Women in cyber security is an issue. But, is this bigger?

Low numbers of women in cyber security is an issue

Call them millennials or Generation Y. It’s up to you.

I’ve been speaking about them recently and now it’s time to write.


Well, I believe that when it comes to getting more women into cyber security and achieving gender equality in the workforce, they’re our liberators. They’re the change makers.

I believe that this generation is going to transform the way we work in cyber security and the world at large more rapidly than any other generation that’s preceded them.

My only caveat:  if we let them, but I’ll come to this later.

Let’s start with who they are.

Millennials are those born between 1980 and 2000. By 2020, they’ll make up 50% of the workforce and by 2025, 75%. According to a report by Goldman Sachs they’re also the largest generation (92m) outside of the baby boomers (77m).

Great. But, are they really that different to us – the Gen Xs and baby boomers?

The answer is yes – overwhelmingly so.

This generation has grown up in times of technological change and as a result, millennials have different priorities, expectations and world views. For example, many are not purchasing homes, cars, holidays, entertainment or luxury goods in the same way that we did. Instead they’re sharing, collaborating and becoming much better at resourcing.

They’re after access not ownership, convenience at the lowest cost, and are driving a shared economy. Think Spotify (for music), Netflix (for films), Airbnb (for accommodation), or Uber (for taxis). I could go on and on….

Technology is their friend and aid. Through it they’re modernising the way we communicate and consume data – both personally and with one another – and on a global scale. They’re social creatures, good networkers and are visible online with a voice that’s regularly heard by hundreds, thousands or millions.

They’re much more trusting than us too and it’s going to be interesting to see how this develops for cyber security, when currently we’re used to locking things down and trusting no one.

But, business will decide what we do, and as we exist to serve it, that brings me nicely on to the way they’re changing exactly how we do business.

Speed is undeniably the currency of new business for this generation. Instant access, on demand, price comparisons, product information and reviews – that are increasingly weighted by influence (both social and brand) – are the new norms.

Defined by their sense of entitlement and lack of attachment, millennials make for a demanding workforce. Being the most educated and culturally diverse generation to-date, they change jobs more often than any other generation and many employers are finding them increasingly difficult to please.

My eldest son serves as a perfect example. He graduated in 2015 with a first class honours degree from Nottingham University in Philosophy, has an IQ of 158, has been invited to join MENSA (who incidentally stop measuring at 161), secured a job with one of the world’s leading business process outsourcing and professional services companies and resigned from them less than a year later.

Whilst the company valued his integrity and he left on great terms (with a glowing reference), they were stunned when he told them he hadn’t another job to go to.

Although I encouraged him NOT to do this until he’d found another job – as most parents would – I totally understood why he did. It wasn’t that he felt unfulfilled in his job, or because he was working 70-hours per week on a measly salary and just about making ends meet. The most significant reason for him quitting was because he would not be developed.

Millennials, like my eldest son need to feel valued as people and employees in the workplace and according to Gallup the questions they’re asking from us, as employers, are:

“Do you value my strengths and contributions?” and “Will you allow me to do what I do best every day and will you help me improve?”

For millennials, a job is no longer “just a job.” They want it to have meaning and therefore demand to work in a different way. They want lifestyle, balance and care about their health. They want to be around to see their children grow up too and not be absent parents – like many of us have been or still are.

These things are important as increasingly the lines between home-life and work-life are becoming blurred. Most employees are being asked to work longer hours as we’re competing in a global market place and are often working remotely, in transit, or from home.

Millennials need managers who understand these things, who can offer flexibility and who can coach, mentor and develop them. They want their strengths to be understood and have them nurtured. They need constant feedback and conversations, just as they’ve been having on social media and via their phones as texts and to many of us they may seem rather insecure!

As for trying to command and control them. Forget it. Unlike previous generations who’d have stuck a job out for at least a couple of years before moving on, for fear of a blip on their CV, which would have affected their career prospects, this generation won’t just suck it up. Every day matters to them and they know they’ve got options – even if that means going back home to the family.

Working for a paycheck won’t do. They need more.

They want environment but I’m not talking about pool or ping-pong tables, free pizza, drinks or even cool sleeping pads. Seducing them with material possessions is short sighted – that is – if you want them to stay. Passion, purpose and care turns this generation on, brings out performance and induces loyalty – for both genders too.

But here lies the paradox. This generation seeks care and development but values convenience at cheap costs, which results in things being disposable, replaceable and not cared for.

Getting over the irony, attracting millennials into cyber security matters greatly. If we don’t succeed at this we’re simply compounding our problems and condemning our future.

Here’s what it looks like to me.

1. We’ve a shortage of cyber security skills as awareness grows. Cyber security job postings are growing 3.5 times faster than IT jobs. According to reports we’ve 1 million vacant cyber security jobs globally and this is set to rise to 6 million by 2020. ISC2 and Symantec have both stated that our deficit amounts to 1.5 million. If we can’t address this, we’re under resourced and more vulnerable to attack.

