We hear this question regularly and we are certain that many other students don’t even ask because they do not see cybersecurity as a field with a place for them. The answer is yes! There is a place for you. At the same time, a number of barriers can make the cybersecurity field unwelcoming to some. We are devoted to identifying these barriers, understanding them, and helping erode them.
Surveys of the field show that women occupy somewhere between 11–24% of cybersecurity positions. Women are paid less than men in similar positions. Minorities are also underrepresented in cybersecurity, and tend to occupy non-managerial positions, leading to lower pay.
Barriers are also imposed by historical concepts of “security,” and how they have translated into the practice of security. Security is not evenly distributed. As a society, we have prioritized and invested in some individuals’ and groups’ security over others. At worst, security can be a mechanism to enforce class, racial, or gender-based divisions. Racial profiling is an example of policy that unfairly distributes security, where the privacy and security expectations of one group of people leads to police attention being focused on other groups. This privileges one group from police attention, in effect granting it a kind of privacy; it also focuses that attention against the less powerful group, leaving it insecure against unjustified suspicion.
Ultimately, we end up with worse security because of the field’s lack of diversity. Racial profiling again is an illustrative example. While it results in over-policing of targeted groups, it does not necessarily improve security by reducing crime. But both the over-policing and the ineffectiveness are less likely to be predicted by a non-diverse group developing goals and practices than by a diverse group. And these problems are less likely to be observed in practice if oversight is handled by a non-diverse group lacking relevant experience or perspective. Developing effective security goals and practices requires the input of all affected people.
To address this problem, we need to understand why the field can be unfriendly to women and minorities. There are a number of structural causes underlying barriers to women and minorities. One, elucidated by Berkeley Alum Ashwin Mathew, relates to how knowledge spreads in cybersecurity. Cybersecurity experts tend to network in small, in-person networks, and these are difficult for women and minorities to enter.
More generally STEM fields and the military itself, both prime contributors to the cybersecurity field, are male-dominated. Silicon Valley’s decades-long history of discounting diversity efforts set the stage for today’s lack of women and minorities in technology. For instance, for decades Lockheed was Silicon Valley’s largest employer, yet it did little affirmatively to address diversity. Even after the passage of equal employment laws, Lockheed was 85% male and had only 10% Latino, Asian, and Black workers, according to Margaret O’Mara.
Thankfully, efforts to erode these barriers are ongoing and growing. We have pointed to resources in this FAQ that provide opportunities for women and underrepresented minorities in cybersecurity. Some of these include Women in Cybersecurity, the International Consortium of Minority Cybersecurity Professionals (offering mentoring, scholarship, and career support), SANS Institute Diversity Cyber Academy (offers training and certifications to minorities and women at no cost), and the The Diana Initiative. Sourcelist now provides its women+ database with a list of experts in cybersecurity and other technical fields.
There are also steps you can take to erode these barriers. For instance, consider offering your services and expertise to a group that needs security help. Many organizations have relatively-low-levels of security expertise. Thus, for instance, if you know how to implement 2FA, many small businesses and nonprofits could use your skills. CLTC has explored this avenue in Improving Cybersecurity Awareness in Underserved Populations.
Focusing your research on underrepresented groups is another approach. University of Toronto’s Citizen Lab stands out as a model for thoughtful, inclusive research. Data & Society, a group started by Berkeley alum danah boyd, has made digital fairness a key focus. At the law school, Professor Khiara Bridges wrote a book detailing the class dynamics of privacy.