Attracting and retaining qualified workers to the field — especially women — has become a critical issue across sectors, from banking to health care, aviation and government. “Can we staff up fast enough to be able to protect the power systems of the United States, the weapons systems, the financial systems? Because, right now, we do not have anywhere near enough people to do any of that,” said Alan Paller, director of research for the SANS Institute, a cybersecurity training company that createdthe Girls Go Cyberstart challenge. And yet, said Paller, the on-ramp for women into cybersecurity remains obstructed. “If we block entry for women, we’re blocking 50 to 70 percent of the talent,” he said. “When I walk into a high school Cisco Networking class, I’ll see 30 boys and one girl. Girls are being told loudly: ‘You are not invited.’”
With a median wage of $92,600, cybersecurity jobs pay enough to vault workers into the upper-middle class and beyond. Cybersecurity work typically requires a bachelor’s degree in computer science or programming, a few years of experience in a related field such as networking, software development or systems engineering, and in some cases, an information security certification.
Let our news meet your inbox. The news and stories that matters, delivered weekday mornings.
At Red Bank Regional, 40 girls, divided into 14 teams, signed up to play Girls Go CyberStart. The push to get girls into computer science is newly backed by a statewide mandate that requires all New Jersey high schools to offer computer science by next school year, and that makes the course mandatory for graduation beginning in 2022.
During the 2015-16 school year, just 39 percent of New Jersey high schools with Advanced Placement programs offered an AP computer science class, mirroring the limited availability of such classes in high schools nationwide. Of New Jersey’s 1,111 college graduates majoring in computer science in 2015, only 15 percent were women.
“We’ve made tremendous inroads in just the last few years,” said Mandy Galante, a technology teacher at Red Bank Regional whose classes focus on systems, networking, cybersecurity and forensics. The lead organizer of the school’s Girls Go challenge, she credits nonprofit organizations like Girls Who Code and code.org for impressing upon schools the importance of teaching digital skills and competence.
“In my experience at the high school level, it’s not that girls are being shut out of technology exactly, a bigger issue is that they’re not self-identifying,” Galante said. “I’m seeing boys realize in high school, ‘I can do this,’ so they’re getting to the right college so they can take courses in this field. They’re just way ahead of the game.”
In an effort to reach more girls for the Girls Go game at Red Bank, for example, Galante recruited girls from nontech classes, including a dozen from a creative writing class. “We want to get the girls who never even thought of doing this,” she said.
For women, barriers to entry into cybersecurity, and the tech field in general, begin long before high school, said Nicole Smith, a research professor and chief economist at the Georgetown University Center on Education and the Workforce. “Our parents make decisions early on about what boys and girls should be doing,” she said. “The social conditioning starts really early.”
Especially once girls reach middle and high school.
“The elephant in the room is that girls ‘can’t do math good,’” Smith said. “But when you look at standardized tests and SAT scores, girls are scoring just as well as boys in math and science. In some cases, they are actually doing better. The question isn’t about competence -- it’s an issue of decision-making about what to pursue. When a preponderance of women are making decisions that will affect their lifelong earnings potential, we need to ask why, and what is it about our culture that is telling women: ‘This is where you belong’?”
If we block entry for women, we’re blocking 50 to 70 percent of the talent. … When I walk into a high school Cisco Networking class, I’ll see 30 boys and one girl. Girls are being told loudly: ‘You are not invited.’
Alan Paller, director of research for the SANS Institute, a cybersecurity training company that created the Girls Go CyberStart challenge
In a report she recently co-wrote on the gender wage gap, Smith found that although women are now graduating from college in greater numbers than men, and are pursuing STEM degrees more than ever before, they still earn 81 cents for every dollar earned by men when wages are averaged across job sectors. She also found that when women choose majors in well-paying sectors, they tend to then select the least lucrative submajors. For example, 54 percent of women majoring in STEM fields concentrate in biological and life sciences, which are among the majors with the lowest-paying career prospects, but only 17 percent select majors in the more lucrative field of engineering.
