Greater numbers of women are taking non-IT routes into cybersecurity roles, according to ISC2 research.
Most respondents to the ISC2 Cybersecurity Workforce Study entered the cybersecurity field via an IT pathway – either a previous IT role or an IT-based education path. Of those, 61 percent of women respondents came into cybersecurity via an IT route, compared to 72 percent of men. However, beyond the migration from IT to cybersecurity roles, there has been a shift towards women leading the way into the profession via these other paths, using non-technical and non-traditional paths and opportunities as a launchpad.
Advanced education is also a significant pathway into these roles, more so for women coming into the sector. For example, nearly a quarter (24 percent) of women respondents said they came in with a cybersecurity-related undergraduate degree (compared to 18 percent men), with 23 percent of women (18 percent men) entering a cybersecurity role with an undergraduate degree in a field not directly linked to cybersecurity.
In addition to this, 18 percent of women respondents (12 percent men) noted that they held an advanced degree – a postgraduate qualification like a master’s or a doctorate – in a cybersecurity-related subject prior to taking up a cybersecurity role. For non-cybersecurity advanced degrees, 16 percent of women respondents (11 percent men) held these qualifications before entering the cybersecurity workforce, aiding the transfer of a wealth of applicable knowledge into the cybersecurity field.
Alongside these insights into education leading into a first cyber role, respondent data also confirmed that overall, women respondents have reached higher levels of formal education than men who responded. For instance, 48 percent of all women who participated have a master’s or equivalent, compared to 42 percent of men who participated. Furthermore, nine percent of women respondents have a doctorate or higher compared to six percent of men.
At least half of women who responded to the study have degrees in CIS/cybersecurity, with 51 percent of women holding an undergraduate degree in CIS/Cyber compared to 57 percent of men, while 58 percent of women surveyed held a master’s or equivalent in CIS/cybersecurity compared to 63 percent of men surveyed.
Internship and apprenticeship
Seeking out pre-career experience is something that women respondents are prioritizing to a much higher level, with 11 percent of women stating they came into their role having undertaken a cybersecurity internship first. In comparison, only six percent of men did the same. Apprenticeships also played a role, again with women using this experience opportunity in greater percentages. However, the apprentice option was a much smaller group compared with internships, with four percent of women respondents using this route, compared to just two percent of men respondents.
Apprenticeship opportunities are still less common than internships in many administrative IT and cybersecurity environments. Apprenticeship programmes are seen in greater volumes in industrial sectors such as manufacturing, engineering, agriculture and transport, including for personnel responsible for cybersecurity functions in such industries.
Beyond career and formal education routes, the responses indicate significant emphasis women respondents placed on certifications and professional development to support their efforts when securing and furthering a cybersecurity career path.
Holding a cybersecurity certification before entering their first job in cybersecurity was cited by 18 percent of women respondents and 16 percent of men.
Hiring priorities
Nearly a quarter (23 percent) of women respondents stated they came into the profession via a non-IT job, compared with 17 percent of men who participated in the study. Organisations where women hiring managers work appear to be more open to exploring internal hires and alternate pathways into the profession, based on the research findings, while women feel their organisations are being more proactive in their hiring across the board of technical, non-technical and alternative background personnel.
Survey data from the UK Department of Science, Innovation and Technology (DSIT) showed that in the last year, 43 percent of cybersecurity employers hired through non-degree routes. The same data also showed an 18 percent year-on-year increase in the number of cybersecurity apprenticeships being started in the UK.
Further to this, 56 percent of women respondents said their organisations are already changing their hiring requirements to bring in more people from non-cybersecurity backgrounds, while 41 percent of men surveyed said the same. This is illustrative of employer efforts globally to widen the potential cybersecurity talent pool without compromising standards. Women respondents (67 percent) were even more prominent in noting that their organisations were actively trying to make use of skillsets already on the payroll, recruiting technical hires from other departments to fill roles in cybersecurity teams.
