Network Security

Women in IT Security: You’ve come a long way, baby…but not far enough.

Much of the road to diversity still stretches out in front of Silicon Valley firms where women are very clearly still in the passenger seat, reports Teri Robinson.

In a recent riff on gender inequality, The Daily Show's Jon Stewart pointed out that Caitlyn Jenner could now look forward to the kind of discrimination and objectification than women everywhere are subjected to. 

She can also look forward to finding it difficult to land a job in information security – where women make up roughly 11 percent of the workforce, according to a recent (ISC)2 report. And, if she does make her way through the doors and onto the employee roster, chances are she'd enjoy both a lower salary and position than male colleagues. 

“It is not in anybody's best interest not to have more women in security,” says Monica Eaton-Cardone, founder and CIO of Global Risk Technologies. “The wider we can have the viewpoint, the better.” 

Until last spring, when they released their “diversity” numbers, Silicon Valley firms had been characteristically tightlipped about the demographics of their employee ranks. But lips began to loosen, some say spurred by a blog post from Pinterest engineer Tracy Chou which asked where the numbers were regarding women in engineering in these companies.

“Every company has some way of hiding or muddling the data on women actually in engineering roles,” Chou wrote, explaining that the sparse numbers she had seen indicated less diversity than the industry admitted. “This means nobody is having honest conversations about the issue.”

Activist groups, like the Rainbow Push Coalition, piled on, pressuring tech companies for real, accurate and meaningful statistics.

When Silicon Valley firms finally released those numbers starting in May 2014, it seemed that Chou had been proven right. Even in the most progressive high-tech companies, the workforces still skewed male and white. 

Despite the high profile of Facebook executive Sheryl Sandberg – whose book Lean In is instructive to women on how to succeed in a male-dominated world, her company counts only 31 percent women among its ranks, while women make up only 30 percent of the workforces at Google, Apple and Twitter. Microsoft trailed them, dead last of 10 companies submitting numbers, at 28 percent.

Women fared better at Pandora, Indiegogo and eBay, which came the closest to achieving parity between men and women – at least in the strict breakdown of employees by gender. At Pandora, 49 percent of workers are female, while at Indiegogo and eBay women make up 45 percent and 42 percent of the workforce, respectively.

And both Pinterest and LinkedIn hovered around the 40 percent mark.

As industry watchers dressed down high-tech companies for everything from hiring practices to corporate cultures not friendly to women and minorities, Apple CEO Tim Cook expressed his dismay in a blog post, saying, “I'm not satisfied with the numbers on this page.”

The figures, he wrote, were “not new to us.” And, he claimed, his company had “been working hard for quite some time to improve them” and making some progress. But, like the other companies, not nearly enough.

Baby steps…teeny, tiny baby steps

While last year's disheartening numbers set off a flurry of programs, investments and other activities aimed at attracting and retaining women and achieving demographic balance, forward movement, of the statistic kind at least, has been hard to spot.

Upon release of its 2015 stats, Google may have heralded as progress a one percentage point uptick – from 17 percent to 18 percent – in number of women it employs in tech positions globally. And, maybe it is. 

But domestically and abroad, Google is still a white, male-dominated company – with whites still making up 59 percent of the company's tech force domestically and Asians holding 35 percent of the positions.


Joyce Brocaglia, president and CEO, Alta Associates; founder, Women's Leadership Forum 

Kat Calvin, tech entrepreneur 

Monica Eaton-Cardone, founder and CIO, Global Risk Technologies 

Kathy Fithen, chief privacy officer, Coca-Cola 

J. Trevor Hughes, president, IAPP 

Sandra Toms, VP, RSA; curator, RSA Conference

Globally, overall, Google's workforce is 70 percent white. But, the company says that its updated numbers show that 21 percent of its tech hires last year were women and noted there are signs that the company is increasing the diversity of its workforce.

Diversifying the ranks, though, requires long strides and giant leaps, not just baby steps, to bring women and minorities onto the payroll and catapult them into leadership positions.  

That's not to say that companies aren't trying. At the Consumer Electronics Show (CES) in Las Vegas, Intel announced that it would contribute $300 million toward improving tech diversity. And Microsoft has thrown its support behind, among other things, the National Center for Women & Information Technology (NCWIT), to encourage women to complete four-year college degrees. 

After investing $3 million in Anita Borg Scholarships for women going after computer science degrees and other initiatives, Google says “22 percent of software engineers hired through campus outreach were women.” And the company also is partnering with Code2040, donating $775,000 in grants earlier this year to help minorities succeed in tech.

Apple, not to be outdone, not only works with the NCWIT, but in years to come will put $50 million toward creating jobs for veterans, women and other minorities – with $40 million going to the Thurgood Marshall College Fund aimed at supporting the education of students at historically black colleges and universities (HBCUs).

Government, too, has jumped in to mix things up. The White House recently announced that the Commerce Department would put $25 million toward grants for cybersecurity education at HCBUs.

