When Terry Gudaitis launched her business, Mindstar Security & Profiling, in March 2013, the IT security expert had previously racked up roughly two decades of experience in organizations big and small, including Cyveillance, SAIC and even the U.S. Central Intelligence Agency.
“A number of things came together all of a sudden,” says Gudaitis of the decision to launch her sole proprietorship, Mindstar, which handles custom security training, consulting and threat assessment for the commercial sector, including large corporations and government agencies. “I had gotten so much good experience at a number of places and as time ticked on I realized that while I had had so many fabulous CEOs and managers, I was done working for somebody else.”
Indeed, Gudaitis represents a small but growing niche within the IT security ranks: female executives who are striking out on their own – either running early-stage companies or starting up their own firms. While these women – some with 30 years of experience, and some just starting out in their careers – point out that starting up a technology business is always a challenge, most claim that they see this as the best path to building or furthering their career in cybersecurity where women are few in number and typically don't enjoy the same career trajectory as men.
For , often being the “only female in earshot” at conferences or business meetings had become commonplace enough that it didn't faze her to become a female executive running her own firm in a predominantly male-dominated field. “I have found that people typically remember me as having been beneficial to them,” Gudaitis (left) says. “And being the odd man out, no pun intended, usually helps – as long as you have the skills behind you.”
In a little more than six years, rising IT security star Georgia Weidman had already done gigs as a security consultant and engineer managing network and application penetration testing and vulnerability assessments for IBM, Gemini Security Solutions and Neohapsis before founding her first start-up in January 2012, Bulb Security, for which Weidman is also CEO. The firm specializes in research, development, penetration and security testing. More recently, in March 2015, Weidman launched a second company, Shevirah, which is squarely focused on the fast-growing area of providing testing tools and managing risk for mobile devices in enterprises, and testing the effectiveness of enterprise mobile management solutions. Herndon, Va.-based Shevirah was one of five companies selected for this spring's Mach37 Cybersecurity accelerator program, which seeds security startups.
“By going out on my own I am finally able to focus on the sorts of things that are interesting to me, such as vulnerability research and tool development,” Weidman says. “And it is where I can really provide differentiating value to the private and public sectors, rather than being a cog in a corporate wheel facilitating established, conventional practices.” There's a tremendous benefit to being at the helm of a start-up in the IT security business, which, as Weidman points out, “requires swift strategy and response.”
“Often, customers have relied on Bulb Security because they get frustrated when directed to a customer support person before talking to the point of contact and get lost in the shuffle,” Weidman (right) says. Projects might turn out longer and more inflexible than they should be. As a small company, she says that Bulb Security can provide more customized offerings in areas such as penetration testing and security training, which are generally “not cost-effective options at larger firms.” As a small consulting firm, Bulb Security can provide a lot of extra attention and flexibility to customers, she adds.
As for her latest start-up, Shevirah helps clients' security teams better integrated mobility into their risk management and penetration testing programs. (The company name, a Hebrew word for “the shattering of the vessels,” refers to a section of the Jewish holy book, Kabbalah, that discusses a disruption that enables the world to be reformed more efficiently.)
“It made sense to me to provide tools and methodologies to fill in the testing gap for bring your own device [BYOD],” she says. “With so many institutions adopting BYOD, many are inadvertently putting their employees and customers at risk because they don't understand the devastating result that can happen if vigilance takes a back seat.”
Like Gudaitis, Weidman points out that sometimes, in fact, being a female founder and CEO in a sea of men can help an entrepreneur stand out. “When venture capitalists are seeing 200 five-minute presentations a day, your first goal perhaps is to be memorable,” she says. “Like it or not, the only female presenter is easy to remember at the end of the day.”
For Annette Warren, president and CEO of Pittsford, N.Y.-based iSECURE, starting up, growing and, ultimately, reinventing the business has been a long, on-going process since she and her husband initially founded the company as an internet service provider in 1995. iSECURE began offering IT security solutions and consulting in 2008, and morphed into its current inception in 2011, according to Warren. As part of this overhaul of the business, Warren says she and her husband swapped roles four years ago when the business was incorporated – largely because they both agreed that Warren could do a better job with the business end of running the company, and her husband with the technical side.
Although, Warren (left) says, officially incorporating as a “woman-owned business” has not greatly changed iSECURE's client load. “To be honest, I thought we would have had more opportunities,” Warren says, adding that she sees the issue as more related to the common misunderstanding surrounding the IT security arena. Nonetheless, she says, the company has experienced continued success, largely due to the fact that Warren has long been able to speak to clients about IT security in plain language – not technology jargon.
“When we started out the business was very dry,” she says. “People always were talking about it like engineers.”
While Warren says this difference made her initially feel “like an outsider, coming at this from a business background,” her approach to offering IT security services these days plays well in a market where she can act as an educator and collaborator to C-suite executives who are more interested and plugged-in to cybersecurity issues. “Today's market is way different with all that has happened with high-profile breaches,” Warren says.
