Increasing the number of women – and women of color specifically – is critical for the cybersecurity market to thrive, said Vandana Verma of the OWASP Foundation and InfosecGirls. But she also believes it’s not enough.
“People have started talking about diversity, but it's not just about growing the number of women,” she said in an interview with SC Media. “It’s about people from different domains.”
Consider, she says, how valuable a psychologist could be in the cybersecurity realm, given how often bad actors prey upon human nature. Or consider lawyers, who can understand legal considerations that emerge after a cyber breach or ransomware attack. Or consider how many journalists have transitioned to the world of cybersecurity threat intelligence.
“On the surface these professions seem related nowhere, but the approach and tactics are so valuable,” Verna said. “We talk about a skills gap in cybersecurity, but I believe that can be fulfilled” by expanding the purview of what is deemed the cybersecurity talent pool. She also points to the benefit of international perspective.
“I have learned that in every country, the culture is different, the people are different, the way they think is different,” she said. “Cybersecurity remains the same, but the way people play around with cyber security is totally different.”
Verma herself fell into cybersecurity in 2005 in India – “at a time when cybersecurity was not really considered a career” – thanks to what she calls a bit of serendipity. Working in IT consulting, she was asked to support a project onsite that involved security monitoring. She accepted and learned, and at the recommendation of a colleague, became more active in the cybersecurity community that was only just beginning to develop.
“So, you talked about this word advocate, and that I can be an advocate about cybersecurity; I never thought so to be honest,” Verma said. “But the community showed me that there is always light after this tunnel, and I can reach that light and be the light for somebody else.”
In the 15 years since, Verma has worked with security teams at IBM, Accenture and Time Inc. of India. But among her proudest achievements came with the recognition that women in cyber needed their own communities to thrive.
She established InfosecGirls to “inspire curiosity among women in technology about the realities of information security,” as the mission states, and gradually created chapters throughout India – in Bangalore and Pune and Mumbai, as well as less developed areas like Bhopal. The group has since gone global, with chapters in Italy and New York. And among the many hats she wears with the OWASP Foundation, Verma is the Asia lead and secretary for its Women in AppSec.
Said Verma: “That gives me a platform where yes, I can be a leader locally, I can be a leader globally.”