The Girls Go challenge is an effort to equalize the cybersecurity playing field, or at least to plant a seed of interest in cybersecurity at the high school level. This past winter, in its first year, 6,654 girls across 16 states and the territory of American Samoa participated. In order for schools to access the game, the SANS Institute asked governors’ offices nationwide to partner in its promotion. Winners each receive a $100 gift certificate and an all-expense-paid trip to a conference in Chicago for women in cybersecurity. The winning team’s host school receives a $1,000 award.
Melissa Vuong, 15, is a sophomore at Red Bank and a member of team Throckmorton. With zero coding experience, she was primarily drawn to the opportunity to collaborate with her team. “It’s super fun working together,” she said. “And it’s my first time playing a game like this, so it’s a challenge, but I like it.”
Girls Go is not the first online challenge designed to attract young people to cybersecurity, though it is the only game specifically for girls. The Air Force Association's CyberPatriot online competition and GenCyber camp, funded by the National Security Agency and the National Science Foundation, are aimed at attracting high schoolers to the cybersecurity field, though they do tend to appeal primarily to boys. While some girls do participate, Galante noted that they rarely make it to the leaderboards and thus fail to garner attention and awards, which among competitors creates a deeper interest and connection to the field.
“We’ve learned over the years that winning shiny stuff, and having people make a big deal out of you, helps young people believe in themselves and be attracted to something,” Galante said. “But even though girls were participating — in small numbers — in challenges like CyberPatriot, this recognition wasn’t happening for them. The boys, who have so much more experience in gaming, were the ones being recognized.”
In spite of increasing numbers of women pursuing STEM degrees, only 26 percent of computing jobs in the U.S. are filled by women. Like cybersecurity, the broader field of jobs related to computing faces a labor shortage with 1.1 million job openings projected by 2024.
When women do opt to major in STEM fields such as cybersecurity, they frequently leave the field after a brief tenure, according to a 2011 report by the Georgetown University Center on Education and the Workforce. “Even when women do well and excel in college in technology, they divert into teaching math or science, or into fields like biology or pharmaceuticals — fields that are predominantly female and pay lower wages,” said Smith, the Georgetown economist. This may be due in part to priorities. When considering a new job, men value salary above other factors, the Georgetown report found. Women, on the other hand, prioritize proximity to home; the working environment and workplace communication; and prospects for upward mobility.
Workplace environment is clearly a factor, especially in cybersecurity where teams tend to be small and therefore perhaps more intense. Marian Merritt, the industry engagement lead for the National Initiative for Cybersecurity Education, points to the hyper-competitive, noncollaborative, war-terminology-oriented nature of cybersecurity as a major concern for women. The initiative, a unit within the U.S. Department of Commerce, aims to alleviate the cybersecurity workforce shortage.
Currently, there are 285,681 unfilled jobs available in cybersecurity. Research indicates there will be a global shortage of 1.8 million cybersecurity professionals by 2022.
“Anecdotally, we know that there’s an emphasis in cybersecurity on being self-taught, self-driven and adversarial,” Merritt said. “I think it’s time to figure out if this is just growing pains within a relatively new field — cybersecurity is maybe 10 years old as a subspecialty — because there are a lot of things happening in cybersecurity that are of big concern.”
When the Girl Scouts Research Institute, a unit connected to the Girls Scouts, surveyed its membership for its own STEM study, it found that 74 percent of the girls expressed interest in science, technology, engineering and math — yet only 13 percent said those fields would be their first choice for a career. Fifty-seven percent said that if they did enter a STEM field, they would have to work harder than a man just to be taken seriously.
At Red Bank Regional, after the weeklong Girls Go challenge, neither Team Throckmorton nor The Team That Must Not Be Named scored sufficient points to win at the national or state level. On the final scoreboard for New Jersey, Team Throckmorton placed 73rd out of 168 teams in the state, while The Team That Must Not Be Named placed 97th. Still, after playing Girls Go this winter, 70 percent of the players nationwide said they were now interested in a cybersecurity career, compared with 36 percent prior to playing the game, according to a survey by the SANS Institute.
One of those newly cyber-enthused students was Brigid Clanton-Calnan, a junior at Red Bank. “Right now, I'd say I've gone from pretty much zero interest in cybersecurity to really being pulled in that direction," she said. “And I'd love to play the game again, if it happens again next year.”