5 Women in Cyber security Who Are Reshaping the Industry
5 Women in Cyber security Who Are Reshaping the Industry
According to LinkedIn Insights (March 2023), women in the cyber security field for UK and US is reported to make up 17% of cyber security professionals. Historical obstacles remain for women looking to join or move up in the massive global industry of security. In addition to the large gender disparity in cyber security, women in the field are compensated less on average than men. In 2021, the report also showed 29% of men said they earned between $50,000 and $99,999, while only 17% of women reported the same.
Cyber security needs more women, to build strong cultures of cyber resilience across the globe, employers should prioritise attracting, empowering, and retaining talented female cyber security professionals. Women in or aspiring towards cyber security roles represent an untapped reservoir of potential when it comes to the widening cyber security workforce gap.
Luckily, there are plenty of incredible women creating a path for a more diverse and inclusive industry in the world of security. Below we look at some of today’s most notable women in cyber security to learn how they’re reshaping the industry as we know it.
1. Chani Simms
Chani Simms is an award-winning cyber security leader, director of Meta Defence Labs and founder of SHe CISO Exec. platform. Chani is a passionate entrepreneur, C-level advisor, vCISO, auditor, Cyber Essentials assessor and specialist in helping organisations implement and manage information security and data protection programs. She has been an information technology enthusiast since the age of 19 and her various experiences and passion for the industry have led her to founding/co-founding new companies and initiatives, becoming a regular public speaker and being listed as one of the 50 most influential women in cyber security.
Impact on the cyber security industry: Founded SHe CISO Exec. to train information security professionals and create emotionally intelligent cyber security leaders.
2. Nicole Eagan
Nicole Eagan is Chief Strategy Officer and AI Officer of Darktrace. Her extensive career in technology spans 30 years working for Oracle and early to late-stage growth companies. Nicole identifies and shapes Darktrace’s strategic plan, leads the Company’s AI vision together with our CTO, and provides product strategy and direction.
Impact on the cyber security industry: Established Darktrace as the global leader of AI cyber defense by developing state-of-the-art AI algorithms that detect never-before-seen cyberattacks.
3. Jane Frankland
Jane Frankland is an award-winning entrepreneur, international speaker and best-selling author. She focuses on business strategy and high performance in cybersecurity and is a world authority on attracting and retaining women in this field. She has been named as the third most influential person in cybersecurity in the UK and a top twenty global influencer.
Jane has over 21-years of experience in cybersecurity, has built and sold her own global hacking firm and served in executive positions at leading cybersecurity consultancies. In addition to managing her own company and parenting three children, she is an awards judge and board advisor. She authors many articles, is regularly featured in the media, and is sought after as a keynote speaker.
Impact on the cyber security industry: Authored ‘In Security: How a failure to attract and retain more women in cybersecurity is making is all less safe,’ and created the IN Security movement – a global community that stands behind a mission to connect, teach and inspire more people in cyber security.
Subscribe To Our Newsletter
4. Lakshmi Hanspal
Lakshmi Hanspal is the Global Chief Information Security Officer of Devices & Services at Amazon. In this role, she leads Trust, Security and Safety for Amazon Devices and Services including consumer electronics, autonomous vehicles, satellites, and more.
Prior to joining Amazon, Lakshmi was the Global Chief Security Officer at Box. Before Box, Lakshmi was the Global Chief Security Officer at SAP Ariba. Lakshmi has also held leadership roles at PayPal and Bank of America.
Her career spans 23+ years in Information Security and risk management, with 16+ years in the financial and payment space.
Impact on the cyber security industry: Advocating for greater organisational cyber security buy-in and teaching leaders how to create organisational cultures of security built upon trust.
5. Erica Geil
Erica Geil is the Chief Information Officer (CIO) for Snyk, which helps businesses use open source code and stay fully secure. As a C-suite leader, Erica drives stellar results while building trust and collaboration across global, cross-functional teams such as Corporate Information Systems and Information Security.
Erica joined Snyk after an impressive decade with Groupon, and as its Vice President of Global Engineering and Operations she established the company as one of the world’s ten largest email senders. She accomplished this by leading marketing platform operations to attain zero downtime in 2018 while also reducing total annual consumer fraud losses by more than 40% for two years.
Impact on the cyber security industry: Erica helped organisations achieve scale by building high-performance teams, delivering innovative technologies, and fostering operational excellence. With guiding teams to find effective solutions through ambiguous challenges in dynamic environments.
Women in Cybersecurity Associations and Groups to Follow
- Women in CyberSecurity (WiCyS)
- Women’s Society of Cyber jutsu (WSC)
- CybHER
- WoSEC: Women of Cybersecurity
- Women in Security and Privacy (WISP)
- The SANS Women’s Immersion Academy
- Code Like a Girl
- International Consortium of Minority Cybersecurity Professionals (ICMCP)
- Women Leading Privacy (subset of International Association of Privacy Professionals)
- InfosecGirls
- WomenTech Network
While the gender divide in cyber security is clear, these women — and their contributions to the world of cyber security — are paving the way to ensure more gender inclusion in the future.
Embracing Equity for women in cyber security on International Women’s Day
Embracing Equity for women in cyber security on International Women’s Day
With International Women’s Day on the 8th March 2023. The International Women’s Day website states that this year’s theme is: #EmbraceEquity – “Imagine a gender equal world. A world free of bias, stereotypes, and discrimination. A world that’s diverse, equitable, and inclusive. A world where difference is valued and celebrated. Together we can forge women’s equality. Collectively we can all #EmbraceEquity.”
