Tokyo Report

Why Japan Can’t Fail ‘Womenomics’ in Cybersecurity

Recent Features

Tokyo Report | Security | East Asia

Why Japan Can’t Fail ‘Womenomics’ in Cybersecurity

The talent gap in cybersecurity is exacerbated by low numbers of women in the field.

Why Japan Can’t Fail ‘Womenomics’ in Cybersecurity
Credit: Pixabay

Despite its catchy name and its importance to Japan’s economy, “womenomics” — a policy to empower women that has been advocated by Prime Minister Shinzo Abe — has not necessarily experienced a straight-line of progress. 

According to a recent report by Kathy Matsui of Goldman Sachs (who originally came up with the policy concept), although Japan has achieved several important improvements including its relatively high rate of female labor participation (71 percent), several chronic issues hamper the overall success of the policy. A dearth of female leaders and limited childcare capacity are two examples of such issues. In addition, the society’s continuing aging and the concurrent shrinking of the workforce population will have serious impacts on the economy over time; this makes the womenomics agenda very time-sensitive, Matsui says. 

The bad news for Japan is that it now faces another workforce-related nightmare: The cybersecurity talent gap. To be fair, this is not a unique problem for Japan. The global cybersecurity industry has been struggling to keep up with fast-growing workforce demand, and those struggles are likely to continue. According to (ISC)²’s 2018 study, about 2.93 million cybersecurity-related positions are vacant around the globe, and more than 70 percent (2.14 million) of those unfilled jobs belong to the Asia-Pacific region. 

This lack of qualified talent makes individual organizations more vulnerable to cyberattacks and incidents. It can also boost existing workers’ workloads, make them feel overwhelmed, and ultimately affect their productivity and job satisfaction. Among the countries affected by this issue, Japan faces more difficulties than others in attracting well-qualified talent, due in part to its information technology (IT) sector’s relatively low income level and the nation’s overall limited labor force mobility. 

The nexus of these two challenges — womenomics in cybersecurity — should be discussed more within Japanese society, in light of the fact that it is a touchstone for Japan’s overall gender equality and workforce development strategies. There are three reasons for this. 

First, as discussed above, both womenomics and cybersecurity talent acquisitions are time-critical matters, and the demand for immediate action is high in both the public and private sectors. This gives the Japanese government a strong political rationale to promote more female participation in cybersecurity in a timely manner. If the nation fails it, despite such great need and rationale, it might imply a governance or management problem, which needs to be solved before pursing the similar goal in other fields with less public attention. 

Second, greater representation of women in both Japan’s overall economy and cybersecurity industry is beneficial not only for workforce diversity but also for the nation’s economic sustainability and security. As Matsui points out, womenomics cannot be ignored because it helps to compensate for the lack of working population and eventually assist the nation’s economic growth. Likewise, diversity in the security workplace is also crucial in preparing for and responding to risks and threats, given the reality that malicious actors in the cyber realm are themselves diverse in background and expertise. In other words, effective risk analysis and management require a wide variety of perspectives and skillsets. 

Last, but not least, the human resource issue in cybersecurity speaks to a deeper issue with Japan’s talent management. While science, technology, engineering, and mathematics (STEM) skills become more and more important due to emerging fields such as cybersecurity and artificial intelligence (AI), Japan has the smallest percentage of female researchers and scientists among the OECD countries. Since STEM subjects are more likely to be critical components of future society and industry, Japan’s failure to promptly address the lack of women in STEM could cause long-term negative effects on the society. Due to its importance and high talent demand, cybersecurity can be a strong driving force for facilitating nationwide efforts to increase women’s representation in the STEM area. 

So, what should Japan really do to have more women in STEM or cybersecurity? According to experts and survey results on this topic, there are three key steps that would mark a good start: (i) have more female role models, (ii) find talent with potential and passion, and (iii) guide them to relevant training opportunities. The combination of these three approaches would be very effective, as they are interconnected to each other in the sense that more role models are generated in the process to train a hopeful candidate. Likewise, one good role model can stimulate more young people interested in a STEM or cybersecurity career and render positive impacts for the society. 

Nevertheless, this does not mean that Japan has zero female role models in this area. Asuka Nakajima, a security researcher at NTT Security Platform Laboratories and a recipient of the cybersecurity incentive award provided by the Japanese Minister for Internal Affairs and Communications, is a perfect example. Nakajima led the establishment of a community called “CTF (Capture-the-Flag) for GIRLS” to connect, gather, and train female students and professionals in Japan and Asia who are interested in information security technology. CTF for GIRLS is the first community of its kind in Japan, and hosts CTF competitions and different workshops for women on key topics such as forensics and cryptography.

A noteworthy feature of this group is that it targets not only skill building but also confidence building of women. One of the trickiest parts of empowering women, particularly in a male-dominated field like cybersecurity, is removing the individual woman’s self-doubt about her ability to succeed. CTF for GIRLS tackles this difficult challenge by providing women with opportunities to talk to each other, exchange their knowledge and experience, and establish a mutual support system. The group has gained its domestic and international popularity, as symbolized by Nakajima’s participation in the famous Black Hat USA event as a conference speaker in the summer of 2019.

Nakajima, who kindly shared her insights with the author of this article, emphasizes the importance of reaching out to as many female engineers as possible in order to have more members on board. In particular, Nakajima and her colleagues have sought to invite working mothers with small children to the workshops by encouraging them to bring their kids to the venue. Similarly, the group recently introduced a webinar system to allow female professionals in remote locations to join the meetings. These new approaches were very successful in expanding the community, and they resulted in a great deal of positive feedback, Nakajima says. 

While these grass-roots efforts by Nakajima and CTF for GIRLS are surely helpful for improving Japan’s dire condition, more political, financial, and PR reinforcements from both the government and industry are desperately needed in order to pursue further diversity and solve the talent shortage in cybersecurity. Luckily, Japan has two female veteran lawmakers and ex-ministers, Seiko Noda and Sanae Takaichi, who have vigorously led political debate about cybersecurity and talent development. Another frontrunner in this area is Mihoko Matsubara, chief cybersecurity strategist at NTT Corporation. She has called for more women in cybersecurity through different media outlets for years. 

However, given the urgency of the issue and Japan’s disadvantages as noted above, more people, regardless of gender or expertise, need to get involved in this discussion. Education and training takes time, but the rapid expansion of the data-driven market and the increase in vulnerability caused by different factors (e.g., the rise of Internet of Things (IoT), smart devices, and cryptocurrency) means that individuals and organizations cannot afford to wait too long. Other components of workforce management such as skill and resource optimization should be considered at some point. Nonetheless, Japan’s cybersecurity sector today may simply need a greater number of women to defend its online assets, improve the work environment, and encourage more women to develop careers in the STEM and cybersecurity fields. 

Mayuko Yatsu is a project manager/senior research analyst at Washington CORE, L.L.C.