Network Security, Vulnerability Management

2014 Women in IT Security: Making headway

It's no secret that women are greatly outnumbered by their male counterparts in the field, and that other gaps, such as those in pay, remain a hurdle for women aiming to reach new heights in their careers. But Larry Ponemon, chairman and founder of research think tank the Ponemon Institute, believes that women, who've risen to senior-level positions in IT security, are increasingly finding themselves in the company of other female leaders.

Through a nine-year tracking study of IT security practitioners, the institute found that the number of women in these roles nearly doubled from 2005 to 2013.

Though a small sample (ranging from nearly 1,000 to just over 1,500 people over the years), the findings show that the percentage of women in management security positions grew from 8 percent to almost 16 percent over the stretch of time. In the study, leadership positions are defined as vice president, senior vice president, and comparable management roles, Ponemon explains.

“The rate of increase of women in executive positions has nearly doubled,” Ponemon (left) says. “The rate of change is very good for women, and increasing at a faster rate in supervisory levels than their male counterparts.”

The study polled practitioners where, at minimum, 20 percent of their job function was dedicated to IT security.

Ponemon also reveals another hopeful indicator for women managing to break through the glass ceiling: lengthier job occupancy rates for those reaching security leadership ranks.

“For people that are at, or above, the director level, the average tenure was 2.5 years for both men and women. But for women alone, it was 3.6 years. Women that are, in fact, in senior level positions were able to stay in that position longer than men,” Ponemon points out.

Though plenty of work remains to be done in closing the industry's gender gap, this inaugural issue of SC Magazine takes the step of highlighting women for their noteworthy contributions to the IT security and privacy space. In addition, our lineup of features will examine ongoing efforts to support women entering, or already working within the field. As well, workplace issues presenting barriers to women aiming to make strides, from sexual harassment to unequal pay, are on the table in this special issue.

Speaking Out

Jessica Dillon, a software engineer at Bugsnag, a San Francisco firm that automatically detects website and mobile app crashes, is among a segment of women in tech facing concerns of sexual harassment head on.

In May, Dillon and eight other women set up a website,, where they posted an open letter calling attention to their personal experiences of harassment while on the job.

“All of the women [who helped write] the open letter are in the tech field and we'd all been expressing the same things over and over again,” Dillon says. “And we got really fed up. Some were even considering leaving the tech field entirely.”

The “last straws” for many of the women occurred after the CEO of a startup, Gurbaksh Chahal, was allegedly video taped attacking a former partner last August.

This April, Chahal was fired from his ad-tech firm RadiumOne after accepting a misdemeanor plea deal and having 45 felony counts of domestic violence against him dropped.

The creators of, however, take issue with the overall handling of the incident, Dillon says.

“The internet demanded to see the video without the woman's consent,” explains Dillon.

Futhermore, the August launch of CodeBabes, a coding tutorial website depicting women removing their clothes as users progress in their courses, also prompted the protests of the nine women.

“CodeBabes was published which was another huge issue, and we saw that as the straw that broke the camel's back,” Dillon says.

Throughout her eight years in the tech field, Dillon also adds that sexist treatment had not escaped her on a personal level.

" one talks about the fact that what's waiting for [women] at the end of the pipeline is discrimination."

Jessica Dillon, software engineer, Bugsnag

“Personally, I have been sexually harassed by my superiors and questioned about my technical ability directly after giving a technical talk. I speak at conferences, and people will come up to me and assume that I can't be technical because I'm a woman or because of how I look,” she shares.

Despite issues of harassment and sexism in the field, however, Dillon believes that the industry is “getting a bit more progressive,” over time, and that people are starting to listen to the objections of male and female professionals.

Similar harassment concerns have also struck closer to home, for those specifically in the IT security industry.

In 2012, in response to women being physically and verbally harassed at the hacker conference DefCon, red and yellow “creeper move” cards were created so that attendees could hand them to those guilty of “mildly” or “wildly inappropriate” behavior.

Also, the presence of so-called “booth babes,” scantily clad women at trade show events, continues to serve as a talking point for both men and women in the field concerned about the message being conveyed at professional events, such as RSA Conference.

According to Dillon, an important part of attracting more women to the tech field, and retaining them, is in improving the company culture that permeates the space, and its workforce.

“A lot of people say it's a pipeline problem, but no one talks about the fact that what's waiting for [women] at the end of the pipeline is discrimination,” says Dillon. “I think that people are focusing on the pipeline, but not focusing on the current company culture.”

Tomorrow's leaders

Joan Lyman, a national advisor for Springboard Enterprises, a nonprofit that focuses on educating tech companies led by women, dedicates much of her time to preparing female entrepreneurs for what lies ahead, from negotiating shareholder rights to navigating other aspects of their careers.

