Lancaster University Management School - 54 Degrees Issue 26

Early in my (Professor Niki Pantelli’s) academic career, I developed an interest in examining women’s status in the UK IT industry. The work was driven by a desire to understand why, whilst IT is a growing industry with increased opportunities for employment and career advancement, women remained under-represented in the sector. Ever since, I have been involved in numerous research projects in this domain, ranging from exploring the gender segregation of the IT profession, to the challenges of returning to an IT profession following a career break, and understanding why women leave permanent IT positions to become independent IT contractors. The latest project between the authors of this piece involves examining gender dynamics of cyber security professionals. With increased cyber security threats, but also the skill shortage in the sector, researching women in cyber security profession is a natural next step forward. A NEED FOR DIVERSITY As cyber security threats become more complex, the cyber security profession must draw on a wide range of skills, and perspectives to ensure protection of digital systems and data. The 2024 Department for Science, Innovation and Technology report on Cyber security skills in the UK labour market shows only 17% of the UK cyber workforce are women. This challenge is more prevalent in senior cyber security roles, where women account for only 12% of the workforce. According to the 2023 Women in cyber security report, women in this profession hit the glass ceiling 5-10 years into their careers, contributing to attrition. These statistics have not significantly improved from previous years, indicating that gender diversity remains an embedded and persistent challenge. THE INSIDE PICTURE Now working together, we have interviewed 24 women in the cyber security sector, including those employed in compliance, governance, auditing, management, consultancy, AI and recruitment. They range across different career stages, with experience from two to 30 years in the profession, and come from the UK, USA, The Netherlands, Greece, Mexico and Kenya. Our study reinforces the constraints and challenges that women have been facing for the last two decades when developing IT careers, notably masculine IT culture, limited career opportunities, and a lack of role models. The findings show clearly that despite numerous academic studies on the subject alongside industry and government initiatives for inclusivity and diversity in the IT sector, not much has been achieved. What is particularly alarming is that we can see gender representation going down (in the early 2000s, the figures mentioned above were around 22%). NO-ONE TO FOLLOW The cyber security sector, like the IT industry more broadly, experiences low representation of senior female leaders. The impact is twofold: women do not have a voice at important strategic decision making, which reduces opportunities to make an impact; and there is a limited presence of female role models which may discourage young female professionals from joining the sector. The lack of role models was mentioned by almost all participants in our study. This indicates that though women are recruited in cyber security, they are either not retained and therefore depart the profession. When they do stay, they are not promoted. Participants also reported being stuck in 32 |

RkJQdWJsaXNoZXIy NTI5NzM=