“How many of you here have a computer science degree?” A little over half of the women (and men) at Executive Women’s Forum Meet & Greet at RSA in San Francisco in February 2017 raised their hand. As one person pointed out, this shows you can be successful in cybersecurity without a computer science degree.
Cybersecurity is not just about technologies, although, of course, technologies are key to enhancing the efficiency and effectiveness of solving cybersecurity problems. Cybersecurity is about people. It is about the safety and security in both the physical and cyber domains, and where those domains intersect. In the 21st century, information technology (IT) and cybersecurity underpin almost every single aspect of our personal lives and governmental activities, from business operations and risk management to diplomacy, finance, law, medical services, national security, utilities and technical innovations. Cybersecurity is like the key to your home or the brakes in your car.
Every single country struggles with the shortfall of cybersecurity professionals. Over 209,000 cybersecurity jobs in the U.S. were unfilled as of March 2015. In Japan, where I am from, there was a shortage of about 80,000 cybersecurity professionals, and 160,000 professionals needed additional training to perform their mission fully in 2014.
To overcome this shortage, we need to bring in more women and diversified skill sets. Half of IT users are women. Gender imbalance in tech has been an issue since at least 2005, according to Deloitte Global. Yet, Deloitte expected that fewer than 25 percent of the employees working in the IT sector of developed countries by end of 2016 were women. Only 11 percent of the information security workforce are women in the United States, whereas female engineers account for 20 percent of information and communication technology (ICT) workforce in Japan.
This trend is especially alarming to Japan, where the Summer Olympic Games will be held in Tokyo in 2020, and security professionals are crucial to ensure the success of the event, build national cybersecurity capabilities, and leave a positive cybersecurity legacy beyond 2020. In 2016, the Japanese government estimated that the country is short 132,060 cybersecurity professionals, and the number is expected to increase to 193,010 in 2020. To fill in the gap, new talents need to be educated, recruited, hired and retained.
Although the United States has been struggling with diversity in IT and cybersecurity, the country launched several initiatives to further diversify. In 1994, the Anita Borg Institute created an annual conference for women in IT, Grace Hopper Celebration of Women in Computing, named after U.S. Navy Rear Admiral Grace Hopper, who was one of the first cybersecurity career professionals and coined the term “computer bug.”
The Japanese gradually started trying to reach out to women in IT or ICT. Japanese industry people launched Capture-the-Flag for Girls (CTF for Girls) a few years ago to invite young women who are interested in cybersecurity to create a community to ask tech questions. The National center of Incident readiness and Strategy for Cybersecurity, responsible for national strategies and policies, and American Chamber of Commerce Japan (ACCJ) annually hold the Cyber Halloween career talk on October 30 to bring in young talent to the field. The 2015 Cyber Halloween held the first panel consisting of female speakers from the government and industry sharing their advice about and journey on the cybersecurity career path. In February 2017, the Tsuda College, a prestigious college for women in Tokyo, hosted an epic event, Organizational Support for Leadership Development of Women in ICT, to discuss what kind of organizational support is available for female ICT researchers. Dozens participated locally and internationally – both men and women.
These are all promising signs, and we need to go further. Outlined below are recommended actions Japanese academics, government officials and business leaders should take:
- Ensure the next Cybersecurity Program for Human Resources Development in 2017 and future governmental initiatives to raise the importance of diversity and encourage both men and women to be part of the cybersecurity human resources development ecosystem: education, recruiting, hiring and retention.
- Japanese academia, government and businesses should help young women who are interested in cybersecurity get connected with their peers overseas via Girls Who Code and conferences for mentorship and networking.
The Japanese have a clear deadline to enhance their national cybersecurity capability and make Tokyo 2020 successful. Since this is a national project and part of a global effort, it is a golden opportunity for Japan to create new teams with various skill sets and perspectives.
Since joining the Japanese Ministry of Defense, a U.S. graduate school to earn an international relations (security) and economics degree, a U.S. think tank, a Japanese tech company, and various U.S. tech companies, I have always been a minority. I enjoy security and like learning about people and the challenges surrounding security. Being a minority is a strength because you can offer different insights. You can pave the way and bridge the gap for other people from your community, country or culture.
There is no single way to get into this important and exciting field. Even if you do not have “cybersecurity” in your job title, degree, or certificate, it does not mean you cannot get a cybersecurity job. I only got the word in my job title five years ago. Cybersecurity is about everything and for everybody. All of my professional and academic experiences and all of the people I have worked with have helped me obtain cybersecurity insights and jobs. I am truly grateful.
Remember, especially as we celebrate International Women’s Day this month, you are not alone. I will do my part and look forward to seeing you at future conferences or perhaps even working with you as a colleague.