Even as women have made dramatic advances in medicine, law, and other fields, the proportion of women pursuing undergraduate degrees in the computer sciences has actually been dropping, from around 30 percent in 1990 to 18 percent in 2010, according to the latest data from the National Science Foundation. As a result, according to the Census Bureau, women accounted for just 27 percent of computer science professionals down from 34 percent in 1990.
And it's even worse in the information security field. According to latest research, such as the 2013 (ISC)2 Global Information Security Workforce Study, only 11 percent of infosec professionals are female.
There are a number of barriers preventing women from entering or staying in the field, but both companies and women would benefit in an increase in the numbers, and companies and industry groups are working to turn things around.
Barriers to entry, barriers to retention
According to Julie Peeler, foundation director of the International Information Systems Security Certification Consortium (ISC)2 there's a perception that women aren't good at math, science or technology, and it is this perception that is steering girls away from entering these fields. At least, in some countries.
"When I talk to women in Africa or Asia, this is not an issue at all," said Peeler. "There is something going on culturally in Western culture that we need to get our finger on and address as a community."
This is unfortunate, she said, because the U.S. information security industry currently has 30,000 open positions with nobody to fill those jobs. "And the gap is growing wider and wider," she said, explaining that 300,000 new jobs will be created next year.
Doubling the number of women in the field from 11 to 22 percent would complely close the gap, she added.
Increasing the number of women studying computer science would help. So would more exposure to job possibilities in information security.
For Jewel Tempe, who now manages two security research teams at HP, the main barrier to entry was her lack of awareness of the field.
"I didn't set out to get into security," she said, explaining that her background was in IT. "I got into security about eight years ago by accident. A job opportunity was available at a previous employer, I took it, and I haven't left security since."
The shortage of women in the field creates a vicious cycle. The profession is seen as unwelcoming by women first choosing a career. And women who are already in the profession can find themselves singled out and stereotyped. That, in turn, makes women feel devalued and passed over for promotions, and means that they are more likely to leave their companies, according to a recent report from the Anita Borg Institute.
"Being a woman in security has certainly been a unique experience," said Caroline Wong, security initiatives director at Dulles, Virginia-based Cigital Inc., the world's largest software security-focused consulting firm. "I'll go to RSA and I'm a panel speaker, a technical consultant, and people meet me and say, 'You must be in sales and marketing.' I'll be in a meeting, and someone will say to me, bring me a chair or a cup of coffee, because I'm mistaken for an administrator."
How women in InfoSec help business performance