Why ‘confidence is key’ to achieving gender parity in cybersecurity

By Dr Lucie Kadlecová Senior Associate at CybExer Technologies & Scholar on State Sovereignty in Cyberspace

  • Tuesday, 15th November 2022 Posted 2 years ago in by Phil Alsop

Are women less competent when it comes to technology? No. Are they less confident? Absolutely.

This paradox became painstakingly obvious to me during my time teaching a cybersecurity module to students at Charles University in my home country of Czechia. Not only were high-performing female students more hesitant to sign up to my class, but they were misguided about the role that exists for women in cybersecurity. Some of them even seemed to believe that they would be outperformed by their male peers should they pursue a career in the field.

This ‘emotional’ kind of barrier presented for women that are contemplating entering the world of cybersecurity has been reappearing in other areas of my work since those early classes. Particularly during my time supporting the CTF Tech’s Cyber Battle of Estonia initiative as part of the CybExer Technologies team. For context, the Cyber Battle of Estonia is a gamified TV show running in Estonia (with other competitions also running internationally), where CTF Tech travel the country to run a series of cyber bootcamps with students aged 15-24. The aim is to teach hundreds of young people how to work in teams and defend critical infrastructure while competing in cybersecurity competitions against one another. At the bootcamp stage during the competition in 2021, we saw that 30% of the 500 applicants were girls, which was an amazing number. However, a massive number of those girls dropped out of the programme once we reached the competitive stages, simply because they didn’t have the confidence to put all their knowledge into practice. This did not appear to impact on the boys at all. That was also why CTF Tech decided to open its Girl’s Cyber Academy this year to encourage and empower girls that are interested in entering the cyber domain. The Academy consists of the same educational content as the other bootcamps, but on top of this, CTF Tech has also added a number of soft-skills aspects to boost the participants’ self-confidence. We are already seeing that the Girl’s Cyber Academy is bearing its fruit - in this year's Cyber Battle of Estonia grand final, we saw a gradual incline in the number of female finalists competing against their male counterparts. It demonstrates again why there is much more to getting women into cyber than simply teaching them the skills they need to know.

This is why I think the first barrier we need to overcome when creating a more balanced cyber industry is to challenge the misconception that cybersecurity and tech more generally are somehow ‘male’ industries. This is where the role of cyber initiatives, female role models, and mentorship programmes come in, since they do a great deal of work to tackle that voice in the back of women’s minds that makes them doubt themselves. Recognising the emotional challenges involved and making sure plenty of support is on offer is absolutely critical to encouraging more diversity in cyber and tech. Not only for women, but for other minority groups or people with less confidence that may find themselves at a crossroads either before or somewhere along their career journey.

The second crucial element is of course creating more educational opportunities. The first part of this is to redefine what most of us understand by ‘cybersecurity’. It’s extremely common to associate

cybersecurity with purely technical elements, and the term has become sort of synonymous with the idea of high-tech individuals sitting in dark rooms staring at long lines of code. In reality, cybersecurity has far simpler beginnings. When we ask ourselves why certain institutions are attacked, and what the benefit is for hackers in carrying out those attacks, we find ourselves answering in far more understandable, if not slightly philosophical terms. Cyberspace is a man-made domain compared to other domains, such as airspace, or seaspace. So, we are the sole movers of events in cyberspace; we influence it. When we talk about non-technical aspects, it’s about how we, as users, think and behave. It involves things like social media, international relations and law or strategic communications. The second educational aspect is about creating more opportunities for women to retrain, and again we really need to help women feel confident and competent prior to this, so that when they reach a point in their career where they might not feel happy, they aren’t scared to take up a course in technology - be it coding, cyber, or anything else. So we really want to build momentum through these different channels.

The third, and probably toughest, barrier to overcome is to help those in control of the tech labour market - the employers, be it large corporations, government, NGOs, SMEs or anything else - realise the value of having women in their organisations. It is scientifically proven that women are stronger at some abilities than men, in the same way that men are stronger at certain things than women, and this is a hugely underutilised fact when it comes to business and technology. For instance, women are stronger at negotiating, they have an eye for detail, and tend to be better at problem-solving. When you put this into boardrooms, or on the ground in your company, what you see is improvements to your workflow, because the women help make processes run smoother and faster.

Cyber security and IT are all about wit, problem-solving, precision and more, not about muscle mass. Hence, one key thing we must do is to challenge this societal paradigm of gender and realise that the IT industry is all about your skills and personal attitude, not about gender. By hiring more women and diversifying their teams in terms of gender, the employers get a more creative and productive team which combines different approaches, ultimately leading to better and more complex solutions. In the opposite case, the employer can miss out on up to 50 per cent of the talent pool - at a time when IT skills are hard to come by and we are crying out about the lack of IT professionals in the workforce!

In summary, challenging the current gender imbalance in cybersecurity requires a holistic approach - simply allowing women to apply for the same opportunities as men is not enough. We need to support women from early on in the process to bring their mindset in line with men’s, and let them know they can be a huge asset to any IT team. How early we catch women is completely open - as early as elementary school, girls can get familiarised with coding so that they perceive it in the same way as any other subject. At minimum, this broadens their scope of choice when it comes to the subjects that facilitate their choice of career path later. However, retraining should also be encouraged - it’s never too late to learn new skills!