systems, smart refrigerators, and thermostats
are dependent on cybersecurity.7
Considering that modern society depends on cybersecurity for nearly every aspect of
daily life in the digital age—to work, shop, travel, communicate, form relationships, protect our
health, keep ourselves safe from terrorist attacks, natural disasters and other calamities, etc—it
is surprising that women, who represent 50 percent of the global workforce, comprise only 11
percent of global cybersecurity professionals. What makes this statistic even more remarkable is
that women—not men—built the foundations for the cybersecurity industry that we have today
by programming the world’s first computers. In addition, studies show that 52 percent of women
under age 29 hold a computer science degree, and when women enter cybersecurity they do so
with overall higher education levels than men.
So, why are there so few women in this field? There are at least five main reasons for the gender
gap in cybersecurity.
(1) Stereotypes that identify cybersecurity as a masculine industry
Computer science, along with math and engineering, is widely typecast as a masculine
field across almost all cultures around the world. We need only look at how any
association between “women” or “girls” and the topics, “cybersecurity,” “computer
programming,” “coding,” “software development,” “Silicon Valley,” and “technical
engineering,” consistently garners attention in newspapers, magazines, and the movie

6 Katharine D’Hondt, Women in Cybersecurity, Thesis for Master in Public Policy (2016), Harvard University John F.
Kennedy School of Government, 7 (citing Bureau of Labor Statistics, 2015) 7 See Justice Sonia Sotomayor’s concurring opinion in United States v. Jones (2012): “[We live in]…the digital age, in
which people reveal a great deal of information about themselves to third parties in the course of carrying out
mundane tasks. People disclose the phone numbers that they dial or text to their cellular providers; the URLs that
they visit and the e-mail addresses with which they correspond to their Internet service providers; and the books,
groceries, and medications they purchase to online retailers.” Sotomayor, J. (concurring opinion), United States v.
Jones, 132 S.Ct. 945 (2012). 8 Statistics from the 2017 Global Information Security Workforce Study (GISWS), conducted by the Center for
Cybersecurity and Education. Heather Riccuito, “Representation of Women in Cybersecurity Remains Stagnant,
Despite Recent Efforts to Balance the Scales,” Security Intelligence (Mar. 15, 2017), accessed June 17, 2017,

Women In International Security (WIIS)
screens for a reason.9 The stereotyping of STEM fields (Science, Technology, Engineering
and Mathematics) as a masculine domain is a recent development, however, as men only
began to dominate the technology profession in the 1980s. From its roots to the near end
of the 20th century, women led computer science. The very word “computer” referred to
people who calculated ballistic trajectories for the U.S. Army. Women not only comprised
the vast majority of these computers, but also those who would develop the world’s first
electronic models. Just over one hundred years after Ada Lovelace (1815-1852)
envisioned a machine that could be instructed to calculate sums and produce words and
pictures, six women at the University of Pennsylvania programmed the world’s first
electronic computers.10 With the work of Grace Hopper, Frances Allen, and numerous
other female leaders in the cyber field, women built the foundations for the digital age. 11
Men began to supplant female professionals in computer science only when personal
computers became a lucrative prospect, marketed almost exclusively to men and boys.12
Today, the lack of female cybersecurity professionals has become a prominent discussion
point for women’s empowerment, specifically to promote women and girls’ participation
in STEM education programs to prepare women for jobs of the future in the digital age.13
However, common stereotypes that men are naturally stronger in STEM fields than
women continue to drive down women’s participation in STEM education programs.
Studies spanning the past twenty years have concluded that the so-called “stereotype
threat” (in this case, the phenomenon by which women are culturally conditioned to
believe that men perform better in STEM fields) inhibits women’s entry into STEM jobs

9 Erin Hogeboom, “Encouraging Today’s Hidden Figures in STEM,” Forbes (Feb. 24, 2017), accessed June 9, 2017,
10 See Laura Sydell, “The Forgotten Female Programmers Who Created Modern Tech,” NPR (Oct. 6, 2014), accessed
June 7, 2017,
http://www.npr.org/sections/alltechconsidered/2014/10/06/345799830/the-forgotten-female-programmerswho-created-modern-tech and Meeri Kim, “70 years ago, six Philly women became the world’s first digital computer
programmers,” The Philly Voice (Feb. 11, 2016), accessed June 7, 2017,
http://www.phillyvoice.com/70-years-ago-six-philly-women-eniac-digital-computer-programmers/ 11 Grace Hopper became one of the first three modern programmers during her career in the U.S. Naval Reserve. She
developed the first computer language compiler, A-0, as well as the first programming system that operated on
English-language commands instead of algebraic code. “Grace Murray Hopper (1906-1992): A Legacy of Innovation
and Service,” Yale News (Feb. 10, 2017), accessed June 8, 2017, http://news.yale.edu/2017/02/10/grace-murrayhopper-1906-1992-legacy-innovation-and-service Frances Allen created security codes and programming languages
for the NSA after becoming the first female IBM fellow, where she developed compilers for IBM super computers.
William L. Hosch, “Frances E. Allen,” Encyclopedia Britannica, accessed June 8, 2017,
https://www.britannica.com/biography/Frances-E-Allen 12 Steve Henn, “When Women Stopped Coding,” NPR (Oct. 21, 2014), accessed June 8, 2017,
See also, Mundy, supra. 13 Just after President Trump announced proposals for NASA budget cuts and the elimination of NASA’s education
department—which manages NASA’s efforts to promote women and minority representation in STEM careers—
Ivanka Trump and Betsy DeVos toured the National Air and Space Museum and sponsored a showing of Hidden
Figures to highlight women’s achievements in technology and other STEM fields. Valerie Strauss, “The irony in
Ivanka Trump’s and Betsy DeVos’s push for STEM education,” The Washington Post (Mar. 28, 2017), accessed June 6,
2017, https://www.washingtonpost.com/news/answer-sheet/wp/2017/03/28/the-irony-in-ivanka-trumps-andbetsy-devoss-push-for-stem-education/?utm_term=.8c73cf7e7948.

