When news hits my mailbox on a Friday afternoon, I don't always have the time to open it, but this story was different. Seeing the title "Groundbreaking Report Exposes Stark Exclusion of Women in Cybersecurity" was something I could not pass up.  Of course, I first checked the article's source and website, as any good cybersecurity professional must check before clicking enticing links.  However, I was excited and frustrated by the opening paragraph once I got to the article.

As a woman in cybersecurity, I am often asked what it is like, what people looking to enter the industry should know, what resources are available for women in cybersecurity, and how much it has changed since I entered the industry too many years ago to put on paper.  These are all fair questions, and as a mentor and someone passionate about opening doors for more women in STEM, especially cybersecurity, I welcome them all and answer them with brutal honesty every time.  The reality is that although it has changed since I started, there are still so many challenges for women in cyber.  For that, I am disappointed, but I am thrilled to see it called out so clearly in this article and in the research and report from WiCyS, that was the basis of the article.

Beginning with the report's key findings, it needs to be called out that one of the top four exclusion categories was respect.  I doubt this is shocking to many of the women who have been in this industry for a while, but many feel that the tide has shifted, and this is less impactful now.  This report was compiled from data in 2023, so it is important to note that women have not felt that positive impact in this space.  The sources of exclusion are not just leadership but also direct managers and peers.  So, it is not surprising that women highlight that these experiences hinder their job satisfaction and ability to perform daily at their peak.  What I also want people to notice from the key findings is the wide range of themes of exclusion; with social exclusion, menial tasks, and underutilized skills, being those which are not usually called out in other reports on this topic.  The difference with this report is that the goal of WiCyS was to benchmark women's experiences in cyber today and to understand why these experiences are taking place so they can be addressed directly going forward with the ultimate goal of bringing measured improvement across the industry.
The other crucial area on this report I would like to call everyone to review is the direct quotes of experiences in these themes of exclusions from those who responded to the study.  Suppose, in reading those responses, you are not called to action to improve the experiences of those around you or further support women in cybersecurity.  In that case, I don't see any other data that could change your mind on the current climate.  These quotes place you directly in the shoes of women in cybersecurity daily.  I have lived through most of those quotes in my career and have discussed so many of them with other women in cyber.  It is important to note as well that none of the quotes highlighted being a working mother, and although that does not apply to all women in cyber, being a working caretaker of another person is quite common, and that adds another layer of bias to the already challenging situation we are in daily.

What do I want you to take from this?  Firstly, read the report.  Honestly, please read it and try to understand what they are highlighting.  Secondly, the article that drew me to this report is also excellent at summarizing its impact on a writer in this space.  Next, and most importantly, look around your workplace and try to be present when some of these experiences may occur.  For example, the next time you are at an event or a meeting with a meal, who is responsible for planning and arranging the meal and ensuring it is tidy?  (Highly likely, it is a woman and not necessarily someone who wasn't also leading the session or a key contributor, and potentially even in a leadership position.) Can you help that person?  Can you support preparing for your company's next big event or meeting so that person can focus on the agenda or their speaking notes?  In general, take stock of how women are treated in your organization and specifically how women in cyber you interact with are treated.  There are always areas we can improve, and if you can help identify them or be the place to start, that is a huge step forward.

To the women in cyber who are reading this, you have support, be it through mentorship programs, groups like WiCyS, your organization, or connecting with like-minded women.  Ensure you personally have someone who you can contact when you need a sounding board or to gut-check something.  We can drive change together, but more importantly, we can help lift each other up.  Feel free to contact me directly if you are unsure of where to start in getting that support for yourself, or for those women in cyber around you.

I would be remiss if I didn't highlight in this article that things are changing, and I have seen a stark improvement in many areas since joining the cyber industry.  There are also so many people of diverse backgrounds actively working to drive this improvement, not only for women but anyone feeling these experiences in the workplace.  But for me, as a data junkie, I am thrilled to see this benchmark report so that we have the data needed to impact change and then compare the same points in a year and see how far we have come.
If you know of similar reports, please share them!

Article: https://www.secureworld.io/industry-news/wicys-report-exclusion-women-cybersecurity

Report: https://www.wicys.org/wp-content/uploads/2024/04/2023-State-of-Inclusion-Benchmark-in-Cybersecurity-Report.pdf