The
Information Security field is not keeping up with the bad guys. And, that’s
with companies throwing gobs of money, software, and equipment at the problem.
That said,
the International Information Systems Security Certification Consortium (ISC)2
and the consulting firm of Frost & Sullivan feel they understand why
digital bad guys are winning. Information-Security departments are not paying
enough attention to company business objectives, they are unable to communicate
effectively with other departments, and team members have a homogenous set of
skills.
WOMEN UNDER REPRESENTED
The two
organizations go on to explain why the situation is what it is in their report,
Agents of Change: Women in the Information Security Profession [PDF]. Quite simply,
the group feels there are not enough women in the Information-Security field.
Women only represent 11 percent of the Information-Security workforce which is
discordant with other professions where women are near parity with men.
According to the report:
“In comparison to representative
labor statistics—women in 2012 accounted for 46.9% of the United States total
labor force and 51.5% of United States management, professional, and related
positions—it is clearly evident that women, at just 11% of the
Information-Security profession, are greatly under represented.”
The report
did not go into detail as to why the dramatic difference, but did say it was
crucial that the status quo change.
WHY WOMEN ARE NEEDED
As to why it
is crucial to change the status quo, the report was clear. The expertise needed
to get Information Security back on track requires skills that are not
prevalent and not considered crucial by today’s Information-Security
departments. The (ISC)2 news release for the report explains: “While technical skills are integral to
developing a strong security posture within organizations, it's important to
supplement the proper skills and perspectives necessary to make impactful
businesses decisions.”
The news
release then hints at why it is important to have qualified women working in
Information Security: “The report
findings demonstrate that the surveyed women believe a successful information
security professional should maintain a variety of skills vs. surveyed men, who
believe technical skills should be the priority.”
The group
running the survey came to that conclusion based on how participants responded
when asked to determine how important the following attributes were:
- Communication skills
- Broad understanding of the security field
- Awareness and understanding of the latest security threats
- Technical knowledge
- Security policy formulation and application
- Leadership skills
- Business management skills
Here are the
results.
It may seem
too close to call, but Michael Suby, author of the report and Vice President of
Research at Frost & Sullivan spoke to the significance of the results:
“While graphically the differences
seem slight, these differences are nevertheless statistically significant with
the exception of technical knowledge—the sole category selected by a smaller
percentage of women as very important or important. Our interpretation is that
technical knowledge is not becoming less important; rather, other skills that
cut across disciplines are growing in importance with both genders, but more so
with women.”
Julie Peeler, Director of (ISC)2
explained to Tim Wilson of Dark Reading News why these attributes are
increasingly important:
Security is becoming less about
technology, and more about people—understanding their behavior, and protecting
users as they do their work. The study shows that women tend to value skills
such as communication and education—the skills that are currently in short
supply.
The report
alludes to it, but I want to come right out and say it. It is all about
diversity. Ask any sociologist: cultures or any group of people with a common
purpose such as a business, do best when there is a diverse pool of human
resources functioning together toward a common goal.
I’m no whiz
in the math department, but even I know that 90 percent is about as
“un-diverse” as a group can get.
Picture: kennyonline.net