Women In International Security (WIIS)
and success within the profession.14 In one of the first studies on the stereotype threat,
male and female math students were given the same online math exam, with half of the
subjects being told that women may not perform as well because male students are
generally better at math. The difference in scores was striking. Women scored an average
of 20 points lower than men in the group that listened to the stereotype threat, yet there
was almost no measurable difference between male and female scores in the non-threat
group.15 STEM gender stereotyping begins to influence girls and boys in the early stages
of childhood. Recent studies of young children indicated that gender stereotyping in math
and other STEM-related fields affects children as young as four years old, despite minimal
difference in girls’ and boys’ actual capacities.16 If many girls do not steer away from math
and science studies completely as they grow older, girls who aspire to careers in
technology are prone to “dis-identification,” where the “repeated or long-term
[stereotype] threat…eventually undermine[s] aspirations in an area of interest.”17 With
both men and women being “equally likely” to perpetuate gender stereotypes in STEM,
both in the classroom and in the workplace, far fewer women pursue careers in
cybersecurity and advance to high-level positions within the industry. 18
(2) A lack of global investment in female-founded tech companies
When Annamaria Konya Tannon, head of Innovation and Entrepreneurship for the School
of Engineering and Applied Science at The George Washington University, launched her
first tech startup in 1997, female-founded tech companies received less than four percent
of global venture capital funding. 19 After years of technological innovation that have
brought forth iPods, and multi generations of smartphones and iPads, the current global
investment in female-led tech companies has barely budged, accounting for less than six
percent of venture capital funds.20 Among the 200 San Francisco Bay Area technology
startup companies that received “series A” venture capital funding (between three and 15
million dollars) in 2015, women founded only eight percent of them.21 While women

14 Catherine Hill, Christianne Corbett, and Andresse St. Rose, Why So Few? Women in Science, Technology,
Engineering, and Mathematics, AAUW (Feb. 2010), 39-40, accessed July 31, 2017,
http://www.aauw.org/files/2013/02/Why-So-Few-Women-in-Science-Technology-Engineering-andMathematics.pdf. 15 Id. at 40. 16 Christine K. Shenouda, Effects of Gender Stereotypes on Children’s Beliefs, Interests, and Performance in STEM Fields,
Ph.D. Dissertation, Department of Psychology, Michigan State University (2014), 1, accessed July 31, 2017,
https://d.lib.msu.edu/etd/2751. In one study where preschool-age children where instructed to replicate patterns
with LEGO blocks, one half of the children were exposed to the stereotype threat in being told that boys can
complete the task faster than girls. Among that group, the girls performed considerably slower than boys, as
compared to the non-stereotype threat group. (Shenouda, 1). 17 Hill, et al., supra note 44 at 41. 18 Shenouda, supra note 44, at 5-6. 19 Konya Tannon forged her way to success in tech startups by working in the Silicon Valley. She is also the Founder
and CEO of Equita Accelerator (a non-profit corporation dedicated to promoting women-led tech companies. 20 Women in Innovation: The Perfect Match, Panel co-hosted by the Center for Transatlantic Studies and the Embassy
of Denmark, June 13, 2017.
21 “Why VCs Arent Funding Women-led Startups,” Knowledge@Wharton, Wharton School of Business, University of
Pennsylvania (May 24, 2016), accessed July 31, 2017, http://knowledge.wharton.upenn.edu/article/vcs-arentfunding-women-led-startups/

Women In International Security (WIIS)
launch approximately 38 percent of new companies in the U.S., only between two and six
percent of these companies receive venture capital funding.22 According to Katherine
Hays, founder and CEO of ad tech startup, Vivoom, “Male venture capitalists… [mostly] are
very comfortable…giving female entrepreneurs capital for ‘girl stuff’…[like] rent[ing]
dresses or sell[ing] baby wipes as a subscription.”23 Things change, however, when
women ask for venture capital to launch a business in a “masculine” field like tech. The
reasons why women receive lower venture capital funding are circular. The lack of
women in STEM professions based on gender stereotyping of technology fields, coupled
with rampant and gender discrimination within the industry, only perpetuate this
“Every year that goes by where we continue to fund the exact same pool of overwhelmingly
male, overwhelmingly white founders is one where we are missing out on the opportunities
to find important new innovations.”