According to LinkedIn Insights (March 2023), women in the cyber security field for UK and US is reported to make up 17% of cyber security professionals.
Today, social inclusion and equality are two major issues. For example, many business sectors are still predominantly male, and the cyber security sector is no different. Beside a real interest from women to join the industry, according to Euronews Next, the sector appears to be falling behind when it comes to recruit women and retain them. Because of this, for International Women’s Day, here at Via Resource we wanted to draw a portrait of the women in the cyber security sector and shed light on several projects that honour women representation in the industry and encourage them to join the sector.
Did you know that the first modern computer invented in 1940 by Alan Turing was based on the work of Ada Lovelace, considered the world’s first computer programmer? What if we told you that 1940s and 1950s movie star Hedy Lamarr also was a brilliant scientist? Her work, considered a “secret communication system” received a patent in 1942, inspiring the invention of WIFI, GPS and Bluetooth. Since then, many women have conquered the tech industry and changed the face of our modern world.
The gender digital divide is present, with only 3% of females viewing a career in technology as their first-choice profession, according to PwC’s “Women in Tech: Time to close the gender gap” report. Only 27% of female students surveyed say they would consider a career in technology, compared to 61% of males. In addition to this, no more than 16% of females nationally are being recommended to consider a career in technology as opposed to 33% of males. Women aren’t considering technology careers as they aren’t given enough information on what working in the sector involves and because no one is putting it forward as an option to them.
Women have always been a part of the work force, but the reality is the proportion of women to men has fallen significantly. The 1990s were a key point in explaining this decline, and according to Isabelle Collet, the craze for IT and its rise made it a major stake for companies and they started to recruit men freshly graduated from universities. In the meantime the advent of personal computers, often exclusively marketed toward fathers and sons (like this ad for the computer Apple II in 1985) or the 80’s-90’s pop with movies like Weird Science, or War Games, idolising the image of the awkward geek boy genius using tech to save the world and win the girl, did probably not help attracting women toward the Tech industry.
However, the technology industry, now, seems to be closing the gender gap. The Deloitte Global study shows that the gender gap is reducing slowly, predicting that 25% of the sector will be female by the end of 2022. In addition, the report forecasts that leading technology companies will reach an average of almost 33% women in their total workforce by year’s end, an increase of two percent from 2019.
In the Forbes, The World’s Top 50 Women in Tech, three women stand out in Cyber Security including Katie Moussouris, Founder and CEO – Luta Security, Tal Rabin, Head of Research – Algorand Foundation and Limor Shmerling Magazanik, Managing Director – Tech Policy Institute. But what is rather satisfying is that the ranking highlights companies such as Girls Who Code, founded by Reshma Saujani, which aims to empower women through technology, and GoldieBox, founded by Debbie Sterling, which promotes engineering and construction toys for girls. Innovations like these are more than welcome at a time when the fight against the gender gap is even more prevalent.
Closing the gender gap is important in the cyber security world. But there are still many obstacles. The best way to encourage women to join the tech sector will undoubtedly be through information, career guidance and plenty of representation.
To support women looking at careers in the cyber security industry, the association “WiCys – Women in cybersecurity” is considered an excellent source for guidance. The programme provides several initiatives for women to receive career training, connect with other women around the world, as well as meet and learn from mentors. The European Union has also launched its own recruitment programme “Women TechEU“ described as “a new EU programme to support female-led high-tech start-ups and help them become the high-tech champions of tomorrow.”
The technology sector is booming, and women are making progress. They are leaders, mentors and supporters, breaking stereotypes along the way. Any initiative is crucial today to raise awareness on the fact that women are still discriminated against today, both in terms of salaries and in terms of promotions and even if it’s encouraging to see all the progress they have made, we are still a long way from the world imagined by IWD. But every initiative or project makes thing goes forward and all together we can still #EmbraceEquity.
Via Resource is very encouraged by this progress, and we embrace all the women who contributed to our company’s success!
Subscribe To Our Newsletter
Related Posts
Cyber security hiring remains strong amid big tech layoffs
Cyber security hiring remains strong amid big tech layoffs
On 20th January 2023, Google announced it would lay off 12,000 employees. Amazon and Microsoft have laid off a combined 28,000 people, Twitter has reportedly lost 5,200 people, Meta (Facebook) is laying off 11,000. This is just the tech giants, and almost all the staff looking for new positions are, tech-savvy and some include cyber security professionals.
Layoffs are not limited to the tech giants. Smaller cyber security vendor firms are also affected. OneTrust has laid off 950 staff (25% of employees), Sophos has laid off 450 (10%), Lacework (300, 20%), Cybereason (200, 17%), OwnBackup (170, 17%) and the list goes on.
However, the demand for cyber security talent has been accelerating for years, and employers are showing no signs of slowing down. That’s why it is more important than ever to build robust talent pipelines to ensure a safer digital world. We can’t leave gaps in organisations cyber security defenses simply because there is not enough trained workers to plug them.
The Growing Need for Cyber Security Experts
According to data from Cyber Seek, more than a million IT professionals are currently part of the cyber security workforce. This number has been steadily growing over the past few years. With more than 750,000 open cyber security positions across the US. In states such as Florida, Texas and California, there are anywhere between 25,000 and 83,000 job openings available.