Lyman co-founded SecureWorks, a security firm that was later acquired by Dell in February 2011 for over $600 million, and is a partner at Lyman Management Group (LMG Corp), an Atlanta company that advises entrepreneurs and executives on growing and managing their enterprise.

“I have, over the years, counseled and worked with growing security companies owned by women,” Lyman says of her work. “Honestly, I think the number one question that gets asked, is how to survive the male dominance that thrives in the industry.”

Often she sees women, who already carry extensive resumes, blindsided by the obstacles they face, which aren't related to their technical ability.

“It's really the business questions they have for me. The questions are about working and negotiating with men,” Lyman says.

She adds that other factors, such as family responsibilities, make the balancing act of career and home life a tough accomplishment for women considering tech careers.

“They are two CEOs,” Lyman said of women entrepreneurs. “The CEO of that company and of their house. And to say that issue doesn't exist is foolery.”

In order to get more women leading boardroom discussions about security, there must also be a cohesive measure to inform them of, and prepare them for, career opportunities.

Sondra Schneider, CEO and full-time professor at Herndon, Va.-based Security University, which provides information assurance training and certifications for IT security professionals, says that the industry could benefit from training more adult learners.

Schneider, who has been in the information security field for nearly 28 years, adds that hands-on performance based training centers offer the industry a means of cultivating skilled professionals, who are not only certified, but qualified for security jobs.

“We don't have a process and methodology for adult learners who don't need degrees, but need a graduate or master's certificate from a non-degree program, for skills to position them for career advancement,” Schneider explains.

HP, which announced in late February that it would provide $250,000 in scholarship grants for women studying to join the IT security field, saw its efforts as a way of helping to close the gender gap, while also filling major demands facing the community.

That month, the Ponemon Institute released an “IT Security Jobs Study,” which found that the industry's job market would be 40 percent vacant as of this year.

HP will provide the grant money to the Scholarship for Women Studying Information Security (SWSIS) program, which was founded by the nonprofit Applied Computer Security Associates (ACSA). Under the program, women in their last two years of college or in their first two years of a masters program, who are studying to contribute to the information security domain, are eligible for scholarships.

Jacob West (above), chief technology officer for Enterprise Security Products at HP, says that estimated 40 percent vacancy rate in the industry, coupled with the worsening threat landscape, such as the incidence and cost of breaches, incited HP's support.

“We are going into battle nearly half staffed,” West says. He later adds that the scholarship funding won't solve problem, but that hopefully, it will bring attention to the issue and have a “snowballing effect and gain momentum.”

“We can't expect the university system to solve this on their own,” West explains. “The problem is too big, and the timeline is far too short.”

Jewel Timpe, a malware research manager for HP's Security Research organization, who held a series of IT operations positions before moving progressively into the security side of the field, shares her perspective on job opportunity awareness.

According to Timpe, in the last 10 years alone, the industry itself has evolved from perceptions of an “endpoint protection running on your device” to a field that analyzes advanced threats and responds to the evolution of malware.

“[IT security] hadn't really been touted as a career, let alone a career for women,” Timpe explains. “Plus, the industry was a very male dominated field to begin with.”

An evolution of threat careers

Last October, Raytheon, a Waltham, Mass.-based defense and aerospace systems supplier, released a study which shed light on millennial awareness, or lack thereof, about opportunities in the security field.

The study, which polled young people aged 18 to 26, found that 82 percent of millennials never heard about career opportunities in security from a high school teacher or guidance counselor. The study includes the responses of 1,000 young people in the U.S.

Furthermore, when asked about the appeal of security jobs, 35 percent of young men were interested in such opportunities, as opposed to 14 percent of young women respondents.

West believes that the industry must do a better job of educating young people about the field, as opposed to hoping they will stumble upon such careers, or arrive there through a “natural, on-the-job progression,” like HP's Timpe.

For young women, in particular, there should also be an emphasis on presenting them with senior-level roles they can visualize themselves in one day, he explains.

“I think the thing we need to focus on is the career paths, and the perceived career paths for executive roles in the industry,” West says. “It's one thing to get more people in the field, but it's another thing to look 20 years down the road and imagine yourself being there.”

In the following pages, SC Magazine has highlighted the careers, both budding and realized, of 22 women. Some are featured for their contributions as industry veterans, while others have influenced the field of online security and data privacy via noteworthy efforts made within the community, or from their respective fields that may not be security specific. All of the women noted in this next section have strived to impact the threat and privacy landscape for the better.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.