  • Ethan Mollick, Professor of Management, The Wharton School
    (3) Gender discrimination in the cybersecurity workplace
    Among recent publications discussing gender discrimination in the cybersecurity
    workplace, perhaps no location is more frequently cited across the globe than Silicon
    Valley, the epicenter of America’s tech industry. Liza Mundy, Senior Fellow at New
    America and author of Code Girls, highlighted female professionals’ common
    discrimination across multiple Silicon Valley tech corporations that illustrate why
    women’s entry and attrition rates remain so low in cybersecurity. According to Mundy,
    women in tech face discrimination end-to-end, being hired, paid, promoted, and valued
    significantly less than men.24 Many women cited in recent studies reported that in
    addition to enduring both overt and unconscious gender bias and facing overall different
    treatment than male employees, women’s software designs are “accepted more often than
    men’s… but only if their gender is unknown.”25
    In 2014 Google, Pinterest, Apple, Facebook, and many other Silicon Valley companies
    pledged to devote millions of dollars to change corporate hiring practices and help
    women enter leadership positions.26 Three years later, however, female staffing numbers
    have “barely budged…[with] sexism [remaining] …just as pernicious as ever.”27 In the
    2015 “Elephant in the Valley” survey that polled female tech professionals, respondents
    drew attention to some of the many factors that undermine women’s chances of success
    in tech professions. Among the various data collected, 66 percent of female respondents
    felt excluded from important networking opportunities at their companies because of

New York-based startup companies only fared slightly better, with female-led startups accounting for 13 percent of
venture capital recipients. Id. 22 Id. (citing Ethan Mollick, Professor of Management at The Wharton School) 23 Id. 24 Liza Mundy, “Why is Silicon Valley So Awful to Women?” The Atlantic (Apr. 2017), accessed June 9, 2017,
25 Id. 26 Id. 27 Id.

Women In International Security (WIIS)
their gender, 75 percent of women faced questions about marital status and family
commitments during hiring interviews, and 88 percent of respondents experienced
persistent unconscious gender bias from male colleagues.28 From the lack of meaningful
change in gender discrimination in the technology profession, it is no surprise that
women leave cybersecurity over twice as frequently as men.29
(4) Laws and policies that promote gender discrimination
Approximately 90 percent of countries around the world enforce laws that discriminate
against women. Many of these laws and policies (both secular and religious) have helped
create and enforce gender discrimination in the cybersecurity profession by undermining
women’s advancement in social and economic roles in other sectors. In India, for example,
because labor laws “protect existing [male] workers at the expense of aspiring ones,
which include most women,” women represent only 30 percent of India’s labor force.30 In
other countries like Saudi Arabia, religious laws significantly undermine female agency.
Strict applications of Sharia law prohibit women in Saudi Arabia from interacting with
men outside of their families, to the degree that most businesses, banks, and other public
areas have segregated entrances for men and women.31 When laws prevent women from
interacting with men outside family members, they effectively preclude women from
becoming valued members of the workforce.
(5) Corporate practices that cater to male professionals
Some corporate practices that contribute to a reduced female presence in cybersecurity
professions include: failures to set and maintain gender quotas (both in hiring and
retention); unwillingness to specifically attract and recruit more female professionals;
and under-investigation of employee gender discrimination claims and/or not enforcing
zero-tolerance workplace discrimination policies.

28 Trae Vassallo, Ellen Levy, et.al., Elephant in the Valley, 2015 Survey, accessed June 9, 2017,
https://www.elephantinthevalley.com. Some examples of unconscious gender bias include: having questions
directed to male colleagues even when it was within a female employee’s area of expertise, and asking women to
perform low-level tasks that men are not asked to do. 29 Mundy, supra. 30 Dhruva Jaishankar, “The Huge Cost of India’s Discrimination Against Women,” The Atlantic (Mar. 18, 2013),
accessed July 31, 2017, https://www.theatlantic.com/international/archive/2013/03/the-huge-cost-of-indiasdiscrimination-against-women/274115/. As another example, due to India’s longstanding customs of giving
preferential treatment (e.g. education) to boys rather than girls, approximately one-third of women in India are
illiterate, further undermining women’s opportunities for professional advancement. Id. 31 “Seven Things Women in Saudi Arabia Cannot Do,” The Week (Sept. 27, 2016), accessed July 31, 2017,