The information security industry, and high-tech in general, would do well to take a page from privacy industry, where women stand more or less on equal footing with men. While women in the information security industry struggle to be seen, promoted and compensated in way equal to men, the two genders have reached a certain parity in the privacy arena, with the field evenly split between the two, according to a survey from the International Association of Privacy Professionals (IAPP), says J. Trevor Hughes, president of IAPP. “We started in 2000, with tremendous female leadership and have balance from the start,” he says. “It's healthier all around.”

The IAPP's "2015 Privacy Professional Salary Survey" of 1,253 privacy pros worldwide found that women in privacy and data governance follow similar career trajectories as men, with professional certification being the most predictive indicator for salary. Men brought in a median annual salary in the U.S. of $130,000 while women pulled down $125,000. Even that small gap narrowed with professional certification where men made a median salary of $135,000 and women earned $132,500.

In Europe, women edged out men, with median annual salaries of $100,100 and $92,000 respectively.

“It is a story about women, but more of a story about a modern profession,” says Hughes, unencumbered by the weight of the old boys. “We've created a profession with a blank white board and have emerged in a way where it's balanced.”

Indeed, Kathy Fithen, chief privacy officer at Coca-Cola, says that her gender never stood in the way of her ascension at Coke, where she started building out a forensic program that she had helped create while consulting at PwC. She followed the program to the IT department and it eventually landed in corporate security. 

When attorney Patrice Ettinger made her move to privacy in the 1990s she says, “there was open space there, people had not filled in positions, there were no preconceived notions or role models” or ideas that success belonged to men.  “I think happened organically, we informally became a network of women who were mentors and prompters to encourage young women,” says the Pfizer CPO.

Walking the talk

The fact is, information security does not have the luxury of starting from the ground up in a more modern era as privacy did. Rather, it must make changes within an existing framework constructed decades ago to support white, male techies. If Cook's words from last year are true – that Apple is “committed to being as innovative in advancing diversity as we are in developing our products” – then there are steps that it should take to make it a reality. 

Companies have to do more than just hire “people who don't look like you,” says tech entrepreneur Kat Calvin (left). Calvin initially thought that companies were having problems diversifying because few minorities were in tech, so her first efforts were aimed at trying to get girls and minorities interested in STEM. But she quickly discovered that qualified minority STEM workers were out there in greater numbers than she'd thought. They just weren't hooking up with the jobs/recruiters. “There were huge gaps in opportunity,” she says.

And even when they did make those connections, they often didn't understand why they either didn't land a job or retain it if they were hired on.  “When you come from a monolithic community, you don't know how to communicate,” she says. “There are a lot of cultural challenges.” And, she adds, those can be terrifying.

And, despite, trying hard, they don't advance. They hit a glass wall and they don't understand why, she explains.

So Calvin retrained her efforts to focus on trying to get African-American women and girls not only involved in STEM, but trained up to excel in communicating and conveying their talents not only to recruiters but to management. As the co-founder of Blerdology, a mashup of the words “black” and “nerds,” Calvin and her cohorts hosted hackathons, including Black Girls Hack, to showcase tech startups.

Her latest venture, set to launch soon, is UpliftTECH, aimed at connecting STEM talent with recruiters in companies that have positions open. And she urges tech organizations to branch out when they're recruiting, to move past a handful of Ivy League schools and seriously consider candidates from HBCUs and other schools.

Joyce Brocaglia (left), founder of the Women's Leadership Forum, notes that some organizations and outside recruiters have tried to eradicate unconscious gender bias from the recruitment process by removing names from résumés so gender won't be a factor in which candidates HR or hiring personnel bring in for interviews.

Brocaglia, president and CEO of an IT executive search firm, Alta Associates, also advocates for a more woman-friendly recruitment process. “When recruiting, companies always say they'd love to hire women, but very few companies are going out of their way to recruit them,” she says,. Putting more women on the slate of interviewers, she adds, would go a long way in attracting women candidates and proving that women have a valued place in their companies.

So would making some internal adjustments that spotlight women executives who can serve as mentors, “someone to aspire to,” Brocaglia says, as well as demonstrate that women have career opportunities within these organizations.

The challenges don't stop with recruiting and hiring, though. Once women are among information security and tech ranks, the industry faces another problem, nearly as big – how to keep them.

Joan Lyman, founder of Springboard Enterprises, says an “experienced-based  education” model, where women are taught case study style about issues “not only keep women in hi-tech innovation, but also help them become the top leaders” in their fields. “They listen to the scenario and incorporate it as their own experience while men may regard this guidance as an interesting possibility,” she says. “Women live each word as if it were theirs. Taken with their own experiences, they build upon what they know.”

Evolving the environment

Another challenge is creating work and professional environments that are more friendly to women, where harassment and discrimination aren't tolerated or don't exist at all. For instance, the RSA Conference took steps this year to create a more hospitable and professional atmosphere for all comers. It included a dress code in its contracts that effectively rid the exhibit floor of booth babes and “follow me girls,” those scantily clad women that some companies use to draw traffic to their booths. 

