Despite sobering statistics, women have plenty of opportunity in cybersecurity, Teri Robinson reports.
When the discussion turns to women in security, it's tempting to simply talk about what's not, the negatives, the shortcomings and the challenges.
Yes, women make up roughly half the workforce but account for only about 11 percent of cybersecurity jobs. Yes, the salary gap is still a thing with a woman typically pulling in less money than a similarly experienced man in the same position. Yes, women still get passed over for jobs and upper management positions and, yes, they still don't command the dais at industry conferences and shows in the same numbers as men.
“The 11 percent statistic is a little surprising given that the skills required for a career in cybersecurity are no way gender specific,” says Farrah Vijayan, senior technical product manager with STEALTHbits Technologies.
And Jodie Nel, marketing manager for Imago Techmedia, says, “The lack of women in senior security positions is just a reflection of the industry as a whole.”
The dismal number doesn't mean there aren't opportunities for women…and plenty of them. “There are many opportunities in the cybersecurity industry, many of them applicable to women,” May Wang, co-founder and CTO at ZingBox, tells SC Media. “These opportunities include security architecture, software programming for security, security system building, security analytics, cybercrime investigation and penetration testing.”
OUR EXPERTS: Female power
Julia Cline, director of product management and marketing, Rubicon Labs
Jodie Nel, marketing manager, Imago Techmedia
Rekha Shenoy, VP and GM, cybersecurity, Belden
And the industry has numerous reasons for courting women, among them a positive impact on the bottom line. “With McKinsey & Company's finding that organizations in the top quartile for gender or racial and ethnic diversity are more likely to have financial returns above their national industry medians,” says Vijayan, “cybersecurity stands to reap monetary gains.”
The shortage of skilled cybersecurity professionals begs for more women in the industry. “From an industry perspective, there is a cybersecurity skills shortage which opens opportunities for women as well as other underrepresented communities, says Ayelet Steinitz, vice president of business development at Imperva.
Women rising…where the jobs are
“As an insider, from my exposure of 20 years to the security sector, and having been on both the engineering side of the house as well as business development, I can wholeheartedly claim that there is no inherent reason why women shouldn't be able to participate in the cybersecurity world across the full spectrum of roles,” says Steinitz.
That spectrum includes opportunities on many fronts – from particular industries to certain sectors within security and privacy to particular positions.
“I believe industries that present as less intimidating but with significant impact naturally attract more women,” says Wang (left). “For example, privacy is an area many can relate to. It can certainly be extended to privacy of families including children. With such direct and relatable correlation, many women are motivated to work in such industries.”
Indeed, women have gravitated toward privacy. Both cybersecurity and privacy are relatively new fields, Lisa Sotto, a partner in the law firm of Hunton & Williams, points out. “Both were ripe a decade ago for women to migrate into these areas that had not been previously claimed.”
But because cybersecurity was more of a “natural fit for IT professionals, an area dominated by men, who wanted to try something different,” women were edged out, she says. They found opportunity in privacy, however, which Sotto says “has no natural fit with other areas of the law.”
Women who made their way into privacy 10 years ago are now the leaders in the field, having practiced in this area longer than anyone else, Sotto says. “First-mover advantage has been extremely effective for women in this space.”
And, says Vijayan, with the EU GDPR on the horizon ushering in the need for potentially 75,000 data privacy officers, women can make strides. “Privacy positions not only require cybersecurity, data and IT know-how, but also background in regulations and compliance,” she says. “Some of the female professionals moving into IT and cybersecurity have come from accounting and legal backgrounds so are well-versed in applying regulations to how organizations operate.”
Compliance, governance and risk management are all areas that are on the rise and are attracting women. A recent compliance trends survey from Deloitte found that 82 percent of organizations underwent enterprise-wide compliance risk assessments – with nearly two-thirds doing it annually. That opens tremendous opportunity for women looking to distinguish themselves.
“There are various types of cybersecurity positions and most of them do not require a Ph.D., nor do you need to be a rocket scientist,” Wang assures.
That's not to say women should back away from technical positions or can't code as well as men. Just look at Wang who was previously the head of staffing firm Asia Pac Research, and a principal architect in Cisco's CTO office, where she led Internet of Things (IoT) innovation and was responsible for driving new technology initiatives. Cisco deployed her security algorithm, which she developed in her Ph.D. dissertation, in its network switches.
Not surprisingly, Wang calls out IoT security as one of two areas that “are very applicable for women.”
She says for all its convenience, IoT increases the risk surface “dramatically” with the stakes climbing ever higher. “The security of these connected devices not only affect IT, but also services that everyone can relate to and depends on,” she says. “This is an emerging area with unique challenges and opportunities. Its immediate impact is significant and readily apparent, serving as possible encouragement for women to enter the field compared to traditional IT security.”