The reason for this growing gap is simple: Cyber security threats are on the rise, and there aren’t enough skilled professionals to meet increasing demand. From the ongoing risks of ransomware to emerging attack vectors created by work-from-home policies and the adoption of anywhere, anytime resource access, companies now face a myriad of old and new threats that can quickly derail business operations.
Demand
According to new data from the National Initiative for Cyber security Education, the total number of employed cyber security workers held fairly steady in 2022 at around 1.1 million, while the number of online job postings edged down to 755,743 from 769,736 in the 12-month period ending in December 2022.
“Despite concerns about a slowing economy, demand for cyber security workers remains historically high. Companies know cybercrime won’t pause for a market downturn, so employers can’t afford to pause their cyber security hiring,” said Tor Macleod, Founder of Via Resource.
Demand for cyber security workers rose in both public and private sectors, where between 2021 and 2022, public sector cyber security demand grew 25% (45,708 job postings), while private sector demand grew at a rate of 21% (710,035 job listings). In the past three years, private sector cyber security demand has grown 36%, while public sector demand grew 58%.
Subscribe To Our Newsletter
Recruiting
Recruiting talent within cyber security is possible, but companies must consider looking beyond degrees and technical training to secure talent in the sector. Once recruited, organisations must develop and train existing employees as an ongoing process. This will reduce staff churn and promote the learning culture essential to mitigating cyber risk.
Utilising a specialist Cyber Security recruiter, has significant benefits for clients and candidates. In our recent article we highlighted some of the reasons that you ought to use a specialist recruiter and the benefits that you will gain from having done so.
Outsourcing will likely be more integral in organisational cyber security strategies, partnering with external companies or individuals with specific expertise that supplement existing internal capability to elevate their cyber security risk profile. This approach would also reduce pressure on internal teams during crunch periods and empower upskilling by providing time and headspace to develop new skills.
Related Posts
1020 cyber security professional’s actions and experiences when applying for a new role
1020 cyber security professional’s actions and experiences when applying for a new role
At Via Resource, we strive to provide a supportive service to our candidates and clients. As the world shifts and everyone becomes more online, Cyber Security as a profession has grown because there is more personal and sensitive data vulnerable to an attack. The rise of Cyber Security has had a huge impact on businesses as professional industries are scouring to hire Cyber Security talent to protect their online presence, assets and customer data.
Our research focuses on the current market to candidate’s views of how the recruitment process has changed, and to establish what candidates find attractive in employers and job opportunities. We carried out an industry survey from 22nd November 2022 – 5th December 2022, asking 1020 candidates their thoughts when applying for a new role.
Torquil Macleod, Founder and Director of Via Resource comments:
“We are incredibly grateful to all the candidates who took the time to complete our survey as we look to understand how the market has changed. The feedback gathered will help us to improve candidate experience and help inform our clients. We want to ensure candidates receive the best experience possible with quality support, advice and guidance from Via Resource to find their perfect role.”
Audience of the survey
Out of the 1020 professionals surveyed, 171 (16.8%) respondents were from the UK and 849 (83.2%) respondents were from the US. With the top three areas working in:
- Security Engineering & Architecture (35%)
- Governance, Risk & Compliance (27%)
- Network Security (21%)
The top three seniority of within their organisation follows:
- Manager, 8 years + (32%)
- Senior, 5 – 8 years (25%)
- Associate, 2 – 4 years (18%)

Changes within the market
Cyber security jobs are in high demand with 78% respondents believe there will be in increase in roles. However, 88% believe there is a cyber security skills gap, where a recent report Cyber Security in Focus, features responses from cyber security directors, security operations directors and VPs of product security in EMEA and North America. Where 87% of respondents admitted they are suffering skills shortages, with over a third (35%) claiming positions were left unfilled after a 12-week period. 60% of organisations also admitted they have been struggling with finding cyber security talent, and 52% reported difficulties with retaining employees. Meanwhile, seven out of 10 leaders worldwide say hiring women and new graduates are among their top three challenges.
Three areas identified by respondents to reduce the skills gap include:
- Attract talent (31.7%)
- Train and apply employee skills (28.9%)
- Encourage employees innovative thinking and practical ability (25.3%)
How Candidates Apply for A New Role
Cyber security professionals apply for roles in a mixture of ways with applying on a company website being the most popular channel with 54% of the candidates, is an unexpected for this to be the most popular when it was only 31% last year. However, the reason for this could be those applying directly to the company may be competing against a smaller pool of applicants, which will naturally decrease the competition. Also this helps delivers the applicants credentials to employers in their preferred format, as opposed to the one utilised by an external job site. Some organisations also provide more detailed information about job openings on their website, compared to the descriptions on job listing sites.
Using a recruitment Consultancy comes second, 53% of candidates reported finding un-advertised Cyber Security roles where hiring organisations have chosen to be more discreet. Candidates also preferred not having to negotiate salary package with potential employers, this part of the process made many applicants feel uncomfortable. Other ways of applying for a new role include using their own personal networks (42%), LinkedIn (35%) and job boards (11%).
44% of candidates surveyed checked company reviews before applying for a role, in particular Glassdoor. Cyber security professionals pay close attention to the ratings and reviews which can significantly influence whether they choose to move forward with the application process. On average candidates spend 21 minutes to complete each application.

