New (ISC)2® Report Reveals Women’s Perspective and Skills are Transforming the Information Security Industry

Share Article

Survey findings show that despite a severe shortage of women in the information security workforce, women offer the right mentality needed to grow and diversify the security industry.

(ISC)2® (“ISC-squared”), the world’s largest not-for-profit information security professional body and administrators of the CISSP®, today released a new report, “Agents of Change: Women in the Information Security Profession” that was authored by Frost & Sullivan and sponsored by Symantec. The study reveals that women only represent 11 percent of the information security workforce, despite double-digit annual increases of personnel in the profession, yet they have the academic background and diverse perspective necessary to accelerate change in the information security industry. The report highlights a severe shortage of woman in the information security industry and why organizations globally need to shift attention to this critical problem.

“The identified shortage of women in the industry only reiterates the importance of our Foundation offerings like the women’s scholarships we award annually to female students aspiring to obtain information security careers, and the Safe and Secure Online program, which brings (ISC)2-certified cyber security experts into classrooms to teach children how to become responsible digital citizens while introducing them to a career in cyber security,” said Julie Peeler, director of the (ISC)² Foundation. “(ISC)2’s Chapters are also offering women in security mentoring and awareness programs within their local communities to recruit more women into the field, but we need a broader and deeper level of education and engagement for women at a younger age before we can realize the level of impact required to solve the workforce shortage.”

Survey respondents were divided into two job title categories: Leaders and Doers. The Leaders (3,466 respondents) category included job titles such as executives, managers, and strategic advisors. Doers (2,348 respondents) included respondents with job titles such as security analysts and compliance auditors. In the Leaders category, more women (34 percent) were in consultant and advisor job titles than men (26 percent), and more than twice as many men as women were network security or software architects. In the Doers category, 38 percent of women cited security analyst as their job title versus 27 percent of men. However, a higher proportion of men held security engineer and network administrator job titles. The 2013 Global Information Security Workforce Study identified “security analyst” as the number one most needed position in the information security industry, leading the way for a strong female presence in the future.

The report also looked at average job tenure, median and average annual salary and academic backgrounds. In these categories, the report showed only marginal differences between women and men who work in information security fields:

  • Women Leaders have spent an average of 13.5 years in the field, compared to men at 13.6 years.
  • Women and men Leaders both command an annual average median salary of US$105,000 per year.
  • 91 percent of women Leaders hold a bachelor’s, master’s or a doctoral degree vs. 89 percent of men Leaders.

The findings revealed that women in information security, as a group, have a more diverse academic background than men, and a collective background with slightly greater emphasis on social sciences and business degrees vs. engineering and computer sciences.

“The report data indicates that the perspectives of women offer viewpoints needed to elevate the security industry to the next level,” added Michael Suby, author of the report and vice president of research at Frost & Sullivan.

While technical skills are integral to developing a strong security posture within organizations, it’s important to supplement the proper skills and perspectives necessary to make impactful businesses decisions. The report findings also demonstrate that the surveyed women believe a successful information security professional should maintain a variety of skills vs. surveyed men, who believe technical skills should be the priority. Women reported the following as the key attributes of a successful information security professional:

  • Communication skills
  • Broad understanding of the security field
  • Awareness and understanding of the latest security threats
  • Security policy formulation and application
  • Leadership skills
  • Business management skills

“Although efforts to fill the information security industry with skilled professionals have increased, the growing number of sophisticated attacks in our cyber landscape are posing an increased threat to organizations in both the public and private sectors,” added Suby. “Combatting these threats requires a community approach to training and hiring qualified security professionals from a variety of backgrounds. As our research reveals, women leaders are the strongest proponents of security and risk management education and training in the industry. This type of mentality is crucial to building standards in the industry and echoes the report’s findings that women are indeed, ‘agents of change’ in the future of information security.”

“Symantec believes it is critical that we bring more qualified women into the cyber security profession. Through our support of this study, and our broader commitment to women in STEM professions, we hope to increase the representation of women in technology,” said Julie Talbot-Hubbard, chief security officer at Symantec. “In working with partners such as (ISC)², we are able to bring a greater awareness to this important issue."

Julie Peeler and Julie Talbot-Hubbard jointly presented at the 11th Annual Executive Women’s Forum National conference last week in Scottsdale, AZ on the findings of this study. The full study can be found here:

About (ISC)² and the (ISC)² Foundation
(ISC)² is the largest not-for-profit membership body of certified information security professionals worldwide, with over 92,000 members in more than 135 countries. (ISC)²’s certifications are among the first information technology credentials to meet the stringent requirements of ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)² also offers education programs and services based on its CBK®, a compendium of information security topics. The (ISC)² Foundation is the charitable trust of (ISC)², aiming to make the cyber world a safer place for everyone with community education, scholarships, and industry research like the (ISC)² Global Information Security Workforce Study.

More information is available at and

About Frost & Sullivan
Frost & Sullivan, the Growth Partnership Company, works in collaboration with clients to leverage visionary innovation that addresses the global challenges and related growth opportunities that will make or break today’s market participants. For more than 50 years, we have been developing growth strategies for the Global 1000, emerging businesses, the public sector and the investment community. Is your organization prepared for the next profound wave of industry convergence, disruptive technologies, increasing competitive intensity, Mega Trends, breakthrough best practices, changing customer dynamics and merging economies.

© 2013, (ISC)² Inc., (ISC)², CISSP, ISSAP, ISSMP, ISSEP, CSSLP, CAP, SSCP and CBK are registered marks, and the CCFP is a service mark, of (ISC)2, Inc.

Follow (ISC)² on Facebook, Twitter and YouTube.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Michelle Schafer
Merritt Group
Email >

Amanda D'Alessandro
Email >
Follow us on
Visit website