Gazing up at the dais at virtually any security conference – save Hack in the Box – a newcomer just might assume there are no women in the security industry. That's very nearly true – women make up only 11 percent of the personnel in this exploding field. But their numbers dwindle even lower at the podium.
“Statistics don't lie,” says Pam Kostka, vice president of marketing at Bluebox Security. “Whether you agree with all of [Facebook chief operating officer] Sheryl Sandberg's philosophies espoused in her best-selling book Lean In or not, women are still statistically under-represented in management across all industry sectors, including security. The climb has stalled out despite more women graduating with undergraduate degrees, especially engineering degrees.”
To kickstart the ascent, individual women and some mainstream organizations have set out to address the challenges, in part by developing venues that are more clearly defined as friendly toward and supportive of women. “Last fall, I attended what is, as far as I know, the only women-only security conference: the Executive Women's Forum, in Arizona,” says Leigh Honeywell (left), a security engineer based in San Francisco. “It was a powerful experience for me as I've been involved in the security community for 10 years – but few of the events I've attended in that time have had more than 10 percent women.”
During the three days of that conference, she met more women in her field than she had in her entire career so far. “Meeting that many women who were years ahead of me in my field – many of whom were CSOs – was a huge confidence booster for me,” she says. With that inspiration, she started the whysecurity meetup shortly after moving to the Bay Area. “I wanted to try to create an event that captured some of the less competitive, more collaborative energy of several of the spaces and communities I've been involved with outside the security conference circuit, namely the feminist hackerspace I started in Seattle and the one I'm now a member of in San Francisco,” says Honeywell, who's gained a well-deserved reputation as a community-builder.
She did that in part by setting a code of conduct and aiming to “defocus the event from drinking.” So far, both meetings have attracted attendees that are male and female, with slightly more of the latter, she says. “Some of that [response] is a function of my network, but I've heard from folks that the things I tried to address in creating it – elitism and sexism, specifically – are reasons that they've stayed away from security meetups and events in the past.”
Acknowledging that a segment of people in the industry will say, “Well, if they don't have a thick skin we don't want them to show up,” from Honeywell's viewpoint that simply means the security field is missing out on some amazing people who just don't want to put up with those kinds of attitudes.
“I know I've gotten pretty tired of them,” she adds. For now, people who are of a like mind are finding camaraderie at her meetup. “It's been lovely so far,” she says. “Snacks, tea and hacking. What more could you want?”
OUR EXPERTS: Empowering women
Jamesha Fisher, system administrator of DevOps, CloudPassage
Leigh Honeywell, security engineer
Pam Kostka, VP of marketing, Bluebox Security
Kristin Lovejoy, GM, Security Services Division, IBM
Vidhya Ranganathan, SVP of products, Accellion
Haiyan Song, VP of security markets, Splunk
Christy Wyatt, CEO,
The Executive Women's Forum, which hosted the long-established event that Honeywell so enjoyed, got off the ground thanks to a similar impulse, according to Joyce Brocaglia, president and CEO of Alta Associates, a search firm in IT risk management, information security and privacy. As founder of the forum and for years used to being the only woman in the room, Brocaglia says as she saw more and more women gaining positions of influence, she decided to create a venue that would be a trusted and safe place for like-minded women to get together, share ideas and empower each other.
That was a dozen years ago. Today, the Executive Women's Forum has blossomed into an annual event that attracts more than 300 individuals – and it has spawned its own ecosystem, including Leadership Journey, a virtual leadership development program; regional meetings, many hosted by corporate sponsors; the “Cheer” networking dinners, also hosted locally; and an online community expected to launch in October, which is setting out to link about 1,000 women.
While the annual gathering and its spinoffs may be oriented toward women specifically, Brocaglia stresses the topics are universal: the Internet of Things, risk, IT security, for example. “Our conference has content as good as any event, but we purposely design it to be highly interactive,” says Brocaglia.
“As human beings, we always seek a common denominator with others who we want to interact with – people who shares an interest, a perspective on a problem, or even just a common upbringing,” says Bluebox's Kostka. Thus, she says, women-only events can provide an easier and more open networking environment for attendees to share their experiences, challenges and opportunities. As a practical matter, she notes, events for women can mean less time spent on seeking common ground and more time invested in meaningful conversations.