What Candidates Want from An Organisation
When a candidate has applied for a role on average, they would expect a reply either within three working days (41%) or up to a week (39%) mentioning if they have been successful to the next stage or not.
If a candidate is successful to the next stage interviews, they are happy to incorporate phone and online interviews with the final stage to be in person interviews (16%). However, most candidates (41%) are only wanting to participate with online interviews due to technology allowing us to do so. After each interview stage it is important for candidates to receive detailed feedback with 42% of candidates strongly agreeing and 42% agreeing. This is an incredibly important statistic as the importance of employer branding and candidate experience is hugely important in today’s employment market. The ideal number of interview stages is seen to be three to four depending on the seniority of the role, this is to avoid interview fatigue for both employers and candidates.
What candidates want within the role
We asked 1020 cyber security professionals if they had to rank the most important thing, they look for in a new role the sequence is as followed:
- Salary/day rate
- Career progression
- Employee Benefits
- Workplace Culture/Environment
- Skills
- Job responsibilities
- Job Title
- Training
Salary is regarded as one of the most important factors while making a choice between roles, therefore putting salary ranges in job advertisements may give organisations a competitive advantage when trying to attract candidates. That’s because most candidates look first at a position’s compensation and benefits when scanning a job posting, then at the job’s required qualifications and skills.
Even with training being the lowest importance to candidates 95% of candidates surveyed would be happy to take on additional training to learn skills (1% more than last year).
Job Benefits
When an organisation provides company benefits, this helps recruit and retain the best employees, boost morale and improve company culture and benefit from a more productive workforce. Therefore, when candidates apply for a role, they would be looking at the benefits package which could be a way to differentiate one organisation to its competitors. Due to COVID-19, the working culture has changed by providing a more flexible working culture which is important to candidates (36%) and the ability to work from home (23%). Where technology is enabling businesses to continue to function, communicate effectively and maintain positive morale through video conference calls, virtual coffee catch ups and screen-to-screen team socials.
As employees spend most of their time working, offering a health program is crucial. Health benefits can improve overall productivity at work, reduce absenteeism, improve dietary habits of employees, and promote positive behavioural patterns. This is why candidates have chosen other benefits including health insurance (45%), employee rewards platform (38%), bonus scheme (34%) and gym membership/wellness programme (29%).

Conclusion
Several new insights into the individuals working in and applying for cyber roles, the cyber security skills gaps that affect employers, and the challenges that organisations face when it comes to training and recruitment. The main lessons we draw are as follows:
- Skills gap – The skills gap presents significant challenges to organisations attempting to stay ahead of the cyber risk landscape. It is expected organisations to focus on hiring and retaining niche cyber talent along with outsourcing strategies to remain agile and optimise operational processes in 2023.
- Education – Schools, universities and training providers to give a holistic skillset, covering the relevant technical skills and soft skills that employers demand, and the ability to implement those skills in a business context. Plus organisations to support existing talent through ongoing training.
- Support – Burnout is rampant today at many organisations, especially when there is such a shortage of skilled people, it’s easy for anyone unhappy to leave and find a better opportunity elsewhere. However, there are also critical cyber security needs that must be met.
- Recruitment – Sourcing the right talent at the right time can prove arduous for any company. But the process becomes even more challenging when you work within a niche industry or sector. In these situations, a specialist recruiter can help find the perfect candidate for a hard-to-fill role.
This insight gained from information and cyber security professionals shows the new thinking when applying for a cyber security role. Which in turn helps Via Resource when speaking to organisations to guide them with the best job packages, interviewing process and onboarding successfully where candidates can fit perfectly into the role.
Related Posts
What Penetration Testers should expect in 2023
What Penetration Testers should expect in 2023
Companies usually appoint cyber security consultancies to conduct processes like Web App and Network penetration tests, to give a clear idea of where some of their current threats and weaknesses lie. The current trends in penetration tests will better help organisations understand the impact of changing variables on the organisation’s cyber infrastructure. With information to help strengthen IT security and make the network more resilient to malicious activities.
What Can We Expect in Cyber-Attacks This Year?
-
- Targeted attacks are presenting no signs of declining as attackers as hackers become more sophisticated with their approaches to infiltrating networks. Due to this, there will also be a better need to instruct both those working in cyber security as well as general users trying to safeguard and protect their information secure from falling into the wrong hands.
- Expect additional attacks against mobile gadgets as more and more users expand their list of active devices with increased usage in mobile apps on phones and tablets. Users will have extra points of entry to be concerned about and keep their additional devices in mind when protecting against attackers.
- A growing increase in successful malware deployment and ransomware attacks as they are proving to be more and more lucrative for cyber criminals. Therefore, companies and individuals will need to be increasingly vigilant in safeguarding their crucial information and networks from such kinds of threats.
How to transform the cyber security landscape in 2023
Proactive cybersecurity measures such as pen testing
Organisations’ are likely to increase the use of proactive measures like penetration testing and vulnerability scanning to assist in identifying their possible weak points. Firms can lose millions due to a successful security breach, resulting in senior management and leadership teams paying more attention to preventative and proactive services under the penetration testing remit.
One of the areas organisations are increasingly investing in is the deployment of testing services with more companies providing bespoke and advanced testing services such as such as red teaming and continuous security testing.
