How Middle East technology leaders can attract women to cybersecurity

While the majority of graduates in tech-related subjects in several Middle Eastern countries are women, females in IT — particularly cybersecurity — continue to be underrepresented in the region. Why is this, and how can the situation be remedied? Tech leaders are grappling with the issue and have come up with a variety of approaches.

Education and outreach are key, and it’s also important for enterprises to come up with policies that will attract women leaders who also happen to have families, according to technology executives gathering earlier this month at the Women in Cybersecurity track at GISEC 2021, the biggest cybersecurity event in the Middle East. 

IDG

The absence of women involved in STEM (science, technology, engineering and mathematics) is a big concern in many countries, noted speakers at GISEC. In Arab countries, though, 34% to 57% of STEM graduates are women, according to UNESCO.

In Saudi Arabia, 59% of students enrolled in computer science courses are women, while the figures for the UK and US were 16% and 14%, respectively, UNESCO said. But despite the strong representation of women in STEM courses, the Middle East isn’t doing much better than other regions. In 2017, only 11% of the cybersecurity in the Middle East were women, and now it’s about 20%, according to several GISEC speakers.

Cybersecurity faces a skills shortage

The increase in data breaches and other cyberattacks has made the cybersecurity industry one of the fastest growing in IT. The industry is facing a skills shortage brought about by a jobs crisis, where according to recent estimates published by Deloitte, by 2022 there could be a global shortfall of 1.8 million cybersecurity professionals.

To a large degree, gender diversity is needed in the cybersecurity field simply to fill all the positions that are opening up, and supply needed skils.

Enterprise IT, government embrace diversity

Enterprises and government entities have begun to understand the importance of diversity in the workplace, including in cybersecurity teams, GISEC delegates said.

“Things are starting to change. The government and business are more conscious about the fact that you need diversity,” said Inass Farouk, marketing director at Microsoft in the UAE.

“If we don’t open the field to females, if you don’t attract them, then cybersecurity will suffer.”

Women are part of daily digital processes such as content creation and consumption, and  can offer different perspectives that can help address cybersecurity issues, said Nir Kshetri, a professor at the University of North Carolina-Greensboro. Other GISEC delegates agreed.

“Organizations have different needs, that’s why cybersecurity is a dynamic role. We don’t do the same work every day — diversity [is] beneficial for this role,” said Hessa Al Nahdi, CISO at the Abu Dhabi Department of Culture and Tourism.

Policies, practices to bring women into cybersecurity

What policies and practices can enterprises adopt to bring women into cybersecurity? Flexibility for women with families is key, said Heide Young, co-founder at Women in Cyber Security Middle East.

“We need business to engage with motherhood,” Young said, noting that even women don’t necessarily think ahead about enterprise policies toward women who are having children. “You don’t check these policies until you need them. When it affects you, then you (may have to) request a change to be made — maternity leave is really important.”

Just as important, enterprises should formulate programmes that help women re-enter the workforce, after they have taken time off, Young said.

“When you go away and come back are there policies for re-entering your position? We need return-to-work programmes, and that is something that is not being done,” Young said.

More women IT candidates are needed

Even employers who make a priority of diversity face a common problem: the lack of women job candidates.

“There are more men in the industry at the moment, pointed out Barry Martin, principal recruitment consultant, Cyber Security, and co-founder, Dubai Cyber Security Cluster. Thus, when he goes to hire someone, nine out of 10 candidates are men. To ensure that a candidate pool is diverse, a go-slow approach may be necessary, he said. Keeping diversity top-of-mind will help organisations be more deliberate about outreach to women.

“The discussion around diversity makes you be more cautious about the process of recruiting,” Martin said. “I think the only thing you can do is take some time to find the right profile — we don’t need to be fast.”

Cybersecurity should be promoted to girls

While the Middle East has a relatively good track record for bringing female students into STEM, efforts to recruit women into cybersecurity courses could be strengthened and more effort should be made in outreach to girls and young women, cybersecurity executives said.

“In the cyberworld, we are looking for investments in minds, investment in people,” said Abu Dhabi’s culture and tourism CISO Al Nahdi. “In education, we can do more.”

Outreach should start with girls, said Women in Cyber Security Middle East founder Young. Professionals can get girls excited about cybersecurity.

“Speak up, go to your schoolchildren and talk to the children about opportunities in cybersecurity. I pursued the passion on my own, there is not just one path to be a CISO, there are a lot but first you need passion, interest and curiosity,” Young said. “Make yourself a little bit uncomfortable every day, that’s when you learn, you grow and follow your passion.”

Security is an exciting field, and conveying a sense of dynamism to girls is important, agreed Al Nahdi.

“Security is a dynamic role, you keep accelerating your skills and knowledge and facing new challenges every day in order to support the new roles in cybersecurity and in order to know the new attacks,” Al Nahdi said. “Also, what I have seen is girls with capabilities running amazing projects. There are a lot of strong and intelligent women in business.”