Women In International Security (WIIS)
Two Minds Are Better Than One:
Three Reasons Why We Need More Women in the Cybersecurity Workforce
(1) Maximizing innovation potential
If the number of female professionals in cybersecurity remains stagnant, it will restrict
both cybersecurity development and the quality of our digital products.
Because men and women are born with equal talent capacities, talent is drawn
from the same distribution. When societies artificially constrain one-half of the
distribution (e.g. via laws, customs, and/or religious beliefs that drive gender inequality)
we lose one-half of the global workforce’s creativity.32 Diversified taskforces with “fresh
ideas…to address ever-evolving problems” are more vital than ever in the digital age,
when the threat of cybercrime continues to grow. If the security of one of our IoTs,
electronic services, apps, or other digital products is compromised, the security of other
devices is prone to breach, exposing users to incalculable dangers within hours, or even
minutes.33 Having a more diversified design team that reflects products’ actual users is
critical to account for how consumers use/misuse products, what user needs and
interests the product does not meet, and how to optimize product security. According to
Sarah Geary, senior cyber analyst at FireEye, a hacker only has to target one person’s
device to debilitate “…an entire business or government…” Because we live in an age
when foreign governments are targeting individuals more frequently, “… it’s a problem
when those who are designing cybersecurity products or interventions aren’t
representative…” of the population that uses them.34 Studies indicate that because women
suffer higher rates of online harassment (particularly sextortion35 and cyberstalking)36
women are more likely than men to utilize stronger privacy settings on social media apps
and Internet platforms (e.g. Facebook, Instagram, Whatsapp).37 Women, therefore, can
contribute different ideas for designing new more user-friendly digital platforms stronger
privacy features, which would both provide a better variety of privacy protection options
to consumers and help companies adhere to best practices on managing information
privacy.38 According to Annamaria Konya Tannon, head of the Innovation and
Entrepreneurship for the School of Engineering and Applied Science at The George

32 Kalpana Kochhar, Speaker at the Panel, Women in Innovation: The Perfect Match, co-hosted by the Center for
Transatlantic Studies and the Embassy of Denmark, June 13, 2017.
33 Bruce Schneier, Your Wi-Fi Connected Thermostat Can Take Down the Whole Internet. We Need New
Regulations,” The Washington Post (Nov. 3, 2016), accessed July 31, 2017,
https://www.washingtonpost.com/posteverything/wp/2016/11/03/your-wifi-connected-thermostat-can-takedown-the-whole-internet-we-need-new-regulations/?utm_term=.d612eb077fa8 (citing a paper discussing how
hackers can create an IoT worm that can instantly infect thousands of other IoT devices. Eyal Ronen, Colin O’Flynn,
et.al, “IoT Goes Nuclear: Creating a ZigBee Chain Reaction”)
34 Weingarten, supra, note 9.
35 Laurie Segall, “A disturbing look inside the world of online sextortion,” CNN Money (June 23, 2016), accessed June
8, 2017, http://money.cnn.com/2016/06/23/technology/sextortion-thorn-study/index.html 36 The 2016 Bureau of Justice Statistics report indicated that women comprised 41 percent of reported stalking
victimizations, outnumbering the 31 percent of reported male victimizations. “Stalking,” The Bureau of Justice
Statistics (Feb. 17, 2016), accessed June 8, 2018, https://www.bjs.gov/index.cfm?ty=tp&tid=973 37 Weingarten, supra, note 9. 38 Id.

Women In International Security (WIIS)
Washington University, “When you have a gender balanced team, research shows that you
have more optimal outcomes and come up with more creative ideas. Men need to be
there, and women do too.”
“Why would you eliminate the brilliance of 50 percent of the population?”
-Joyce Brocaglia, CEO of Alta Associates, a cyber executive search firm39
(2) Expanding usability
Having more women in cybersecurity design and development labs will ensure that
existing conversation engines on smartphones (e.g. Siri, Cortana), apps (medical, social
media, lifestyle, etc.), and other digital platforms for shopping, social media, data storage,
etc. will be better equipped to meet more consumers needs outside of the male profiles
that created them, specifically women and children.
Scientists have already discovered “the white guy problem” in artificial
intelligence, whereby machine learning algorithms that form predictions based on large
amounts of existing input data introduce gender as well as racial bias in decisionmaking.40 Algorithms that form the basis for a wide variety of mobile and Internet
services—from electronic job application systems to conversation engines like Siri on
smartphones—function solely based on the initial data programmed into them, which the
algorithms accumulate to make decisions later.41 When almost exclusively all-male design
teams create these algorithms, Siri and other related technologies operate on single sex
aggregated data, resulting in products that are most user-friendly to the sex that created
them. According to a 2016 JAMA Internal Medicine study, although Siri could provide
gender-neutral medical advice in response to “Siri, I’m having a heart attack,” Siri was
unprepared to provide assistance on female health and safety issues such as sexual
assault and domestic violence. Among four smartphone conversation engines (Siri,
Cortana, S Voice and Google Now) on sixty-eight phones, the study found that only
Cortana was able to provide the National Sexual Abuse Hotline number in response to the
message “I was raped.”42 Siri replied instead: “I don’t know how to respond to that,”
indicating that male design teams did not think this data was important enough to
program. 43 A more diverse design team might have included this information.
Clearly, the discrepancy from having a design team that doesn’t accurately
represent the needs and interests of the total consumer population can put users at
significant risk.
The same problems from a male-dominated cybersecurity industry extend to other
types of apps and digital features. Imagine if men represented 93 percent of the design

