Network Security, Vulnerability Management

Insider outlook: Q&A on the status of women in IT security

Justine Bienkowski, IT team lead, BuzzFeed

During your time in the industry, have you noticed a trend in the number of women in IT security roles? What drives this trend?

When I started out in IT at my university help desk, out of a staff of 40, there were about five women. Recently, I have been interacting with more and more women in IT, especially at meetups. It's still nowhere near half, but it is encouraging to see more women becoming involved. Being technically inclined doesn't have the same stigma as it used to. In fact, being “computer illiterate” is beginning to have more of a negative connotation – with the widespread use of new technologies, like social media and smartphones, becoming standard forms of communication.

What single effort or initiative would help most in attracting, and keeping, more women in the field?

Bringing more education in engineering and technology to high schools, or even middle schools, could be a big first step. To bring more women to the field, first you need to cut through the misconceptions. After breaching the first step of familiarity, soon thereafter comes interest and passion.

On the whole, how do you think harassment, or other workplace issues impacting women, have been addressed or handled within the community?

Every woman in tech has to deal with harassment – I don't necessarily even think this is tech-specific, though it seems more magnified at times. I think that the way the community addresses these situations has gotten better, but to be frank, there are still a lot of issues with an equal amount of people experiencing harassment (especially victim-blaming). If someone wants to take a look at the status of women's rights issues in America, the first place to look is the tech industry.

Jack Daniel, technical product manager, Tenable Network Security; co-founder, Security BSides 

During your time in the industry, have you noticed a trend in the number of women in IT security roles? What drives this trend?

I have not seen any noticeable trends in the number of women in the industry in the years I have been engaged beyond the local community; the number of women in the field certainly has not grown as fast as conversations about the number of women in the field.

What single effort or initiative would help most in attracting, and keeping, more women in the field?

I see attracting and retaining as two different issues requiring related, but different approaches. I believe that attracting more women (and more people in general) to technology and security roles requires action long before they enter the workforce. STEM education is a key, but I believe it is even more important to stop crushing the natural curiosity humans have during formal education. Having educational standards is great, but ritual standardization is destructive to curiosity and creativity. A balance is required, curiosity alone won't lead to a mastery of mathematics, but neither can rote learning inspire creativity.

For retaining women (and again, many others), we need to stop “eating our young.” Some parts of IT, including infosec, are especially bad at harassment and hazing, and are especially intolerant of new people and those who make mistakes. Being inexperienced and eager to learn means we make mistakes. Instead of supporting and nurturing people in this early phase of their careers many in IT and infosec are abusive toward them. That's no way to develop and retain talented people.

On the whole, how do you think harassment, or other workplace issues impacting women, have been addressed or handled within the community?
I think it is very inconsistent, as is true outside of IT. While other industries may be worse, problems such as “booth babes” at trade shows compound the normal frustrations of the workplace.

Dorit Dor, vice president of products at Check Point Software Technologies

During your time in the industry, have you noticed a trend in the number of women in IT security roles? What drives this trend?
A trend I have noticed is that there are a number of women who enter the IT security world in non-senior level positions – I'd approximate 25-30 percent of workers in the IT security industry are women. As career progression occurs, there are a good number of women who continue on, but not as many as in non-senior roles. Once you reach senior positions, you find that there are very few women who are in management-level roles in IT security.

What single effort or initiative would help most in attracting, and keeping, more women in the field?

I believe that we need to promote technological education and direction at a young age, as part of attracting and keeping women in IT security. While I see efforts in this area, and I am involved in some of them, I haven't seen a significant increase in female students in technology.
I also haven't seen a major shift in schools. As an example, in my son's class, most of the boys elected to study computers but only one girl did. In Israel, everyone must serve in the army. If you choose an education path, you often use that path in the army and later turn it into your profession.

On the whole, how do you think harassment, or other workplace issues impacting women, have been addressed or handled within the community?

I've noticed that one of the major reasons the 25-30 percent shrinks so dramatically when you get to senior/management-level positions is fear of the conflicts of motherhood, so things like working from home could help to improve some of the issues women face. However, this will not completely solve the issues that exist in the other requirements put on those in more senior positions. 

I also see some cultural differences with women not being assertive enough in the workplace and with their careers. This is something that requires awareness, which I am directly involved in. I do see increased activity in making both women and employers aware that this issue exists.