2. We’ve a lack women in cyber security. Right now, we’ve 10% of women in cyber security and each year this number decreases. Homogeneous teams could indeed become a reality unless we take the right action. We need to attract talent from different areas and find better ways to retain women, if we’re going to benefit from having diversity of thought and a chance at beating our adversaries.

3. We’ve an ageing cyber security workforce. Currently, 90% of those working in cyber security are over 30-years old, which means we’re not attracting millennials. Without them, we’re stagnating with old thinking and ways. And, again we’re increasing our risk exposure.

Whenever I speak at events, this last point is so noticeable, and I can’t help but think what’s gone wrong. Why did so many of us enter the industry in our 20s and why haven’t we attracted more younger people into cyber security as our careers have accelerated.

There’s never been a time when cyber security was this exciting!

My belief is that we’ve inadvertently put up barriers to entry as a means to improve and professionalise our industry. Twenty years ago many (but not all) cyber security professionals left school with a handful of qualifications and entered IT. Then, as technology developed they found their way into the industry – or had it thrust upon them.

Nowadays, qualifications, accreditations and certifications have developed (and still are), as a way to control the quality of the intake and, if I’m being cynical, keep these businesses lucrative.

So, what if we reduced the emphasis on these things? What if we removed the barriers, improved our recruitment/ hiring practices, made assessments based on thinking capability/aptitude and trained people on the job, like we did in the old days? Would that help us to solve some of the challenges I’ve mentioned?

In the UK, our government seems to think so. Right now they’re pushing apprenticeships, competitions like The Cyber Security Challenge, girl-only hackathons (you’ll hear more about this shortly), as means to attract younger talent and readdress the balance.

Companies like the Big 4 are also doing their bit. I met one young woman recently who was employed as a 16-year old, despite attaining poor GCSEs (her words not mine). Showing an interest in cyber security meant more to the firm than having “exemplary” exam results. They saw something in her and gave her an opportunity. In return, for the past 8-years she’s been successfully delivering projects, is now a mid-level consultant and about to graduate in computer science, which incidentally they sponsored.


BAE Systems serves as another good example. They’ve developed the National Cyber Security Academy, which aims to develop individuals with the confidence and technical capability to support a safer future. They’re looking for individuals with the aptitude, desire and motivation to make a difference and who want a career at the leading edge of technology.

They’re opening their doors to those who’ve been working within IT for a number of years, or graduates who simply have a passion for Computer Science. Their programme provides the technical knowledge, highest level of security clearance (DV) and interpersonal skills to work with confidence in a wide variety of challenging business environments. They’re also offering mentors and support, a good starting salary with regular salary reviews. The only potential drawback (if you’re enrolled) is that they’ll claw back their training investment if you decide you’re leaving within 2-years.

But, to me, that’s fair.

Another way to keep millennials is to give them a stake in the company. According to a 2014 study from Bentley University, 66% of millennials want to start their own business. That’s an impressive number and an indication that interest in entrepreneurship is the rise – even in cyber security.

Recently I’ve heard of several recruitment companies that are operating this model.  They’re giving away 40% of their company to all of their staff and in return they’re afforded loyalty and a work ethic that’s enviable. I’ve also come across large corporates that are taking in graduates, who can develop code to produce products and they’re also giving them shares in the company.

I’m a big fan of building businesses this way.

That said, I also know that the way we work is changing (see an earlier blog of mine) and what an alternative “employment” model looks like. Nowadays, jobs aren’t for life and our workforce is going to be much more transient. I therefore believe that it’s time to switch your thinking, so you don’t get left behind.

As employers, you need to consider resourcing for projects instead of recruiting for employees and taking the financial burden off yourself. As cyber security professionals you need to continuously train and develop your skills. Gone are the days of being a generalist. Now you need to become experts in your niche and hone your online profile so you become more attractive as freelancers and contractors. You also need to be diligent. As technology advances at speed, it may well take over your job role, so you need to be prepared to morph and slide in terms of your career specialism.

Now I want to hear from you…

Tell me in the comments below or in a private email:

  • How did you enter the field of cyber security?
  • What do you think we need to do in order to attract more millennials?
  • Are we putting up more barriers than we need to in order to attract talent?

Please share your stories and experiences here, and if you’ve got a question, just pop it down here or contact me.

PS. The big favour ask…

I’m committed to helping our industry improve – whether that’s helping to get the right people into cyber security, salespeople to sell more professionally or entrepreneurs to grow and scale their businesses. So, if you want to help, believe as I do and think we’ve the best industry ever, please just share my posts. If we work together we can achieve more!

Jane Frankland
Follow me

Jane Frankland

Jane Frankland is a successful cyber security technology entrepreneur, author, speaker, business consultant, and Board Advisor for ClubCISO. Having held directorships and senior executive positions within her own company and at several large PLCs, she now provides forward thinking cyber security organisations with strategic business development solutions.
Jane Frankland
Follow me