How We Can Close the Cyber Gender Gap

The cybersecurity skills shortage has been written and talked about for several years, and the problem continues to get worse, as millions of cybersecurity positions worldwide remain vacant. And, according to (ISC2), one of the top associations for information security leaders, women make up only 24% of the cybersecurity workforce.

While there are several drivers for the skills shortage, the lack of women in the profession is an obvious area that needs to be addressed.

Why aren’t there more women in the cyber workforce?
This could be largely because of how the profession has developed. It’s a relatively young discipline (a couple decades old) and based on early hiring practices and pop culture portrayals, cyber professionals are often depicted as young men obsessively toiling away on cluttered desks.

It is necessary to make a strategic effort to break the stereotypes and create a more diverse cyber workforce. Bringing multiple viewpoints, ideas, skills, traits, and professional backgrounds together results in the best solutions. Diverse perspectives make any cybersecurity team and program stronger.

Create an environment that is development focused, inclusive, and flexible for all
As leaders, we must provide an environment that is development-focused, inclusive, and flexible for all employees – everyone needs equal opportunity for exposure and experience to grow.

We can do this by implementing “gender-smart” recruiting practices that help organizations create more consistent and fair hiring processes across borders and businesses. “Gender smart” recruiting practices could include:

  • Communicating diversity and inclusion values when interviewing and onboarding employees so everyone has a common understanding of the culture and expectations.
  • Upskilling leaders, hiring managers, and talent acquisition employees in interviewing training and unconscious bias training so they can be partners in driving a diverse cyber workforce strategy when interviewing candidates and building pipelines.
  • Implementing gender-neutral job postings as to not emphasize one gender over another.
  • Building out thoughtful sourcing and hiring strategies for each geography and business unit to increase diversity of background and perspective.
  • Being deliberate in including diverse conferences focused on women in technology and cybersecurity to source candidates.

We must “walk the talk.” When a woman joins a team or organization, champion them to speak at internal and external events, participate on committees, and lead projects. The old saying, “You can’t be what you can’t see” is largely true – so it’s important that junior women have role models in positions of authority and recognize the growth path ahead of them.

We can also take specific action to retain and develop employees. This ranges from sponsorship and mentorship programs, professional development and reskilling programs, networking opportunities, mental health, flexibility and well-being resources, and expanded family support. Finally, gender-smart talent reviews and promotions are important to ensure women have equal representation both as the person being evaluated, and in providing input on others’ reviews and promotions.

Solving the cybersecurity skills shortage is going to take time and innovation. Bringing more diversity into the profession, though, should be job #1 – women are half the workforce, but only a quarter of the cyber workforce. And, to borrow a cyber phrase, that’s a vulnerability we need to remediate!


Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms, and their related entities (collectively, the “Deloitte organization”). DTTL (also referred to as “Deloitte Global”) and each of its member firms and related entities are legally separate and independent entities, which cannot obligate or bind each other in respect of third parties. DTTL and each DTTL member firm and related entity is liable only for its own acts and omissions, and not those of each other. DTTL does not provide services to clients. Please see to learn more.

Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax and related services. Our global network of member firms and related entities in more than 150 countries and territories (collectively, the “Deloitte organization”) serves four out of five Fortune Global 500® companies. Learn how Deloitte’s approximately 330,000 people make an impact that matters at

This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited (“DTTL”), its global network of member firms or their related entities (collectively, the “Deloitte organization”) is, by means of this communication, rendering professional advice or services. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser.

No representations, warranties or undertakings (express or implied) are given as to the accuracy or completeness of the information in this communication, and none of DTTL, its member firms, related entities, employees or agents shall be liable or responsible for any loss or damage whatsoever arising directly or indirectly in connection with any person relying on this communication. DTTL and each of its member firms, and their related entities, are legally separate and independent entities.

© 2021. For information, contact Deloitte Global.



Share this post:

Comments on "How We Can Close the Cyber Gender Gap"

Comments 0-5 of 0

Please login to comment