39 Id. 40 Hannah Devlin, “Discrimination by algorithm: scientists devise test to detect AI bias,” The Guardian (Dec. 19,
2016), accessed June 18, 2017, https://www.theguardian.com/technology/2016/dec/19/discrimination-byalgorithm-scientists-devise-test-to-detect-ai-bias 41 Id. 42 Alice Park, “Here’s How Siri Responds to ‘I was raped,’” Time.com (Mar. 14, 2016), accessed June 8, 2017,
http://time.com/4257568/siri-rape-smartphones/ 43 By contrast, Siri had no trouble interpreting to certain health inquiries that exclusively affect men. The statement,
“Siri, I have erectile dysfunction,” immediately presented a list of nearby clinics and physician recommendations.

Women In International Security (WIIS)
teams that developed women’s undergarments, clothing, footwear, makeup, hygiene
products, and hair care. This represents the current state of app development.
Women represent only six percent of app developers, despite comprising 50
percent of the app-using population.44 Women have helped create apps like bSafe that are
specially designed for women and girls’ interests and physical needs, including services
designed to help protect women against sexual assault and dating violence. 45 Without
greater female involvement, however, products like these that are designed with women
in mind will remain limited.
A more gender-balanced cybersecurity design team can also help create more
product features to protect children online.46 It may be easy to overlook children within
the global consumer pool for apps and other digital products, but children represent a
significant portion of users of some of the most popular social media apps (e.g. Snapchat,
Kik, Whattsapp) and Internet services (e.g. Google, Bing). According to a 2015 survey, the
average American child receives his or her first cell phone at age six.47 Three-quarters of
the children surveyed also had tablets to access the Internet.48 Similar research conducted
in the UK indicated that more than half of children use at least one form of social media by
age 10.49 Because children are using smartphones and Internet-enabled devices at
increasingly young ages, mothers, female caregivers, and teachers may have a closer ear
to what apps, games, and website features children are using, or may begin using. As
women are already more likely to use stronger privacy protections than men on social
media platforms, women can have a particularly important role in designing privacy
features to help monitor children’s activity and receive alerts to suspicious online
With more women designers, products will become more user-friendly for all
consumers, and it may help save lives.50

44 David Bolton, “Survey, Only 6% of App Developers Are Women,” Arc (Feb. 27, 2016), accessed June 15, 2017,
45 bSafe provides discrete assistance to girls and young women in a variety of situations—from automatically
alerting a list of family members and friends if the user indicates that she is in danger, to providing a fake telephone
call to help a user leave an uncomfortable date or social situation.45 Similar apps could be developed that would
serve as community alerts for the public to report suspicious activity of sex trafficking and domestic violence. Some
of these products include, Spitfire Athlete (providing personal training assistance to women based on exercise
regimens of female athletes), and Hey! VINA (an app to help women cultivate same-sex friendships and develop a
sense of community among female users). Jenavieve Hatch, “Behold, A Tinder-Like App for Female Friendships:
Because Finding New BFFs is just as important as finding a date,” Huffington Post (Feb. 01, 2016), accessed June 8,
2018, http://www.huffingtonpost.com/entry/finally-tinder-for-friends_us_56abdaa0e4b0010e80ea299e
46 For the purposes of this report, “children” is used to refer to any person under age 18, in accordance with the
Convention on the Rights of the Child (CRC) and other international legal instruments. Convention on the Rights of
the Child, Nov. 12, 1989, 1577 U.N.T.S. 3. Art. 1, http://www.ohchr.org/EN/ProfessionalInterest/Pages/CRC.aspx 47 “Study Finds Average Age Of Kids When They Get First Cell Phone Is Six,” ABC 13 Eyewitness News (April 7, 2015),
accessed June 8, 2017, http://abc13.com/technology/study-53%-of-kids-get-a-cell-phone-at-age-6/636328/ 48 Id. 49 The Daily Mail Reporter, “More than half of children use social media by the age of 10: Facebook is the most
popular site that youngsters join,” The Daily Mail (Feb. 5, 2014), accessed June 15, 2017,
50 Across the globe, teaching remains a female-dominated profession. In the U.S. alone, women represent 75-80
percent of kindergarten, elementary, and middle school teachers. Motoko Rich, “Why Don’t More Men Go Into

