Women are only 24% of the infosec workforce. Now go follow them on Twitter

Women are only 24% of the infosec workforce. Now go follow them on Twitter
Credit: William Iven / Pixabay

The technology industry has, at least, for the past forty years, been something of a sausage-fest, with men dominating almost all tiers of the workplace. A new report from infosec industry group, the (ISC)2, shows that’s gradually changing. Not only are women representing a larger swathe of the cybersecurity workforce, they’re also accomplishing great things in leadership roles.

The (ISC)2 Cybersecurity Workforce Study shows that women comprise an estimated 24 percent of the cybersecurity workforce. While that’s far from an even (and ideal) 50-50 split, it’s certainly indicative of an upwards trend of more women joining the industry. For context, in 2017, women made up just 11 percent of the burgeoning cybersecurity sphere.

It’s worth noting that this study, while promising, has significantly changed the parameters of who is included in the sample by widening the professions eligible for inclusion. Previously, the group consisted solely of infosec professionals working in official cybersecurity professions. In the latest edition, the survey sample includes other IT/ICT workers who dedicate at least a quarter of their working time on cybersecurity-related responsibilities, even if it’s not their main job.

It’s worth mentioning that the methodology for the latest iteration of the study has generated some discussion, highlighting the difficulty of pinning down the true figure of women in infosec. If anything can be gleaned from this report, it’s that women have been doing infosec for a lot longer, and a lot more often, than has been previously recognized.

What is an infosec worker?

Not everyone in infosec is necessarily a penetration tester, and not everyone in infosec spends all their time sat dealing with security-related problems. It’s worth recognizing that this is a field that’s fundamentally multidisciplinary in nature, and people often wear multiple hats (all white, one hopes) while working in the same role.

You could be an instructor who trains office workers how to perform their jobs without exposing the business to any unnecessary security risks (like, for example, using random USB flash drives that you found on the street). Programmers could spend their time reviewing code in order to find security vulnerabilities before a potential adversary does. You could be a journalist working on a security beat, writing important analysis about industry trends.

When I mentioned I was working on this post, someone (quite rightfully) pointed out that the involvement of women in infosec is nothing new. Women have historically had an enlarged role when it comes to keeping and protecting business information, working in fields like archiving and library science. And that, it could be argued, isn’t too far removed from today’s digital roles.

The report also shows that women are increasingly taking up a leadership role in the infosec industry. According to the (ISC)2, some 28 percent of women who responded to the survey hold a C-level or executive role. In comparison, only 19 percent of men said the same.

Similarly, seven percent of female respondents hold the coveted Chief Technology Officer position, compared to just two percent of men. A further 18 percent of women have a job title of IT director, compared to 14 percent of men.

So, in short: there’s more women in information security. Not only that, but they’re climbing the highest echelons of the industry and attaining leadership roles. Of course, there’s a long way to go, but overall, this is extremely good news. You can find out more about the (ISC)2 Cybersecurity Workforce Study here.

Meet the experts

Of course, I don’t want to merely tell you about these accomplished women. I want you to follow them and see their accomplishments first-hand. While writing this piece, I reached out to my Twitter followers and asked what women in infosec they admired. The response overwhelming. Dozens of people got in touch, to the point where Twitter said (paraphrased): “I see you’re getting a shitload of notifications. Want to set up some filters?

Obviously, this isn’t an exhaustive list. Not even close. There are hundreds of thousands of people working in infosec. It’d be impossible to highlight all the wonderful and talented women in this sphere. Consider this list, albeit embarassingly small, a solid starting place.

It’s also indicative of what the report tries to argue, insofar as you don’t have to be a pentester in order to be considered an infosec professional. Information security is a multidisciplinary field, with countless avenues of entry. Below, you’ll find developers, analysts, authors, educators, and much more.

And it goes on. Really, it does. I wouldn’t be surprised if there’s more than 100 names mentioned in my thread. If you’re a security professional looking to diversify your following list, or are merely looking to learn more about this fascinating and important field, it’s worth checking out.


TNW Conference 2019 is coming! Check out our glorious new location, an inspiring line-up of speakers and activities, and how to be a part of this annual tech extravaganza by clicking here.

Read next: WhatsApp finally lets you prevent people from adding you to their shitty groups