Using mobile devices as a target
Nearly two-thirds of people own and use smartphones, and several companies have created websites or applications that work on these gadgets. As a result, hackers and malicious actors are attempting to compromise users via their mobile devices.
Security professionals are always looking at the tactics, techniques, and procedures of their black hat adversaries to develop their own war chest to best protect their customers and minimise their chances of being successfully attacked.
However, increased security awareness training and more investment in device security can play a key role in ensuring an organisation and it’s users maximise their capacity for self-defence.
Subscribe To Our Newsletter
Supply-chain disruptions
As we’ve seen recently attacks on supply chains are becoming increasingly popular among hackers and this looks set to continue. Hackers are aware that third-party software used by huge corporations is less secure than these large organisations and that third-party software can be easily exploited and utilised to get access to more renowned well equipped companies and their infrastructure.
The rising possibility of Artificial Intelligence (AI)
The application of Machine Learning (ML) in cybersecurity is spreading quickly and taking on a more predictive character. Cyber security is becoming both more effective and less expensive at the same time, thanks to ML and computer-assisted security solutions. With the assistance of algorithms, ML makes patterns from an enormous dataset. In this manner, it can foresee and react to ongoing attacks in real time. Building automated security systems, Natural Language Processing (NLP), facial identification, and autonomous threat detection have all benefited greatly from AI. It is also used to create smart malware and attacks that get through the most recent and complex data security detection mechanisms. Threat detection systems with AI capabilities can anticipate new attacks and immediately alert administrators to data breaches.
Cloud might be vulnerable
Since most organisations are now cloud-based, security measures must be constantly reviewed and updated to protect against data leaks. Although cloud apps currently have robust cybersecurity measures in place, dangerous malware, phishing scams, and other problems often originate at the user end.
The world we are living in is rapidly changing as we’re seeing an increased rate of technological change and adoption. This leaves organisations in a more vulnerable situation, with an increased chance that their data might end up in the hands of the wrong people. Organisations must take all the necessary steps to protect themselves as well as avoiding any costly consequences in the future.
The Cyber Security Skills Gap In 2023
The Cyber Security Skills Gap In 2023
Cyber security continues to be a significant threat for governments, businesses and individuals worldwide. Cybercriminals have become increasingly sophisticated from supply chain disruptions to ransomware attacks and the threat landscape more diverse. These cyber security challenges are compounded by a workforce shortage; there simply aren’t enough people with the cyber security skills needed to fill open jobs.
The cyber security skills shortage presents significant challenges to organisations attempting to stay ahead of the cyber risk landscape. It is expected organisations to focus on hiring and retaining niche cyber talent along with outsourcing strategies to remain agile and optimise operational processes in 2023.
The current skills gap is estimated at 3.4 million according to the (ISC)² Cyber security Workforce Study. Securing the teams necessary to tackle the growing information security threat landscape will require a creative approach. Where, by 2025, there will be 3.5 million cyber security jobs open globally, representing a 350% increase over an eight-year period, according to Cyber Security Ventures.
Recruiting
Recruiting talent within cyber security is possible, but companies must consider looking beyond degrees and technical training to secure talent in the sector. Once recruited, organisations must develop and train existing employees as an ongoing process. This will reduce staff churn and promote the learning culture essential to mitigating cyber risk.
Utilising a specialist Cyber Security recruiter, has significant benefits for clients and candidates. In our recent article we highlighted some of the reasons that you ought to use a specialist recruiter and the benefits that you will gain from having done so.
Outsourcing will likely be more integral in organisational cyber security strategies, partnering with external companies or individuals with specific expertise that supplement existing internal capability to elevate their cyber security risk profile. This approach would also reduce pressure on internal teams during crunch periods and empower upskilling by providing time and headspace to develop new skills.
Addressing the skills gap
In the (ISC)² Cyber security Workforce Report, addressing the skills gap remains a top concern for C-level executives and is increasingly becoming a board-level priority. 88% of organisations with a board of directors reported that their board asks questions specifically about cyber security, while 76% have a board of directors that has recommended increases in IT and cyber security headcount.
The research demonstrated that training and certifications are critical, with 95% of leaders believing that tech-focused certifications positively impact their role and their team. 91% of respondents expressed willingness to pay for an employee to achieve cyber certifications, while 81% of leaders prefer to hire people with certifications. A major reason for certifications being highly regarded is due to their validation of increased cyber security knowledge and awareness.
Women In Cyber Security
Women represent only 25% of the global cyber security workforce in 2021, up from 20% in 2019, and around 10% in 2011. Where it is expected a steady increase in the number of women filling cyber security jobs over the next decade — which will help shrink the skills gap even further. Deloitte Cyber recently introduced a global awareness and recruitment campaign to attract more women with diverse skill sets and backgrounds into the cyber profession.
Cyber security Ventures predicts that women will represent 30% of the global cyber security workforce by 2025, and that will reach 35% by 2031.
If you are looking for your next cyber security employee, get help from the experts. Hiring Cyber Security professionals can help you store and protect your valuable business information and ensure it is secure and backed up in the event of a breach or cyberattack. This is where Via Resource can help to build your highly functional security team.
Subscribe To Our Newsletter
Related Posts
Information and Cyber Security Trends 2023
Information and Cyber Security Trends 2023
Despite security teams’ efforts, the cyber security landscape seems to get worse every year. Our experts at Via Resource share their top cyber security trends that will help security leaders to strengthen their organisation’s security posture in 2023 and beyond.
