Editor’s note: This story is part of Map to the Middle Class, a Hechinger Report series examining how schools can prepare students for the good middle-class jobs of the future.
LITTLE SILVER, N.J. — The four members of Team Throckmorton, playing junior agents for a cybersecurity firm, are up against a wily gang of hackers. To detect and ultimately thwart the cyber criminals, who are masquerading as legitimate business owners, the Throckmortons must solve a series of increasingly difficult challenges beginning with figuring out how to log into one of the gang member’s social media accounts by cracking a password reset form.
Gathered around a large wooden table in the computer room at Red Bank Regional High School, the girls, working on school-issued black Dell laptops, snack on lunch from brown paper bags and occasionally help themselves to Oreo cookies from a communal pack. Erin O’Kane, a 10th-grader, fills an index card with numbers as she decodes a classified message online. Seated across from her, Hannah Gazdus, a junior and a member of The Team That Must Not Be Named, is using her lunch period to scan a block of Python code for green-highlighted text, which indicates the presence of suspicious commands.
If the creators of the girls-only online cybersecurity competition Girls Go CyberStart are successful, some of these high schoolers will get hooked on the quickly expanding and well-paying field of cybersecurity and, in the process, help offset one of technology’s deepest gender gaps: Just 11 percent of cybersecurity professionals today are women.
Employers in the United States, and countries worldwide, face a critical shortage of professionals trained in protecting corporate and government computer networks and systems from cyberattack. As these attacks grow more frequent and sophisticated, jobs in information security are expected to skyrocket. The Bureau of Labor Statistics predicts that jobs for cybersecurity analysts in the U.S. will grow 28 percent by 2026. Currently, there are 285,681 unfilled jobs available in cybersecurity, according to CyberSeek, a website that tracks the cybersecurity job market. Globally, research indicates there will be a shortage of 1.8 million cybersecurity professionals by 2022.
Attracting and retaining qualified workers to the field — especially women — has become a critical issue across sectors, from banking to health care, aviation and government. “Can we staff up fast enough to be able to protect the power systems of the United States, the weapons systems, the financial systems? Because, right now, we do not have anywhere near enough people to do any of that,” said Alan Paller, director of research for the SANS Institute, a cybersecurity training company that created the Girls Go Cyberstart challenge. And yet, said Paller, the on-ramp for women into cybersecurity remains obstructed. “If we block entry for women, we’re blocking 50 to 70 percent of the talent,” he said. “When I walk into a high school Cisco Networking class, I’ll see 30 boys and one girl. Girls are being told loudly: ‘You are not invited.’”
With a median wage of $92,600, cybersecurity jobs pay enough to vault workers into the upper-middle class and beyond. Cybersecurity work typically requires a bachelor’s degree in computer science or programming, a few years of experience in a related field such as networking, software development or systems engineering, and in some cases, an information security certification.
At Red Bank Regional, 40 girls, divided into 14 teams, signed up to play Girls Go CyberStart. The push to get girls into computer science is newly backed by a statewide mandate that requires all New Jersey high schools to offer computer science by next school year, and that makes the course mandatory for graduation beginning in 2022.
During the 2015-16 school year, just 39 percent of New Jersey high schools with Advanced Placement programs offered an AP computer science class, mirroring the limited availability of such classes in high schools nationwide. Of New Jersey’s 1,111 computer science graduates in 2016, only 15 percent were women.
In a report she recently co-wrote on the gender wage gap, Smith found that although women are now graduating from college in greater numbers than men, and are pursuing STEM degrees more than ever before, they still earn 81 cents for every dollar earned by men when wages are averaged across job sectors. She also found that when women choose majors in well-paying sectors, they tend to then select the least lucrative sub-majors. For example, 54 percent of women majoring in STEM fields concentrate in biological and life sciences, which are among the majors with the lowest-paying career prospects, but only 17 percent select majors in the more lucrative field of engineering.