Michele Guel, distinguished IT engineer/senior security architect, Cisco Systems

During your time in the industry, have you noticed a trend in the number of women in IT security roles? What drives this trend?

When I began my career in the cybersecurity industry 26 years ago, there were very few women. I often found myself as the lone female in a sea of men. People who had never met me and were just going by my name often thought I was a man named “Michael.” They were somewhat surprised when they initially met me. The first time that I noticed the number of women in the industry seemed to be increasing, was at a security summit on Information Security Architecture in 2010. It was literally the first time that I ever recalled there was a line in the ladies room at a security conference! For those of us standing in line, we all realized the same thing about the same time and we laughed. So, at least in the last 5-8 years the number of women in the field has noticeably increased, but we still account for only around 10-11 percent. I always look around the room at security-related conferences and count the number of women; we are making progress but we still have a long way to go.

Across the IT industry, I have seen a great shortage of talent in the cybersecurity field. The need for people with advanced technical skills is increasing at a much higher rate than the pipeline of talent. While the demand has been increasing, the number of young women who choose a career in the IT field has been declining relative to the number of men. I believe we can positively impact the low entry rate of women – in part, by creating greater awareness of the variety of exciting sub-fields and specialties that are needed and essential in cybersecurity. We need to do a better job of getting the word out that cybersecurity is a very exciting, dynamic and challenging field that offers a stable and financially rewarding career. I often use the “builders, breakers and defenders” model when I speak to groups about the breadth of opportunities in cybersecurity. I still find people who feel the focus of the profession is too much about the folks who wear dark clothes, stay up all night looking at monitors chasing after “hackers” – a picture that may not be quite as attractive to women. We need to evangelize the array of opportunities, including secure coding, incident response, security architecture, security engineering (installing and configuring security products), forensics, malware analysis, mobile application development and security product development. Many of those jobs are great for women, as the women working in them at Cisco have proven.

What single effort or initiative would help most in attracting, and keeping, more women in the field?

According to SC Magazine, a 2013 Millennial Cybersecurity Survey stated, “a staggering 82 percent of young people, aged 18 to 26, said that no high school teacher or guidance counselor ever mentioned to them career opportunities in the field.” A single effort is not enough to make the needed impact. It will take the entire industry to help raise awareness of the great opportunities available to women in the cybersecurity field. Awareness needs to start with young girls in junior high and high school to get them interested in pursuing a STEM-related career. These efforts will be foundational to build the pipeline of talent.  

We are currently launching the “Cisco Women in Cybersecurity” diversity group at Cisco. Our vision is to build a pipeline of the next generation of women leaders in cybersecurity through educational activities, relationship building, mentoring and visibility opportunities. We will create, foster and develop a growing community of women working in all facets of cybersecurity. We will create outreach activities to local schools and colleges to raise awareness. In a few years we hope to involve other Silicon Valley employers and reach a broader audience. I feel that by creating and fostering networking communities for women in cybersecurity, led by seasoned professionals in the field, we can remove some of the barriers that hold women back from considering a career in cybersecurity.

We are not alone in this undertaking. There is the Women's Society of Cybersecurity, a nonprofit based in northern Virginia. Recently, Vincent Gray, Mayor of Washington D.C., declared August 13, 2014 to be “Women in Cybersecurity Day” in the District of Columbia. There is also the Women in Cybersecurity (WiCyS) organization that was started as part of a National Science Foundation Award. WiCyS holds annual Women in Cybersecurity Conferences. This year the Grace Hopper conference, the largest gathering of women in computing, devoted an entire track to security. All of these are combining to bring more visibility of cybersecurity career opportunities to women. But industry needs to add to the chorus to do our part in getting the word out, mentoring others and increasing the pool of talent. Women need to see strong role models and “super heroes” in the field that can inspire them to choose cybersecurity and to excel in the field.

On the whole, how do you think harassment, or other workplace issues impacting women, have been addressed or handled within the community?

I can only speak for my work community. We take harassment very seriously at Cisco and address the issue in our values, governance, code of business conduct, employee training and certification. Our culture of empowerment, engagement and innovation makes Cisco such a great place to work. Our people are part of a global community that really values inclusion and diversity. Cisco has a very active “Connected Women” diversity community that discusses women's issues including harassment. The new “Cisco Women in Cybersecurity” community will add greater awareness, education and opportunity for women in security.