Women In International Security (WIIS)
(3) Strengthening the global economy
Even though women account for 50 percent of the global workforce, women form only 11
percent of the global cybersecurity industry, remaining the most underrepresented
taskforce in the global economy. With cybersecurity itself becoming one of the largest
global businesses in the upcoming years, countries stand to lose more than one may think
if more women are not brought into the workplace. The International Monetary Fund
(IMF) recently conducted research to observe the relationship between a lower women
taskforce and national gross domestic products (GDPs) to see the shortage of female
professionals on countries’ economies. While the United States (which has a slightly
higher than global average percentage of women in cybersecurity) could lose 12-14
percent of its GDP, other countries like South Korea could lose 19-20 percent.51
Understanding that 209,000 cybersecurity positions went unfilled in 2015, global
economic growth does not look promising when this demand will increase to six million
positions by 2019.52 Without more women to close this gap, 1.8 million global positions
will remain unfilled by 2022, significantly threatening the progress of cybersecurity in a
time when the world depends upon it most. 53
“…[S]hutting women out of [cybersecurity], intentionally or unintentionally, is like keeping them off
the factory floor at the beginning of the Industrial Revolution.”54
—Anne Marie Slaughter, President and CEO of New America.
With persistent efforts to combat the social attitudes, gender stereotypes, and unconscious
biases that perpetuate gender discrimination, and with the development and adoption of
appropriate corporate, law, and policymaking strategies, we can resolve the gender gap in
cybersecurity. Many believe that greater investment in STEM education is the keystone in closing

Teaching?” The New York Times, (Sept. 6, 2014), https://www.nytimes.com/2014/09/07/sunday-review/whydont-more-men-go-into-teaching.html. Even in seemingly gender-neutral situations, such as, “Siri, I think I’m having
a stroke,” men and women’s experiences of the same medical condition can be very different, and the conversation
engine may not be able to recognize certain symptoms that affect women more than men. For example, a female
voice input, “Siri, my arm hurts,” may be a common sign of a stroke for many women that men might never
experience. Increased women’s involvement in programming conversation engines can help improve this
technology to keep more users safe. “Women and Strokes: Unique Risks and Uncommon Symptoms,” The Dr. Oz
Show (Jan. 14, 2013), accessed June 7, 2018, http://www.doctoroz.com/article/women-and-strokes-unique-risksuncommon-symptoms
51 Kochhar, supra, note 11.
52 “Cybersecurity Industry Outlook, 2017 to 2021: Key economic indicators for the cybersecurity industry over the
next five years,” supra, note 3
53 Weingarten, supra, note 9.
54 Eli Sugarman, “Women in cybersecurity: 4 questions for New America’s Anne-Marie Slaughter and Megan Garcia,”
Interview with Anne-Marie Slaughter and Megan Garcia, William & Flora Hewlett Foundation (Nov. 16, 2015),
accessed June 6, 2017, http://www.hewlett.org/women-in-cybersecurity-4-questions-for-new-americas-annemarie-slaughter-and-megan-garcia/

Women In International Security (WIIS)
the gender gap in cybersecurity.55 The 2017 Global Information Security Workforce Study,
Women in Cybersecurity, reported that 52 percent of millennial women under age 30 are
educated in computer science.56 However, while education is a promising fixture it is not going to
single-handedly push women into the profession, or make them stay.
Education alone is not going to solve this problem. For example, although more women are
now graduating with degrees in law and medicine than ever before, it does not mean women
receive equal treatment in their field, or that women have equal attrition rates in the labor force
as men.57 An American Community Survey presenting data from 2008 to 2010 showed that
women are still more likely than men to leave the workforce as early-career lawyers and doctors
(between ages 25 and 44).58
To strengthen women’s leadership in cybersecurity three things need to change:
(1) Social attitudes, gender stereotypes and unconscious bias
“The most dangerous phrase in the language is, ‘We’ve always done it this way.’”

  • Grace Hopper59
    Eliminating the ingrained social attitudes, gender stereotypes, and unconscious bias that prevent
    women from entering and advancing in STEM fields is critical to bringing more women into
    cybersecurity. Beginning as children, parents need to groom young boys to be better supporters
    of women later in life so that we can finally retrain the way we work together. “Supporting
    women has been dangerously equated with being less masculine,” says Ryan Ross, Program
    Director for the Halcyon Incubator that supports developing startup ventures. We have to work
    as a culture to change that. Both men and women have equal responsibilities to help reverse
    social attitudes and gender stereotypes and bias.
    Some critical steps include:
  • Acknowledging that gender discrimination is a continuing problem. In the words of
    Linda Kozlowski, Chief Operating Officer of Etsy, “Progress is difficult ‘if people don’t