The Girls Go challenge is an effort to equalize the cybersecurity playing field, or at least to plant a seed of interest in cybersecurity at the high school level. This past winter, in its first year, 6,654 girls across 16 states and the territory of American Samoa participated in the game. In order for schools to access the game, the SANS Institute asked governors’ offices nationwide to partner in its promotion. Winners each receive a $100 gift certificate and an all-expense-paid trip to a conference in Chicago for women in cybersecurity. The winning team’s host school receives a $1,000 award.
Melissa Vuong, 15, is a sophomore at Red Bank and a member of team Throckmorton. With zero coding experience, she was primarily drawn to the opportunity to collaborate with her team. “It’s super fun working together,” she said. “And it’s my first time playing a game like this, so it’s a challenge, but I like it.”
Girls Go is not the first online challenge designed to attract young people to cybersecurity, though it is the only game specifically for girls. The Air Force Association’s CyberPatriot online competition and GenCyber camp, funded by the National Security Agency and the National Science Foundation, are aimed at attracting high schoolers to the cybersecurity field, though they do tend to appeal primarily to boys. While some girls do participate, Galante noted, they rarely make it to the leaderboards and thus fail to garner attention and awards, which among competitors creates a deeper interest and connection to the field.
“We’ve learned over the years that winning shiny stuff, and having people make a big deal out of you, helps young people believe in themselves and be attracted to something,” said Galante. “But even though girls were participating — in small numbers — in challenges like CyberPatriot, this recognition wasn’t happening for them. The boys, who have so much more experience in gaming, were the ones being recognized.”
In spite of increasing numbers of women pursuing STEM degrees, only 26 percent of computing jobs in the U.S. are filled by women. Like cybersecurity, the broader field of jobs related to computing faces a labor shortage with 1.1 million job openings projected by 2024.
When women do opt to major in STEM fields such as cybersecurity, they frequently leave the field after a brief tenure, according to a 2011 report by the Georgetown University Center on Education and the Workforce. “Even when women do well and excel in college in technology, they divert into teaching math or science, or into fields like biology or pharmaceuticals — fields that are predominantly female and pay lower wages,” said Smith, the Georgetown economist. This may be due in part to priorities. When considering a new job, men value salary above other factors, the Georgetown report found. Women, on the other hand, prioritized proximity to home; working environment and workplace communication; and prospects for upward mobility.
Workplace environment is clearly a factor, especially in cybersecurity where teams tend to be small and therefore perhaps more intense. Marian Merritt, the industry engagement lead for the National Initiative for Cybersecurity Education, points to the hyper-competitive, noncollaborative, war-terminology-oriented nature of cybersecurity as a major concern for women. The initiative, a unit within the U.S. Department of Commerce, aims to alleviate the cybersecurity workforce shortage.
“Anecdotally, we know that there’s an emphasis in cybersecurity on being self-taught, self-driven and adversarial,” said Merritt. “I think it’s time to figure out if this is just growing pains within a relatively new field — cybersecurity is maybe 10 years old as a subspecialty — because there are a lot of things happening in cybersecurity that are of big concern.”
When the Girl Scouts Research Institute, a unit connected to the Girls Scouts, surveyed its membership for its own STEM study, it found that 74 percent of the girls expressed interest in science, technology, engineering and math — yet only 13 percent said those fields would be their first choice for a career. Fifty-seven percent said that if they did enter a STEM field, they would have to work harder than a man just to be taken seriously.
At Red Bank Regional, after the weeklong Girls Go challenge, neither Team Throckmorton nor The Team That Must Not Be Named scored sufficient points to win at the national or state level. On the final scoreboard for New Jersey, Team Throckmorton placed 73rd out of 168 teams in the state, while The Team That Must Not Be Named placed 97th. Still, after playing Girls Go this winter, 70 percent of the players nationwide said they are now interested in a cybersecurity career, compared with 36 percent prior to playing the game, according to a survey by the SANS Institute.
One of those newly cyber-enthused students was Brigid Clanton-Calnan, a junior at Red Bank. “Right now, I’d say I’ve gone from pretty much zero interest in cyber security to really being pulled in that direction,” she says. “And I’d love to play the game again, if it happens again next year.”