Jobs in IT (-Security): Where are the women?

Why do so few women work in IT? When I started working on this text, I realized once again that as a woman in the IT industry, I will still be part of a small minority in 2022. Last year, according to Eurostat, the proportion of women in the IT industry was just 18 percent. If you look at IT degree programs, it doesn’t get any better. Here, the proportion of women among students is a quarter – but that can be undercut. For in IT apprenticeships, just 7 percent of trainees are female. Why are women still so clearly underrepresented in IT today? Is there a lack of role models, interesting tasks, or is it even the prejudices mentioned at the beginning that keep women from IT professions? In today’s TechTalk article, I try to find answers to these questions.

The current situation: facts, figures, background information

In the course of my research for this article, I kept stumbling across the same numbers over and over again. Whether in Germany, Europe or the world: women make up at best 20% in IT. Why is that, I ask myself?

Have fun for once and feed common search engines with combinations like “women and IT”: You will only find really interesting facts and background information on the topic of women in IT at second glance. Interesting personalities such as the German software developer, IT security expert and activist Lilith Wittmann thus remain in the second row in the public perception despite impressive achievements. In 2021, Lilith Wittmann uncovered glaring security vulnerabilities in the app Luca and the CDU’s election campaign app. The thanks: a criminal complaint by the CDU’s federal managing director. Although the charges were later withdrawn and the case against the security expert was dropped, Lilith Wittmann did not make it into the IT Hall of Fame. The Hall of Fame is a compilation by the editors of COMPUTERWOCHE that lists “ingenious developers, software pioneers and TOP CIOs” from the German IT industry. As few female endings are used in the description of this list, as little femininity can be found in the enumeration. Namely in the total: zero. Dietmar Hopp of SAP, Lars Hinrichs of XING, Johannes Nill of AVM or Klaus Straub of BMW: all undoubtedly outstanding IT professionals. The only question I have is why a Lilith Wittmann or the German computer scientist and specialist author Ute Claussen do not appear in this list.

A look back: The importance of women for the development of computer science

To exaggerate, one can put it like this: There are no women on the Internet! It is true that we are online, play games, store and make up the majority in social networks. But we consume and leave the creation of our beloved digital worlds to men. Today’s IT world is an all-male domania. Or should we say: it has developed into one. Because a look back at the not-so-distant past shows that it was a very different story some 40 years ago. Back then, programming was a typically female profession, and in 1987, the percentage of women among software developers in the U.S. was 42%. It’s not that the 1980s were markedly more feminist in orientation. Rather, the high percentage of women was because the programming jobs of yore were drudgery for low-status office “frolleins.”

Information technology, of course, goes back much further – and was truly female-dominated in its absolute beginnings. Do you know, for example, that the first program for a machine ever written was penned by a woman? Ada Lovelace was the name of the lady who, as a mathematician, shaped the foundations of programming.

The fact that we now work with modern programming languages and not with zeros and ones in IT also goes back to a woman. Grace Hopper developed the first compiler (A-0) and did important groundwork for the development of the COBOL programming language with the FLOW-MATIC programming language. It was only because of “Amazing Grace’s” insistence on using universally understandable language in IT that the compilers, interpreters and programming languages we still use today came into being. Oh yes, even if the “debugging” of program errors is part of your daily work, you are indirectly working with Grace Hopper. Because the “first actual case of bug being found” goes back to a moth that paralyzed a relay of a computer in Hopper’s Mark II Projectes.

Why are there (still) so few women in the IT Security industry?

In the German professional world, there are countless well-educated, highly motivated women who do great things. However, most of my female colleagues still give the IT security industry a wide berth – a thesis I can back up with a quick glance around at my colleagues. Of course, I wonder what the explanation could be for this one-sided gender composition of the IT world. If 40% of computer science graduates were still women in the mid-1980s and that figure has plummeted dramatically just 40 years later, there simply must be reasons. There are explanations that attribute the decline of women in IT to the bursting of the tech bubble in the early 2000s. At that time, many women left the IT industry and never returned. For me, that’s one reason – but certainly not THE deciding factor. I found a much more interesting approach in the “Journal of the Association for Information Systems”. The article with the somewhat unwieldy name “Comparing Three Theories of the Gender Gap in Information Technology Careers: “The Role of Salience Difference” lists three theories that guide us humans in our career choices. And apparently keep women from entering the IT Security industry:

1) Expectancy Value Theory

According to this theory, we choose professions that match our interest in the field and expectations of success. In doing so, we preferentially choose the professions that we have confidence in our own strongest abilities to perform. And here’s where it gets interesting: while a man has only one or a few dominant cognitive abilities, women have a whole range of similar cognitive abilities in different areas. The authors conclude that women are not turning away from IT because they lack the necessary skills. Rather, it is because they possess so many skills that lead to significantly more career options.

2) Role Congruence Theory

This theory states that people take career paths according to their socialization. In classical upbringing, men are motivated to consider power, money, status symbols, and individual achievement as desirable. Women, on the other hand, are pushed more toward social interaction, a sense of community, and altruism in their younger years. The STEM disciplines – math, engineering, science and technology – are socially ascribed as more of a male socialization. This could be one reason why so few women still pursue careers in these fields.

3) Field-specific ability belief theory

Men and women are attributed different innate abilities. While this is not tenable in my eyes, the belief in “innate talent” is nevertheless widespread socially. If men are convinced they have a talent in IT, they choose a corresponding profession. Women, on the other hand, look at the first theory, if they have the same conviction, they are also convinced that they possess other additional skills – and usually choose a career outside of IT.

Security jobs today: education/ studies and personal requirements

As part of SECUINFRA, I work as a Cyber Defense Consultant in a male-dominated environment. However, I believe that the IT security industry in particular would benefit significantly from an increase in femininity. In terms of the aforementioned “field-specific skill persuasion theory,” I would assign characteristics such as stamina, frustration tolerance, and thoroughness – all elementary soft skills for the job – as having always been present, at least in my case. I wonder if many female job candidates don’t feel the same way 😉

Cyber defense consultants are undoubtedly in demand – and it is completely irrelevant whether they pursue the career as a man or a woman. It is much more important to have a degree in computer science or a specific course of study with a focus on IT forensics or IT security. In my experience, both broad-based degree programs like computer science and highly specialized counterparts are excellent preparation for the job. Even with a successfully completed apprenticeship in a technical IT profession, for example as an IT specialist, the entry into the profession is successful – especially if there is already experience in general IT, for example as a software developer or administrator.

Insight into my working day as a Cyber Defense Consultant

There is no typical “workday” in my job as a Cyber Defense Consultant. The course of my working day depends to a large extent on current customer projects and is divided into the following areas, for example:

• Daily business (for example, monitoring privileged authorizations for certain applications)
• Relationship building and deepening with the customer
• Advising the customer on IT security-related topics
• Development and implementation of SIEM use cases (My colleague Merlin Blohm has written an informative article about this exciting area: “My tasks as a SIEM use case developer”.
• Controlling the provider when connecting new data sources
• Analysis of provided log files, project planning and meetings (communication exchange with colleagues involved in the project).

Every day is therefore unique, which is why you have to be adaptable and also willing to shift gears if necessary in order to adapt to the needs of the customer.

Who of my gender feels addressed? Take a look at our current job postings right now!