1. Ransomware
The new research by PwC revealed that technology executives anticipate increasing ransomware attacks in the year 2023. Ransomware usually includes infecting gadgets with a virus that locks files away behind firm cryptography and threatens to demolish them unless a ransom is paid, generally in the shape of untraceable cryptocurrency. On the flip hand, the software virus may terrorise publishing the data publicly, leaving the company liable to massive fines.
Ransomware is naturally deployed via phishing attacks – where workers of an organisation are tricked into offering details or clicking a link that downloads the malware or ransomware software onto a system. But, currently, a direct infection via USB devices by folks who have physical access to gadgets is becoming ever more common. Education is a highly effective means of tackling this risk, with research revealing that employees who are aware of the threats of this kind of attack are nine times less likely to fall prey.
2. Impact of remote working
Recently, a cyber security priority for many organisations has been to secure devices that are being used for home and remote working since the start of the pandemic. Pre-pandemic, a large majority of employees were office-based, making it simple for IT departments to regularly check and update company laptops and smartphones. Making it relatively simple to ensure they were free of spyware and malware whilst running the latest versions of anti-virus software with any other preventative measures. In 2023, employees are more likely than ever to use personal devices to remotely connect to work networks and a new set of challenges has emerged.
Connecting to networks with non-secured devices can lead to employees unwittingly falling victim to phishing attacks, where attackers trick users into divulging passwords. With more people working remotely, it’s increasingly likely to risk falling for impersonation scams. Enabling ransomware attacks, where software is injected into networks that erase valuable data unless users pay a ransom to attackers. The risk of this also increases in remote working situations, where it’s more likely that devices may be left unattended.
3. The rise of the skills shortage
A recent report Cyber Security in Focus, states 87% admitted they are suffering a skills gap, with over a third (35%) claiming positions were left unfilled after 12 weeks. 60% of organisations also admitted they have been struggling with finding cyber security talent, and 52% reported difficulties with retaining employees.
There’s no way to bridge the cyber security skills gap overnight, we have listed four way organisations can start making progress today in our article: 60% Of Global Leaders Struggle To Recruit Cyber Security Talent Due To A Skills Shortage.
As the Cyber Security market continues to grow, there remains a constant need for exceptional cyber professionals and as such, the market has continued to have a constant flow of new positions. Utilising a specialist Cyber Security recruiter has significant benefits for clients and candidates. In our recent blog, we highlighted some of the reasons that you ought to use a specialist recruiter and the benefits that you will gain from having done so
Subscribe To Our Newsletter
4. Artificial intelligence (AI)
As the number of attempted cyberattacks has grown rapidly, it has become increasingly tricky for human cyber security experts to react to them all and predict where the most dangerous attacks will take place next. This is where AI comes into play. Machine learning algorithms can examine the vast amount of data moving across networks in real-time far more effectively than humans ever could and learn to recognise patterns that indicate a threat. According to IBM, companies that use AI and automation to detect and respond to data breaches save an average of $3 million compared to those that don’t.
Unfortunately, due to the ever-growing availability of AI, hackers, and criminals are growing increasingly proficient at using it too. AI algorithms are used to identify systems with weak security or that are likely to contain valuable data among the millions of computers and networks connected to the internet. It can also be used to create large numbers of personalised phishing emails designed to trick receivers into divulging sensitive information and become increasingly good at evading automated email defence systems designed to filter out this type of mail. AI has even been used to artificially “clone” the voice of senior executives and then to fraudulently authorise transactions.
Hackers and security agents race to ensure the newest and most sophisticated algorithms are working on their side rather than for the opposition. It’s been predicted that by 2030 the market for AI cyber security products will be worth close to $139 billion.
5. Building a security-aware culture
Perhaps the most important step to be taken by any organisation is to ensure that they are working towards initiating and fostering a culture of awareness around cyber security issues. Currently, it’s not good enough for employers or employees to simply think of cyber security as an issue for the IT department to take care of. Developing an awareness of the threats and taking basic precautions to ensure safety should be a fundamental part of everyone’s role in 2023.
Phishing attacks rely on “social engineering” methods to trick users into divulging valuable information or installing malware on their devices. No one needs technical skills to learn to become aware of these types of attacks and to take basic precautions to avoid falling victim. Likewise, basic security skills like the safe use of passwords and developing an understanding of two-factor authentication (2FA) should be taught across the board and continually updated. Taking basic precautions like this to foster a culture of cyber security awareness should be a core element of business strategy at organisations that want to ensure they build resilience and preparation over the coming 12 months.
6. IoT Security
The more devices we connect within a network, the more potential doors and windows exist that attackers can use to get in and access our data. Where in 2023, analysts at Gartner predict, there will be 43 billion IoT-connected devices in the world.
IoT devices – ranging from smart wearables to home appliances, cars, building alarm systems and industrial machinery, have often proven to be a worry for those with responsibility for cyber security. This is because, as they are often not used to store sensitive data directly, manufacturers haven’t always been focused on keeping them secure with frequent security patches and updates. That has changed recently, as it’s been shown that even when they don’t store data themselves, attackers can often find ways to use them as gateways to access other networked devices that might.