“All Expo staff are expected to dress in business and/or business casual attire,” the language read. “Exhibitors should ensure that the attire of all staff they deploy at their booth (whether the exhibitor's direct employees or their contractors) be considered appropriate in a professional environment. Attire of an overly revealing or suggestive nature is not permitted.”

The policy provided examples of inappropriate attire, including “ tops displaying excessive cleavage; tank tops, halter tops, camisole tops or tube tops; miniskirts or minidresses; shorts; Lycra (or other Second-Skin) bodysuits; and objectionable or offensive costumes.

Admittedly, the RSA Conference's exhibition hall has been milder than those at other security and tech industry shows, but the missing eye candy didn't go unnoticed – by men who have been mildly insulted that tech companies believe that sexed-up attractions were the way to reach them or women who felt marginalized – with attendees roundly approving of the change. “It's always so uncomfortable to be confronted with booth babes at shows,” says one male tech executive. “It was a relief this year at RSA not to have to deal with that.”

Women also need to see clear career paths, a trajectory that will lead to the same successes men enjoy. Conferences, too, need to attract more women and raise their visibility, including more on the dais.

Sandra Toms (left), vice president at RSA and curator of the RSA Conference, happily reports that this year's conference saw an increase in women attendees to 21 percent, enough, she jokes, to make her “have to wait for a stall in the restroom.”

But, she says, who takes the dais at the conference is largely up to the companies participating in those sessions or keynotes. 

“Where we can, we affect it,” she says, noting that the conference “goes for the best content,” whether the presenters are men or women. “But a lot of companies appropriately put their top executives in there.” 

That doesn't bode well for women, and certainly explains why they're not exactly swarming the dais at most shows. Top executives in most tech firms – and more Fortune 1000 firms in general – are still mostly men.

Stories like Sandberg's rise to the top at Facebook continue to be atypical. The numbers released last year by Silicon Valley firms show that the leadership in those companies also skews male and white. You know ethnic diversity is nearly non-existent when the best numbers are sported by Apple and LinkedIn, whose leadership teams are only around 65 percent white and 28 percent and 25 percent women, respectively.

Google, Intel and Twitter came in slightly worse at 21 percent with (surprisingly) Pinterest and (not-so-surprisingly given the heavy technical sway) Cisco saying that women accounted for only 19 percent of leadership in their respective workforces.

For true change in the ranks to come about, even at the top, companies need to reach deeper, to middle school, where Brocaglia says girls often lose interest in STEM and may confront unconscious bias. Sotto tells the story of the very talented and successful robotics team at her daughter's school attending a competition. Well-meaning parents from another school walked over to talk to the girls, then remarked that it was nice that the school had sent its cheerleaders.

To counter discouragement and bias that young girls may come up against and to level the playing field for those girls that may not have come from professional, enriched households, for the last four years, Calvin has been leading a program called Michelle In Training  (or MIT), named after First Lady Michelle Obama. She runs them through everything from etiquette to how to dress and carry themselves in a variety of situations.

Cisco, which has promised that 20 percent of the company's staff domestically will devote 20 volunteer hours annually to promoting STEM to students, has thrown its considerable support behind REWORD: US2020, which is aimed at matching STEM professionals with girls and minorities, starting in kindergarten and going through college. 

Women themselves need to be more persistent in their pursuit of information technology jobs. Perhaps discouraged by lack of opportunity or less-than-women-friendly work environments, female CISOs typically stay only three years in their positions, compared to seven years for men. And, Calvin notes that in one tech start-up program that she knows of, “you have to get rejected at least two times before you get in.” White men who get rejected multiple times will continue to try, while “women get rejected once and never go back.”

Toms sees a similar situation. Women will complain that they're underrepresented on the program, “but when I ask if they submitted, they'll say no,” she says.

Despite evidence that, as Calvin claims, “women can succeed and lead,” that kind of hesitance is still prevalent.

Women bring it

Beyond being the right thing to do and reflective of the broader population of this country, there are other reasons to draw more women into high-tech firms – and they're the sort that business execs can surely appreciate, like spurring innovation, upping performance, positively impacting the bottom line, even ponying up the skills that businesses need to thrive. 

For instance, women could easily fill the much-reported shortage of skilled information security pros – as well as in the much broader tech field. The U.S. Department of Labor predicts that 1.4 million computer-related jobs will be created by 2020, but just 29 percent of them will be filled by American college graduates.

Companies with more women in their lineups perform better. A research roundup from the National Center for Women & Information Technology shows “that companies with women on their executive boards outperformed companies with all-male executive boards.” And further, “gender-diverse management teams showed superior return on equity, debt/equity ratios, price/equity ratios, and average growth,” according to findings from the Credit Suisse Research Institute which analyzed 2,360 global organizations in a spectrum of industries, the report said.

The lack of gender diversity “costs companies by promoting similar points of view that don't offer new solutions,” says Eaton-Cardone, who contends that “having a fresh point of view in tackling the issue” is the only way the information security industry can solve its many challenges.

“If we can encourage men and women to work together, not only will we be able to make major innovations in the tech world, we'll be nurturing female talent in the process,” she adds. “Gender should not stop anybody from pursuing their dreams.” 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.