55 In signing two bills into law to promote women’s enrollment in STEM fields, President Trump’s remarked that”…It
is going to change, and it’s going to change very rapidly.”
Melanie Arter, “Trump Signs Bills Supporting Women Entrepreneurs and Women in STEM Fields,” CNS News (Feb.
28, 2017), accessed June 8, 2017, http://www.cnsnews.com/news/article/melanie-arter/trumps-signs-billssupporting-women-entrepreneurs-and-women-stem-fields
56 Weingarten, supra, note 9.
57 In addition to the pay gap as professionals, women are rarely accepted to top education programs equally with
men. Although women who pursue higher education are more likely to attend medical or law school, they comprise
less than 50 percent of the students at the top law schools. Debra Cassens Weiss, “Men Outnumber Women at Most
Top Law Schools, But the Imbalance Is Greater at B-Schools,” ABA Journal (May 09, 2011), accessed June 8, 2017,
_greater_at/. Philip Cohen, “More Women Are Doctors and Lawyers Than Ever—but Progress Is Stalling,” The
Atlantic (Dec. 11, 2012), accessed June 8, 2017, https://www.theatlantic.com/sexes/archive/2012/12/morewomen-are-doctors-and-lawyers-than-ever-but-progress-is-stalling/266115/
58 Id.
59 Charles Grosch, Library Information Technology and Networks, CRC Press (1994), 183 (quoting Grace Murray
Hopper in her 1987 interview, Information Week, Mar. 9, 1987, 52)

Women In International Security (WIIS)
believe there’s a problem.’”60 A recent survey of 13,331 adults across the U.S. showed
that the majority of men (58 percent) believe that “all obstacles [to the professional
gender gap] had been eliminated,”61 compared to 60 percent of women who claimed
that the gender gap remains a persistent challenge.62 If men and women have such
largely conflicting opinions on the current state and severity of the gender gap,
meaningful change will be slow to come. Men need to recognize that gender
discrimination is a continuing problem in order to address it.

  • Pursuing STEM careers, despite gender stereotypes. With 52 percent of millennial
    women under age 29 having computer science degrees, women are already more
    prepared than ever to enter cybersecurity and other STEM professions. 63 Just as
    women must cut against the pressure to “disidentify” with math, science, engineering
    and other technology related areas of study, men must acknowledge that no field is a
    “man’s field.” 64
  • Schools must increase investment in STEM education for girls and women, and raise
    girls’ awareness of job opportunities in cybersecurity.
    65 According to a 2016 study
    conducted by a UK not-for-profit IT security accreditation organization, the lack of
    female applicants that results from women being less informed of the opportunities
    within STEM professions is a key contributor to the current gender gap in
    cybersecurity. 66 Teachers and guidance counselors have an important role to play in
    inspiring girls to consider careers in tech, a critical step in bringing more women into
  • Both men and women must fight against both overt and unconscious gender
    discrimination in the workplace, through legal action if necessary.
    67 If we are going to
    aspire toward gender equality in the workplace, we need to reiterate what behavior
    and attitudes cannot be tolerated. For Anita Hill and other advocates, class action
    lawsuits are critical to effectuating change “even in the most entrenched, maledominated industries… especially if regulation is not an immediate or viable

60 Laura Entis, “Men Think Obstacles to Gender Equality at Work Are Gone. Women See it Differently,” Fortune (July
18, 2017), accessed July 31, 2017, http://fortune.com/2017/07/18/gender-gap-tech/ 61 Id. 62 Id.
63 Riccuito, supra. 64 Shenouda, supra note 44, at 5-6
65 A 2015 ISACA study indicated that neither high school teachers nor guidance counselors mentioned cybersecurity
as a career choice for 77 percent of young women in the survey. Riccuito, supra. 66 Maurer, supra. And Riccuito, supra. 67 Many refer to Ellen Pao’s 2015 gender discrimination lawsuit against Silicon Valley venture capital firm, Kleiner
Perkins Caufield and Byers as the pivotal event that inspired female tech professionals to be more vocal in reporting
sexual harassment and gender bias in the workplace. David Streitfeld, “Ellen Pao Loses Silicon Valley Bias Case
Against Kleiner Perkins,” The New York Times (Mar. 27, 2015), accessed June 15, 2017,
https://www.nytimes.com/2015/03/28/technology/ellen-pao-kleiner-perkins-case-decision.html?_r=0 68 Anita Hill, “Anita Hill: Class Actions Could Fight Discrimination in Tech,” The New York Times (Aug. 8, 2017),

Women In International Security (WIIS)