As to whether being female offers its own unique hurdles in leading an IT security start-up, Gudaitis, Weidman and Warren all present a variation on the idea that it would be hard for them to authentically compare their experience to a male counterpart. “I don't know what I don't know,” says Gudaitis. “I don't think I have had any obstacles a male would not have faced.” Perhaps the biggest challenge, she adds, is that “you leave the big machine [of working for a larger company] behind you, and you have to be a jack of all trades. But, a man would have the same challenge starting his own firm.”
Having worked almost entirely in “male-dominated industries,” Warren says that her biggest challenge initially was not being a woman so much as not being an engineer. “[Clients] didn't want to talk to the salesperson,” she says. Over time, as she has built her reputation with clients and prospects alike and joined groups to network with engineers, Warren says customers have become more “welcoming” of her and her firm's offerings. “I don't think being a woman makes me different,” she says. “But we're asking them to so something that is hard…that's what makes this not necessarily easy to sell up to the management.”
As Weidman sees it, the fast-blooming interest in cybersecurity, especially surrounding mobile platforms, has helped limit traditional issues of sexism or ageism that might have arisen – and is quickly shifting the norms.
“Whether you're male or female, being a 19-year-old tech genius with mustard on your shirt is cool to venture capitalists in the tech sector right now,” Weidman says. “Just like in my cybersecurity work, our society recognizes patterns. We need to make women at the helm, a pattern people are used to seeing.”
As Weidman point out, women on engineering teams are often assumed to be project managers, and the women at speaker parties at technical events are often assumed to be a speaker's date. “The only way to change these stereotypes is to have capable women in leadership, technical and public-facing roles,” she says.
So you want to start your own IT security business? Where to begin?
First and foremost, Annette Warren, president and CEO of iSECURE, recommends connecting with other women in the industry to offer mentoring and to be mentored. She likely has a good point – for those content at larger companies as well as those women looking to strike out on their own. In its 2014 study, the Center for Talent Innovation discovered that 86 percent of women in the STEM fields do not have sponsors or mentors, which may be limiting their ability to progress. “Mentoring is something we should all be doing more of,” Warren says.
Doing your due diligence and not getting hung up on being a woman is the advice offered by Terry Gudaitis, founder of Mindstar Security & Profiling. “If you're going to jump off that high dive, acquire as much knowledge as you can and do your homework,” she cautions. Many business owners, she point out, do not take the time to think through what it is the clients might want, what their prospective market looks like, and what other alternatives might be available to them.
“You have to really understand the service or the product you are offering and whether people will actually buy it,” Gudaitis says. “There are a lot of people out there with fabulous ideas and no audience.”
Georgia Weidman, founder of Bulb Security and Shevirah, advises that rather than getting caught up in crusading for more women reaching higher positions in IT security, female executives, managers and developers should focus on doing their part to highlight what can be done. “If you don't think there are enough women speakers at a conference, develop a talk and submit at the next one,” she says. “If you don't see enough women in upper management, surround yourself with the right advisers and make a plan to get there.”
Leaving so soon? More women entering STEM
The good news: Despite being long under-represented in the fields of science, technology, engineering and mathematics (STEM), women now represent more than four out of 10 [41 percent] graduates from engineering and science programs.
The bad news: Women still fill only roughly 25 percent of STEM jobs, largely due to the fact that U.S. women are not entering STEM positions after graduation and, if they do, they are 45 percent more likely than their male colleagues to leave the industry in less than a year, according to research released last year from the Center for Talent Innovation. This, in spite of the fact that a full eight of 10 female respondents to the CTI survey say they love this work.
With key issues for women being a perception of gender bias, criticism from (largely) male managers, and issues of unfair pay topping the list, could going out on their own be the key for female IT security stars who want to move ahead in their careers? Case in point: In 2014, 15 percent of all venture capital deals involved a female founder, up from just four percent a decade before, according to Ernst & Young-funded research.
Georgia Weidman, founder of IT security firms Bulb Security and Shevirah, says that primarily, what running her own business has given her has been flexibility, as well as the added benefit of “not having to conform to a corporate culture that was established long before being a programmer was hip and in some cases before women in the workforce was normal.”
“Running startups has given me control over when I work, how much I work, and where I work,” she says. “The work has to get done but I pretty much have control of when I do what and where. I have been able to get my ideas out there instead of working on someone else's.”
Terry Gudaitis, founder/principal at Mindstar, says that, as the business owner, “you are given more latitude.” Rather than being pigeonholed in a specific function, she, like other start-up founders have the ability to develop skills and utilize talents across a wider swath of tasks. She adds: “And you can see your work come to fruition much faster than you would in a stovepipe role in a larger company.”