In 2023, several governmental initiatives around the world should come into effect designed to increase security around connected devices, as well as the cloud systems and networks that tie them all together. This includes a labelling system for IoT devices set to be rolled out in the US to provide consumers with information on possible security threats posed by devices they bring into their homes. Plus, the European Cyber Resilience Act introduces common cyber security rules for manufacturers, developers and distributors of products with digital elements, covering both hardware and software.
7. Cloud service attacks
Both remote and on-site workplaces now lean heavily on every cloud service. Remote work has enhanced cloud security concerns, yet the threats transcend beyond the move to distributed employees. Threats count API vulnerabilities as well as traditional software issues. Flaws in the configuration as well as integration, counting authorisation, and authentication, of one cloud service, can bring about broader issues. For instance, cyber attackers are leveraging vulnerable PaaS (Platform as a Service) products to extend the reach of their ransomware or malware. The rewards of the cloud are sometimes enough to outweigh the threats. Using a programmatic approach, a company can reduce the threats of increasing cloud operations and build a foundation for a safe and sound future.
If you are looking for your next cyber security employee, get help from the experts. Hiring Cyber Security professionals can help you store and protect your valuable business information and ensure it is secure and backed up in the event of a breach or cyberattack. This is where Via Resource can help to build your highly functional security team.
The European Cyber Resilience Act
The European Cyber Resilience Act
On 15 September 2022, the European Commission published its proposal for a new Regulation that sets out cyber security related requirements for products with “digital elements”, known as the proposed Cyber Resilience Act (the CRA).
Hardware and software products are increasingly subject to successful cyberattacks, leading to an estimated global annual cost of cybercrime of €5.5 trillion by 2021. The CRA introduces common cyber security rules for manufacturers, developers and distributors of products with digital elements, covering both hardware and software. The rules seek to ensure that: (i) connected products and software placed on the EU market are more secure; (ii) manufacturers remain responsible for cyber security throughout a product’s life cycle; and (iii) consumers are properly informed about the cyber security around the products that they buy and use.
Such products suffer from two major problems adding costs for users and society:
- A low level of cyber security, reflected by widespread vulnerabilities and the insufficient and inconsistent provision of security updates to address them.
- An insufficient understanding and access to information by users, preventing them from choosing products with adequate cyber security properties or securely using them.
While existing internal market legislation applies to certain products with digital elements, most of the hardware and software products are currently not covered by any EU legislation tackling their cyber security. In particular, the current EU legal framework does not address the cyber security of non-embedded software, even if cyber security attacks increasingly target vulnerabilities in these products, causing significant societal and economic costs.
Two main objectives were identified aiming to ensure the proper functioning of the internal market:
- Create conditions for the development of secure products with digital elements by ensuring that hardware and software products are placed on the market with fewer vulnerabilities and ensure that manufacturers take security seriously throughout a product’s life cycle.
- Create conditions allowing users to take cyber security into account when selecting and using products with digital elements.
To combat these growing cyber security costs and address vulnerabilities, the Commission notes four specific goals for the Cyber Resilience Act:
- To ensure manufacturers improve the cyber security of covered products throughout the whole life cycle.
- To create a single, coherent framework for cyber security compliance in the EU.
- To increase the transparency of cyber security practices and properties of products and their manufacturers.
- To provide consumers and businesses with secure products ready for use.
Torquil Macleod, Director and Founder of Via Resource states, “many of the essential cyber security requirements simply mirror good practice and therefore many companies will not have significant work to do in this regard. The only two complex pieces are:
- Working out which type of conformity assessment products may require and producing/updating a raft of policies, procedures and other documentation required by the CRA.
- Reporting obligations under the CRA will add burden to companies already facing reporting requirements under data protection law, the NIS Directive and other sector-specific legislation. Reporting obligations placed on distributors and importers may also create tension in the supply chain and during contract negotiations as manufacturers will undoubtedly be nervous about distributors and importers reporting products’ potential vulnerabilities to market surveillance authorities.”
Subscribe To Our Newsletter
What about the UK?
As the UK is no longer a member of the EU, it will not be bound by the new rules. However, the UK is in the process of passing a similar piece of legislation called the Product Security and Telecommunications Infrastructure Bill (PSTIB). The PSTIB is currently at the report stage in the House of Lords meaning that the Bill has almost completed its legislative passage. The PSTIB includes a power for the Secretary of State to specify security requirements relating to relevant connectable products and places obligations on manufacturers, importers and distributors about those security requirements. Sanctions for non-compliance with the PSTIB are similarly high, up to the greater of £10 million or 4% of worldwide revenue over the most recent complete accounting period.
The Regulation will impact a broad range of parties in the technology supply chain, who should consider how the additional cyber security requirements will impact their manufacturing and distribution processes. Whilst most of the obligations will come into effect 24 months after entry into force, manufacturers will only have twelve months to comply with the CTA’s reporting obligations.
Related Posts
60% of global leaders struggle to recruit cyber security talent due to a skills shortage
60% of global leaders struggle to recruit cyber security talent due to a skills shortage
80% of organisations suffered one or more breaches that could attribute to a lack of cyber security skills and/or awareness. It’s no secret that companies are facing a huge cyber security talent shortage. Unfortunately, speaking about the cyber security skills gap has not increased the cyber workforce and will not. Most cyber security professionals (95%) believe the skills gap has not improved over the past few years, and nearly half (44%) believe it has gotten worse, according to research from Information Systems Security Association (ISSA).