She also fingers data analytics for security as a related field where women could find more opportunity. “IoT devices generate a large volume of data at a scale and speed we simply could not have anticipated,” says Wang. “In order to make sense of this data, we need to rely on data analytics and machine learning to differentiate the good from the bad, identifying benign IoT devices from hijacked devices.”
That kind of analysis also requires out-of-the-box thinking not constrained by traditional security practices, she says. “I believe women can provide many unique angles and perspectives on how to interpret these data to increase security.”
While pros say cybersecurity is wide open to anyone with know-how and drive, regardless of gender, many note that women often bring a unique set of skills to the table that translate well in the workplace.
“As a female working as a technical product manager, I would say that many of the skills we have as women are actually desirable in such a fast-paced and collaborative industry, and can set us on the track for not only entry level positions, but even more so, positions in upper management,” says Vijayan (left), noting that from childhood women are taught the skills needed to “maintain organization and balance for our families,” which can be used to organize and manage technical teams and projects. “Women may often feel intimidated by the idea of having to communicate (or even argue) with high-level executives, or even overly confident engineers, but our heightened sense of emotional awareness allow us to overcome this quite easily.“
In her own career, emotional awareness has helped her engage constructively with all stakeholders, she says, especially customers, to identify the underlying issues and constraints and find solutions that work for the various parties involved. She sees technical product management as an area attracting more women in cybersecurity.
Plus, she believes women bring other skills and behaviors that give them a leg up in the privacy field. “Women tend to put great emphasis on building lasting, trusted relationships," Vijayan says. "They also tend to be detailed-oriented, e.g., double-checking that processes are working correctly and that tasks have been done accurately and thoroughly. These skills give businesses the assurances they need that someone is looking out for their most valuable asset – their customers' data.”
Women also are well-suited for areas in the technology landscape that require a multifaceted viewpoint and solution, says Rekha Shenoy, vice president and general manager, cybersecurity, Belden, the parent company of Tripwire.
“Risk and security are challenging problems in any enterprise that naturally lend themselves to leaders who can think along multiple angles," Shenoy says. "The need here includes appreciating the technical challenge, the legal issues, the social and people angle and the business need. In addition, empathy for an alternative viewpoint is often the beginning of any pragmatic solution in this space. Often, women may be the ones who enable the dialog needed to find solutions in this growing and complex technical landscape.”
And then there is the fact that hackers never let up. These bad actors are continually trying all sorts of angles to break devices, says Julia Cline (left), director of product management and marketing at Rubicon Labs. So, she says, companies need to build a diverse workforce to counterattack. “The cybersecurity industry needs as many opinions and ways of looking at problems as possible. Women may solve problems in a different manner and this diversity of thought will make the solution stronger.”
Being seen and heard
With so many opportunities, why are women still such a small part of cybersecurity? Imago's Nel believes they simply don't have enough visibility in the industry and in the workplace. “An issue we face when trying to recruit female speakers at events is the lack of women in senior technical positions. Our events have high-level speakers and we wouldn't want to be so patronizing as to have a woman for a woman's sake, that isn't the point. We don't want to discriminate in that way.
Events are interesting, she says, because attendees will often look at a seminar program and it will have no women. This is an issue her team faces regularly and is proactively trying to address. "However, lots of companies are missing the mark, and I think this could discourage women from getting involved. I think people strive to have 50/50 in event programs and attendance, which is not realistic nor reflective of the industry.”
Nel adds that organizations could take steps to increase the visibility of its female employees – and women shouldn't be shy to speak up to raise their profiles. “Organizations will more often than not use a male when they need a spokesperson, whether that be at an event or talking to the media,” she says. “Women in this space should be approaching their company's public relations and marketing teams, putting themselves forward for these public-facing opportunities.”
Further, females must advocate for themselves, networking as much as possible. “More senior women in cybersecurity that are getting visibility should be providing guidance to junior women on how to follow in their footsteps,” says Nel (left). “Hosting open office hours is one way to meet women coming up in the industry and provide this type of guidance. Of course, when we have women blogging and offering thought-leadership this helps too, but we need to be doing more, being more proactive.”
When women become more visible their opportunities “increase immensely,” Nel says. “According to a recent report, the visibility of one's technical and leadership skills, influences the perception of these abilities,” she says. “When women actively pursue public-facing opportunities within their organization and industry, both men and women take note and perceive them as more valuable employees. This opens these professionals up to more opportunities to advance their career.”
To rise up and move forward in greater numbers, women might do well to take a lesson from civil rights leader Rep. John Lewis, D-Ga., whose walk in 1965 across the Edmund Pettus Bridge in Selma, Ala., with Martin Luther King Jr., is the stuff of legend. Lewis is fond of urging people to stand up and make trouble (“the good kind”), and to make oneself heard and seen if they want to make progress. That most certainly applies to women in cybersecurity who must take steps to raise their visibility within organizations or risk being passed over in favor of male coworkers. n