If women are to be successful in bridging the gap in male-dominated fields, including cybersecurity, we need to collectively raise our voice and shed light on the challenges by offering solutions. Building and fostering communities for women across the industry will create platforms on which to provide professional development and mentoring to help women excel in cybersecurity. 

Susan K. Langford, senior cryptographer and distinguished technologist, HP Atalla, HP Enterprise Security Products

During your time in the industry, have you noticed a trend in the number of women in IT security roles? What drives this trend?
There has been a gradual upwards trend, but I do see marked improvement compared to past years. IT security is an exciting field, but in reality many of the people I know in the field came from another IT field originally. More women in IT security requires more women in technical fields as a whole. It's important to get women involved and interested at an early age. What's great about initiatives, such as the HP scholarship program, is that they increase visibility of the field and make security an option for women earlier in their career.
 
What single effort or initiative would help most in attracting, and keeping, more women in the field?
It is critical to attract women at the school age, even before college – the sooner the better. We must get women interested in computers as early as possible, so that they don't narrow their options when they go to college and move into other fields. In my case, I was always interested in computers and found my passion for cryptography studying under Martin Hellman at Stanford, where I learned that security is a game between you and the attacker. Can you think like the adversary? Can you be paranoid? Those are the women who thrive in the security field.
 
On the whole, how do you think harassment, or other workplace issues impacting women, have been addressed or handled within the community?
As more women enter the IT security field, there is a growing sense of camaraderie across all levels, regardless of gender, ensuring collaboration is at the forefront of a healthy workplace.

Avivah Litan, vice president and distinguished analyst in Gartner Research

During your time in the industry, have you noticed a trend in the number of women in IT security roles? What drives this trend?
Frankly, I don't see enough women in IT security roles. They are still greatly outnumbered by men and even though I don't have the statistics on this I notice it in my interactions with clients, colleagues and other industry participants. I think the security field would benefit tremendously by having more women in it. Women are more adept at noticing patterns than men are. Male brains are oriented toward reacting to the latest problem and going in and fixing it. Women are more able to predict events. The way female brains are wired works well in cyber security since it's important to be able to see patterns and piece together different pieces of a puzzle, and use those learnings to predict the future.

 If you think about it, all major criminals who have been arrested to date have been men. But that may be because the women are better at their craft and are just not getting caught.

What single effort or initiative would help most in attracting, and keeping, more women in the field?
College programs in cyber security that appeal to young women.

On the whole, how do you think harassment, or other workplace issues impacting women, have been addressed or handled within the community?
I think that sexual harassment has become a top-of-mind issue when it comes to male-female working relationships in the tech security domain. Male managers have been trained to tune into these issues and are highly sensitized and thus ultra careful in their approach toward female employees. The tech industry is probably one of the most gender-neutral sectors with the least amount of sexual biases and harassment issues

But unfortunately, you still run across these (sexual harassment) issues at end-user organizations in traditional sectors that employ women in IT security (for example in the defense industry), albeit much less frequently than 20 years ago.

Julian Waits, Sr., president and CEO, ThreatTrack Security

During your time in the industry, have you noticed a trend in the number of women in IT security roles? What drives this trend?
There are many more women in these roles now, and I know several female CISOs. In my opinion, what is driving this is the evolution of IT security from its infancy to where it is today. It has become as much a business equation as it has a technology equation. More women are coming into the technology space with a business bent and realizing they can impact the business in that department. There's a new class of CISOs that are emerging. At the turn of the century, there was a shift in the security industry in which it was no longer enough just to know what malware was or what procedures were needed to keep a business secure. The focus expanded and began to require knowledge of compliance mandates and business operations. The drive to look at ROI and how security impacts the business has really increased the number of women in the field. It's also an industry where top talent is always in high demand, so women who choose this path have more opportunities before them.  

What single effort or initiative would help most in attracting, and keeping, more women in the field?
The fact remains that IT security is still a male-dominated industry and the women who succeed and gain credibility tend to be better than, and more aggressive than, their male counterparts. The type of personality that is needed for this is one that tends to charge forward and want inclusion in the C-suite and in executive decision-making. So, in order to help attract and keep more women in the field, CISOs need to be included in the C-suite. There has to be a readily apparent path for upward mobility.
 
On the whole, how do you think harassment, or other workplace issues impacting women, have been addressed or handled within the community?
At a macro level it is certainly being addressed and we've seen progress, but with recent events in the military and on college campuses, I think we still have a long way to go as a society until we're at a place where mutual respect is a given.  

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.