Cyber Magazine reported there are around 1.1 million people employed in cyber security in the US, however this is over 700,000 unfilled positions currently available. Worldwide, the cyber workforce shortfall is approximately 3.5 million people.
The Fortinet, 2022 Cybersecurity Skills Gap Global Research Report saw 60% of global leaders struggle to recruit cyber security talent and 52% struggle to retain qualified talent. 67% agree there is a shortage of qualified cyber security candidates which creates risks for their organisation with 76% board of directors now recommends increases in IT and cyber security headcount. 88% reporting that their board now asks questions specifically about cyber security.
To understand the four main issues on why cyber security leaders, see a skills shortage within their organisation, we have dived into this – 87% Of Cyber Security Leaders See A Skills Shortage Within Their Organisation.
Organisations making a difference
- Microsoft launched a national campaign within the US community colleges to help place 250,000 people into the cyber security workforce by 2025, representing half of the country’s labour shortage.
- Google ran a full-page ad in The Wall Street Journal stating they are training 100,000 Americans for vital jobs in data privacy and security, through the Google Career Certificate program.
- IBM is training 150,000 people in cyber security skills over the next three years, and they will partner with more than 20 historically black colleges and universities to establish cyber security leadership centres to grow a more diverse cyber workforce.
Four ways organisations can address the cyber security skills gap
There’s no way to bridge the cyber security skills gap overnight, but organisations can start making progress today by doing the following three things:
- Tap into underrepresented communities.
Having a diverse and inclusive workplace is important not only ethically but also for improving employee morale, boosting innovation, and enhancing business success. Therefore, prioritise outreach to overlooked communities, where you can educate members of these communities on the incredible variety of opportunities in cyber security and show them how they can join the workforce. We have set out practical steps that organisations can take to embed diversity and inclusion in the workplace.
- Build skills primarily in-house
Organisations can tap into a much larger pool of workers if they relax job requirements and instead plan on building cyber skills internally by providing training, education, and certification support for new employees to help get them up to speed. Enable new graduates and people transitioning from other careers that have an interest in and capacity for cyber security to learn and grow.
- Support your existing talent
Burnout is rampant today at many organisations, especially when there is such a shortage of skilled people, it’s easy for anyone unhappy to leave and find a better opportunity elsewhere. However, there are also critical cyber security needs that must be met. Here are some strategies for supporting your existing workforce so they’ll be less likely to leave:
- Whenever feasible, automate routine tasks — especially those that are repetitive and boring or high stress. This helps reduce your labour needs and gives your employees interesting, lower-stress work to do.
- Consider using managed security services, particularly for off-hours monitoring, analysis, and incident response. Small organisations may want to outsource most of their security services altogether to reduce their need for dedicated cyber security staff and instead train their IT personnel to also handle occasional cyber security tasks.
- For particularly stressful or demanding positions, consider the possibility of job rotation. An example is rotating security operations personnel to a non-operations position after 12 or 18 months. This can help prevent burnout and allows people to build additional skills, making them more valuable to your organisation.
- When your employees are taking time off, sick leave or otherwise, let them be off work. Everyone needs a break from work; expecting employees to keep checking in with work while they’re off – and especially being on call or performing operational support — is unfair to them and will certainly foster resentment. This may be a major culture change for your staff but it’s likely to be well worth it, both for retaining existing staff and for attracting new employees.
- Working with a specialist recruiter
As the Cyber Security market continues to grow, there remains a constant need for exceptional cyber professionals and as such, the market has continued to have a constant flow of new positions. Utilising a specialist Cyber Security recruiter, has significant benefits for clients and candidates. In our recent article we highlighted some of the reasons that you ought to use a specialist recruiter and the benefits that you will gain from having done so.
Subscribe To Our Newsletter
Candidate Journey and Demand
Via Resource also dived into the UK Cyber Security market to understand the level of demand for good candidates and whether the skills gap does exist. We had the opportunity to speak first-hand to candidates to find out their views on how the recruitment process has changed and to establish what candidates find attractive in employers and job opportunities. Overview of the results:
- How candidates apply for a new role
Cyber security professionals apply for roles in a mixture of ways with LinkedIn being the most popular channel with 96% of the candidates initially discovering jobs or performing job related research via this channel. Using a recruitment consultancy comes second, 45% of candidates reported finding un-advertised Cyber Security roles where hiring organisations have chosen to be more discreet. Candidates also preferred not having to negotiate salary package with potential employers, this part of the process made many applicants feel uncomfortable. Other ways of applying for a new role include Indeed (31%), company website (31%), using their own network (18%), Jobsite (16%) and Total Jobs (16%).
- What Candidates looking for in their role
We asked Cyber security professionals if they had to rank the most important thing, they look for in a new role the sequence is as followed:
- Remuneration
- Job Title
- Job Benefits
- Career Progression
- Job Responsibilities
- Skills
- Training
Even with training being of the lowest importance to candidates 94% of candidates surveyed would be happy to take on additional training to learn skills.
The Cyber Security Skills Gap And How To Attract Candidates
If you are looking for your next cyber security employee, get help from the experts. Hiring Cyber Security professionals can help you store and protect your valuable business information and ensure it is secure and backed up in the event of a breach or cyberattack. This is where Via Resource can help to build your highly functional security team.