Despite Growing Cyber Threats and Workforce Gap, Women Remain Underrepresented in Information Security

Share Article

(ISC)² ®and Booz Allen Hamilton Partner for 2015 Women in Security Workforce Report

(ISC)²® (“ISC-squared”) today released a new report titled ‘Women in Security: Wisely Positioned for the Future of InfoSec’ in partnership with Booz Allen Hamilton, conducted by Frost & Sullivan. Surveying nearly 14,000 global professionals, this report focuses on the lack of gender diversity in the information security workforce despite a cyber landscape that is growing and changing in complexity of threats. Specific topic areas in the report include the differences between men and women in the industry, the current and future outlook for women in the information security field and the unique skills women possess to fill pertinent information security positions today and in the future.

“The information security field is expected to see a deficit of 1.5 million professionals by 2020 if we don’t take proactive measures to close the gap,” says (ISC)² CEO David Shearer. “Knowing this, it is rather frustrating to realize that we do not have more women working in the industry. Only 10 percent of information security professionals are women, and that needs to change. Through collaboration, research and partnerships, (ISC)² is committed to empowering underrepresented minority groups in the industry, such as women, who bring skill sets that are critical to this industry’s future growth.”

While women have represented approximately 10 percent of the information security workforce for the past few years, analysis from the last two (ISC)² information security workforce surveys shows that women are quickly converging on men in terms of academic focus, computer science and engineering, and, as a gender, have a higher concentration of advanced degrees. For example, women in information security are making their largest impact in governance, risk and compliance (GRC) – which the study identified as a growing role in information assurance and cybersecurity – as one out of five women identified GRC as their primary functional responsibility compared to one out of eight men holding similar positions.

“I find the results of the research heartening, in the sense that we are starting to see a full career progression for information security professionals,” says Allison Miller, product manager at Google and member of the (ISC)² Board of Directors. “We've moved past the stage where people say ‘you do what for a living?’ and have matured into an industry that needs and demands more diverse skillsets, and more sophisticated differentiation of roles. What the numbers say is that the industry needs more talent. Great! Yes! Let's foster more talent and innovation, everywhere in information security. That means taking more risks and including more voices. Having hard data gives us the ability to assess industry gaps and shortages – and individual career objectives and expectations – in a more thoughtful and systematic way.”

(ISC)² and Booz Allen Hamilton partnered on this research to identify the unique differences between men and women in the industry and utilize this information to encourage girls and young women to pursue this exciting career. Below are a few of the key findings from the report:

  • GRC is one of the fasting growing information security roles where women tend to dominate.
  • Women possess key character traits that enable them to succeed in GRC roles.
  • The percentage of women with either a Master’s or Doctorate degree are strong, with 58 percent of women having advanced degrees versus 47 percent of men.
  • In the GRC subgroup of respondents, women’s average annual salary was 4.7 percent less than men. Interesting to point out is the difference men and women place on the importance of monetary compensation. Men value monetary compensation slightly over women who look for other incentives from their employers (i.e. flexible schedules).
  • Women are more progressive in their views on training methods. Offering increased accessibility and wider diversity of information security training opportunities may prove to be increasingly valuable in retention and in elevating professionals’ readiness to succeed in new roles.

“The Internet of Things brings great opportunity and connectivity, but it also adds to the complexity of the cyber threat,” said Angela Messer, the executive vice president leading Booz Allen’s predictive intelligence business in the firm’s Strategic Innovation Group. “The adaptive nature of cyber threats demands a talent management strategy that will broaden the skillsets and knowledge of the information security profession. We must demonstrate to young women thinking about entering the industry the many opportunities that await them and reinforce for those currently working in cybersecurity that they have bright futures ahead.”

The findings in this report are based on research from the (ISC)² 2015 Global Information Security Workforce Study (GISWS), released earlier this year. The full ‘Women in Security: Wisely Positioned for Future of InfoSec’ can be downloaded here. This study is being released in conjunction with the (ISC)² Security Congress 2015 colocated with ASIS 2015 from September 28 – October 1 in Anaheim, Ca. at the Anaheim Convention Center. In partnership with the ASIS Women in Security Council, there will be an entire conference track dedicated to the topic of women in security on Wednesday, September 30 from 11:00 a.m. – 5:30 p.m. PDT in room 303a. More information on the women in security sessions can be found at

About (ISC)²® and the (ISC)² Foundation

Formed in 1989, (ISC)² is the largest not-for-profit membership body of certified cyber, information, software and infrastructure security professionals worldwide, with nearly 110,000 members in more than 160 countries. Globally recognized as the Gold Standard, (ISC)² issues the Certified Authorization Professional (CAPÒ), Certified Cyber Forensics Professional (CCFPÒ), Certified Cloud Security Professional (CCSPSM), Certified Information Systems Security Professional (CISSPÒ) and related concentrations, Certified Secure Software Lifecycle Professional (CSSLPÒ), HealthCare Information Security and Privacy Practitioner (HCISPPÒ) and Systems Security Certified Practitioner (SSCPÒ) credentials to qualifying candidates. (ISC)²’s certifications are among the first information technology credentials to meet the stringent requirements of ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)² also offers education programs and services based on its CBK®, a compendium of information and software security topics. More information is available at

The (ISC)² Foundation is a non-profit charitable trust that aims to empower students, teachers, and the general public to secure their online life by supporting cybersecurity education and awareness in the community through its programs and the efforts of its members. Through the (ISC)² Foundation, (ISC)²’s global membership of nearly 110,000 certified cyber, information, software and infrastructure security professionals seek to ensure that children everywhere have a positive, productive, and safe experience online, to spur the development of the next generation of cybersecurity professionals, and to illuminate major issues facing the industry now and in the future. For more information, please visit

About Booz Allen Hamilton
Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. Booz Allen partners with public and private sector clients to solve their most difficult challenges through a combination of consulting, analytics, mission operations, technology, systems delivery, cybersecurity, engineering, and innovation expertise.

With international headquarters in McLean, Virginia, the firm employs more than 22,500 people globally, and had revenue of $5.27 billion for the 12 months ended March 31, 2015. To learn more, visit

About Frost & Sullivan
Frost & Sullivan, the Growth Partnership Company, works in collaboration with clients to leverage visionary innovation that addresses the global challenges and related growth opportunities that will make or break today’s market participants. For more than 50 years, we have been developing growth strategies for the Global 1000, emerging businesses, the public sector and the investment community.

© 2015, (ISC)² Inc., (ISC)², CAP, CCFP, CISSP, CSSLP, HCISPP, SSCP and CBK are registered marks, and CCSP is a service mark, of (ISC)², Inc.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Amanda Dalessandro
+1 7277421853
Email >
Visit website