Microsoft pushes for more women in cybersecurity

Microsoft has partnered with organizations around the globe to bring more women into infosec roles, though the devil is in the details.

The move aims to help close the security skills gap, as the demand for people to defend against cyberattacks continues to outpace the supply of trained professionals. And it also addresses the industry's lack of inclusion, especially when it comes to hiring women, according to Microsoft Corporate VP Kate Behncken. 

"We must create more inclusive and supportive learning environments, and we see greater success in building confidence and soft skills among women with cohorts that are majority women," Behncken said in a blog post announcing the new partnerships.

Specifically, the new Redmond partners include:

• WOMCY, a nonprofit focused on growing infosec opportunities for women in the US, Latin America and the Caribbean.
• Women4Cyber, a nonprofit working to increase women in cybersecurity jobs in Europe.
• The UN's International Telecommunications Union, supporting its Women in Cyber Mentorship Program with an emphasis on the Middle East, Africa, and Asia.
• WiCyS, a global organization that seeks to facilitate recruitment, retention and advancement for women in the field.

Additionally, Microsoft says it's partnering at the country and local level with organizations like the Kosciuszko Institute in Poland, which offers a skills and internship program for women, including Ukrainian refugees. The tech giant counts this, and "more than 20" other similarly focused nonprofit organizations among its partners, according to Behncken.

Whether these efforts will work to put a dent in the gender inequality that, as we've pointed out before, has long plagued the industry remains to be seen. We sincerely hope it's more than slick marketing efforts coming out of Redmond, but only time will tell. 

"When I sued Microsoft for gender discrimination in pay and promotions, it was because women are historically hired at lower levels and salaries than men and are promoted at a much slower rate," Luta Security founder and CEO Katie Moussouris told The Register.

"Our careers languish despite better education, experience, and performance compared to our male peers. This is still true across every industry."

Moussouris ended her lawsuit after failing to get class action status for the suit.

That said

Historically women were at the forefront of software development, but since the 1980s at least participation has declined sharply.

The industry remains largely an all-boys club, with women making up just a quarter of the cybersecurity workforce as of 2021, and those who are in the 25 percent get paid and promoted less, and leave the workforce faster than their male counterparts. 

(ISC)2's 2022 cybersecurity workforce research found these numbers are slightly better among the under-30 crowd, where women account for 30 percent of the workforce [PDF]. 

But sadly that number drops to 24 percent between the ages of 30 and 38, then down to 13 percent among 39 to 49-year-olds, 12 percent for 50 to 59-year-olds, and 14 percent for the over-60s.  

• CISA joins forces with Women in CyberSecurity to break up the boy's club
• Where are the women in cyber security? On the dark side, study suggests
• Google looking outside the usual channels to fix security skills gap
• Infosec still (mostly) a boys club

Simply hiring more women in infosec roles — or into any given industry — isn't sufficient, Moussouris said. "That won't solve the problems of economic injustice. Until we pledge pay transparency and active correction of pay and promotion inequity, all the women joining the workforce will only continue to stagnate and suffer and struggle."

Moussouris called on organizations to take the Pay Equity Now Pledge, and commit to audit for and correct pay and promotion inequity. Additionally, companies can support Penn State Law School's Manglona Lab, named after Moussouris' late mother, which, among other things, does gender equality legal work, she added.

"The gender pay gap isn't projected to close in our lifetimes, with women of color projected to reach pay parity with white men in over 200 years," Moussouris said. "We cannot afford to wait. Little girls born today will not see economic justice until we decide as a society to enforce it."

At Microsoft — one of the largest security vendors globally — women comprised 30.7 percent [PDF] of its core workforce worldwide at the end of 2022. Redmond's annual Diversity and Inclusion report didn't specify how that breaks down specific to Microsoft's security biz. We've requested that info, and will update this article when and if we hear back.

We'll also be keeping an eye on how this year's layoffs affect its D&I breakdown.

Admittedly, Microsoft is beating the industry average when it comes to hiring and retaining women. But as a tech leader, we'd expect it to lead by example, and it's still got a ways to go before its employee base — and infosec team — looks like the larger population it serves. ®