Bringing more women into the cybersecurity workforce and talent pool is an essential part of solving the skills and threat challenges. Women-only cybersecurity programs, particularly in Africa, are critical to achieving this, the opening Global Voices session at ISC2 Security Congress heard today.

Confidence Staveley, executive director of the Cybersafe Foundation, drove home the importance of women-focused programs and initiatives in a session titled The Inclusive Algorithm: How Women-centric Cyber Initiatives Catalyze Diversity. Confidence Staveley Day 1 Security Congress 2023

The organization offers a variety of programs across Africa, including its one-year CyberGirls Fellowship to equip girls and women with cybersecurity skills, get them certification ready, as well as position them to start a career in cybersecurity.

She said that 75% of the global cybersecurity workforce is currently male, while in Africa it is 91% male. Meanwhile, 57% of organizations reported unfilled cyber positions, with total losses to cybercrime amounting to $3 trillion.

“We cannot manage our way out of this crisis. We have to get creative. We have to be bold and we have to lead our way out of this crisis,” she said. That means thinking outside of “our comfort zone”, she continued, and that comfort zone has included not paying enough attention to diversity. Cybersecurity has even higher levels of gender exclusion than other sectors, she said.

Overcoming stereotypes

One challenge was an assumption that the sector was “techie” and more suited to “able-bodied men”, while women were more suited to “caring” professions or service roles.

But, she suggested, “I don't know that in cybersecurity, what we do is carry racks of servers everywhere around the office.”

This isn’t just a question of equity, Staveley said. The industry worldwide needs to foster diversity as it will “Help us solve problems innovatively. It unlocks the potential to think in different dimensions, in different directions. And to enable us to be able to solve unique problems.”

And it was worth remembering, she said, “Our attackers…are not from one part of the world. They don’t look a certain way. They’re quite a mix.”

This was an issue around the globe, she said. But young women and girls in Africa faced additional challenges. A family with limited resources might only be able to afford one computer, to which boys are more likely to get access. A young man getting ready for work, or study, will get up, wash, have breakfast, then leave the house, she said. His sister may well have had to go to the spring to fetch the water, fetch firewood, make breakfast and serve her brother, “And then she goes to the hall [where] we’re training her.”

Success from empowering

Staveley cited a number of successful graduates from her organization’s programs, pointing out that their success benefits their families as well. “When you empower a woman, you actually raise a generation.”

So, it was in the industry’s interests to not just look at how it could foster diversity in general, but also “to create equity and belonging by zooming in on underrepresented groups and women focused cybersecurity capacity building programs.”

As well as supporting initiatives like Cybersafe, which is looking to increase its reach, including to cover Francophone countries, the industry needs to consider the full range of ways it can attract, retain, engage and empower young women in cybersecurity. This could range from “captivating social media storytelling” and selling cybersecurity as a career, to dedicated talent placement programs, global mentorship programs and providing infrastructure support.”

This journey will require “intentionality,” Staveley said, but there was also an urgency about this. That’s because at the current rate of progress, it will take 130 years to close the global gender gap in the cybersecurity sector.