- Eric Parizo, Senior Analyst
Count Lawrence Snyder among those who believe that if the information security profession can be saved, women are its only hope.
Saved may be a strong word, but Snyder, department chair of the new cybersecurity studies program at Bay Path College, understands the stakes. The demand for qualified, experienced information security practitioners far outpaces the supply: The International Information Systems Security Certification Consortium estimates that last year about 332,000 InfoSec pros joined the global workforce of about 3.2 million, but the field needs as many as 2 million more practitioners, according to (ISC)2 Executive Director W. Hord Tipton.
That's where Snyder comes in. He led the launch effort behind the school's inaugural graduate cybersecurity management program and is preparing a pair of new undergraduate programs, focusing on information assurance and digital forensics, that will debut this year.
The programs appeal to people like him who have diverse backgrounds and experience but perhaps lack the technical expertise. "I know the technology, but I had never managed a firewall or set up an intrusion-detection system," Snyder says.
The curriculum offers a broad mix of what future CISOs may need, starting with technical fundamentals and progressing to cybersecurity management topics like project management, organizational change, security and compliance, and legal issues.
I'd bet over the course of their careers, they would have a bigger impact helping people who are victims of cybercrime than they ever would as law enforcement officers on the street.
Dr. Lawrence Snyder, department chair, cybersecurity management program, Bay Path College
The undergraduate program is designed with a middle-out approach based on the organizational role of today's cybersecurity managers. "We're going to put someone smack-dab in the middle of the organizations who can influence both the decision makers and the doers, to change that organizational conception of what security can and can't do from almost a grassroots level," asserts Snyder.
Bay Path, a private women's college with about 2,100 students, is one of a growing number of higher education institutions now offering students the chance to earn degrees in information security. Not long ago few colleges could afford the tens of thousands of dollars needed to build the enterprise-grade computing labs essential for hands-on learning, but cloud computing has eliminated that barrier: Provider AccessData gives Bay Path's students all the access they need for $2,500 per year.
Yet the real challenge lies not in designing courses or building labs, but convincing female students that information security is not only a compelling career choice, but also a fulfilling one. According to (ISC)2's 2013 report Agents of Change: Women in the Information Security Profession women represent a mere 11% of the profession, and despite the influx of practitioners in the past few years, that percentage hasn't changed.
It's not a problem unique to information security: The U.S. Department of Commerce in 2011 reported that even though women fill almost half the jobs in the U.S. economy, they hold fewer than 25% of the jobs in the science, technology, engineering and mathematic fields.
Bay Path's approach to marketing the security profession to female students is to tone down the technology rhetoric and emphasize how the talents necessary to succeed -- communication, analytics, problem solving and leadership -- are all areas in which women's capabilities match or even exceed those of their male counterparts.
"In this field, there are things you have to do on the computer, but that's just a small portion of it," Snyder says. "What makes a great digital investigator is you have to be analytical in nature. You have to break down problems and understand the circumstances."
But does information security ultimately align with what women want out of their careers? Snyder says what he hears most often from his female students is that they want to help others. Though few today view infosec as a field in which a graduate can give back to society, Snyder wants students to see the profession in the same light as social work or criminal justice.
"There's a victim in every crime, even online crime, and if you're interested in helping people who've been victimized, I tell them this is a great way to do it," he says. "I'd bet over the course of their careers, they would have a bigger impact helping people who are victims of cybercrime than they ever would as law enforcement officers on the street."
For Snyder, who has three daughters of his own, it's a topic that hits close to home. Though his girls haven't decided what careers they want to pursue, he hopes more parents encourage their daughters to look at information security because the opportunities for success, advancement and fulfillment are many.
"The glass ceiling isn't nearly as wide as it is in other professions," he says. "And this is a job where you can take care of a family because the pay is phenomenal."
Eric B. Parizo is executive editor of TechTarget's Security Media Group. Follow him on Twitter @EricParizo.