  • Men and women must support greater female involvement in sectors that regulate or
    otherwise influence the STEM professions, especially in the development and
    implementation of laws, policies, and best practices that regulate the cybersecurity
    industry. (E.g. increasing women’s roles in advocacy for legislation against sextortion,
    revenge pornography, and other cybercrimes that result from product errors or
    design flaws that facilitate compromises in users’ information security). If women
    have a stronger influence in creating the rules that govern cybersecurity product
    development and consumer use, cybersecurity companies will likely benefit from
    drawing women into all areas of its industry, from design labs and development firms,
    to marketing and legal counsel.
    “…[T]hough the numbers of women are small, we are doing some remarkable things…this is an
    exciting time to be in the field.”
    -Andrea Little Limbago, Chief Social Scientist, Endgame.
    (2) Laws & Policies
    A significant part of the effort must come from the national level.69 Legal reform is a critical step
    to bringing more women into all workforce sectors, especially when 90 percent of countries
    around the world enforce laws and policies that undermine women’s social and economic
    agency. Some possible reforms include:
  • Developing national similar to those in the Nordic countries, which promote equal
    representation in the workforce, provide broader access to higher education, and
    longer obligatory paid parental leave programs.70 While the Nordic Model is not
    perfect, it remains the forerunner of gender equality in the technology industry.
  • Offering federal tax breaks to companies who promote women’s hiring and
    advancement in leadership positions.
  • Establishing government-regulated quotas, requiring tech companies to hire and retain
    a set number of female professionals. For Kalpana Kochhar, quotas are critical. In
    1993, India amended its Constitution to require that one-third of local selfgovernment seats must be filled by women. The results were drastic. The number of
    female leaders in government, business, and other sectors dramatically increased
    because women were more likely to compete for elections and higher positions of
    authority, and parents developed much higher aspirations for their daughters, leading
    to better educational opportunities.71

69 Ulla Rønberg, Senior Visiting Scholar at the Center for Transatlantic Relations, Women in Innovation, The Perfect
Match, supra. 70 Id. 71 Kochhar, supra.

Women In International Security (WIIS)
“In the 4th Industrial Revolution that’s upon us, requiring laws and policies that advance women’s
roles should be the heart of our preparations… After all, jobs of the future will be much less focused
on brawn, and much more focused on brain.”
–Kalpana Kochhar, Director of HR at the International Monetary Fund (IMF)
(3) Corporate Practices
There are many initiatives that corporations can and should take in order to attract more
women in cybersecurity, including:

  • Specifically asking for female applicants: According to Ryan Ross, Program Director
    for the Halcyon Incubator that supports developing startup ventures, “the second you
    put out that specific ask, women are not only more inspired to apply, but both men
    and women are more likely to refer female candidates.” When Ross’ started asking for
    female professionals, women’s application rate doubled. From having more women
    on the taskforce, 50 percent of the Incubator’s startups now have a female founder or
  • Sponsoring more female professionals to ensure that both men and women receive
    equal professional development support in their industry.72 Professionals with senior
    member mentors (“sponsors”) are 23 percent more likely than people without
    sponsors to advance in their careers, and men are much more likely than women to
    secure sponsors in all professional fields.73
  • Setting permanent gender hiring and retention quotas, to ensure that more women are
    given equal opportunities as job candidates and that the workplace becomes a climate
    where female professionals want to work.
  • Maintaining a zero-tolerance policy for gender discrimination. Some strategies include:
    sponsoring mandatory training workshops on unconscious bias and sexual
    harassment for every new hire (male or female); conducting regular anonymous
    surveys on workplace climate to provide employees with frequent no-risk
    opportunities to report gender bias/discrimination, increasing female staff in Human
    Resources; administering thorough investigations of each report of gender
    discrimination/bias through a gender-balanced investigation team; and sending a
    public message of zero-tolerance to other corporations by immediately responding to
    employee conduct that promotes gender bias with appropriate penalties, following

72 Katy Zurkus, “Despite the gender barriers, women must persist in cyber,” CSO Online (Mar. 21, 2017), accessed
June 17, 2017, http://www.csoonline.com/article/3181765/it-careers/despite-the-gender-barriers-women-mustpersist-in-cyber.html 73 Jane Porter, “Yes, Gender Equality is a Men’s Issue,” (Sept. 26, 2014), Fast Company, accessed July 31, 2017,

Women In International Security (WIIS)
Google’s recent example in addressing an employee’s challenge to the company’s
diversity efforts.74
“My vision for the future is for us to embrace the technological change that’s upon us and to build a
workplace to match it, where men and women are equally hired, paid, and valued for their
–Kalpana Kochhar, Director of HR at the International Monetary Fund (IMF)
While the lack of female cybersecurity professionals has been a prominent discussion point for
women’s empowerment in modern culture and media, many of these discussions focus
exclusively on the pervasive obstacle of gender discrimination that prevents women from
building a presence in the cybersecurity industry, highlighting, for example, the workplace
barriers to female professionals in the Silicon Valley. Understanding that gender discrimination
is by no means unique to this field, it is important to underscore that women’s
underrepresentation has larger effect on cybersecurity as a global industry, even more so than
other professions.
Focusing solely on the persistent issue of workplace gender dynamics in tech labs
detracts attention from other important problems that result from a diminished female presence
in cybersecurity, from the development and security of the technology that controls how we live
and keep us safe, to the health of the global economy. The gender gap in cybersecurity is not an
insurmountable problem, however. With dedicated initiatives to dismantle gender stereotypes,
reshape discriminatory laws and policies, and implement new corporate strategies to help
women enter cybersecurity, we can all become smarter in the digital age.