Last September, I attended a conference on cybersecurity and innovation, and I was impressed by the unusually strong energy and vibe in the room. For sure, one of the amazing things about this event was the glimpse it gave of the future of cybersecurity technologies, but equally striking to many who attended (including me) was the fact that about half of the speakers were women.
Now, in 2017, that should not be surprising, but in reality, it is. In my experience at many cybersecurity events, whole afternoons can go by without any (or at least, very few) women approaching the stage. So, something truly unusual was happening here…
To understand this a bit more, I reached out to Heather Rodriguez, president of the Security Innovation Network (SINET), which is a community of senior cybersecurity professionals who gather to identify and advance disruptive security innovations at events such as the one I attended in September. Rodriguez graciously shared with me information on the demographics of previous events around the world, allowing me access to a snapshot of what is going on, at least for her particular events.
Overall, while women do represent a minority of those attending, the trends are positive. SINET events have seen conference attendance by women go from 13 percent in 2007 to nearly 20 percent this year. A spot-check of numbers from some of the events held during the 10-year period indicated the increase was a gradual curve. This wasn't a scientific survey by any means, but the numbers do support the empirical observation things are changing in a positive direction, albeit slowly.
To be clear, women have not always been so under-represented. Looking at history, women have occupied pivotal roles in tech in general, and more specifically in the world of cryptography, upon which much of today's cybersecurity is built. Anyone who tells you cybersecurity has traditionally been a man's world doesn't know their history.
To name just two examples from World War II, the six primary programmers for one of the world's first general-purpose computers, the ENIAC, were all women. At the same time, women made up 75 percent of the workforce at Bletchley Park, the central site for British codebreakers, a time when many of the men were absent fighting in the war.
However, that situation seems quite remote now. We are all have seen headlines in the news and heard discussion on the lack of representation of women in tech, currently around 26 percent, according to recent data by the National Center for Women & Information Technology (NCWIT). And cybersecurity is faring even worse, with women representing only 11 percent of its ranks according to the Center for Cyber Safety and Education.
I spoke with several female leaders in the cybersecurity field to get their perspectives. The good news is that, while they all have been up against some challenges from working in such a male-dominated industry, their passion in working in that sector, and their convictions about the contribution women make to it, are extremely contagious.
Leslie Lambert has been working in cybersecurity for over two decades, including as CISO in several Fortune 500 companies, and is now the CISO at the risk intelligence startup Gurucul. Leslie says she dove head first into the cybersecurity pool because she thought it was so fascinating. “Things were changing all the time, there was always something new to learn, things were moving at a fast pace — it seemed exciting to me, and it still does. I can't get enough of cybersecurity!” she noted.
This is a young industry that started out as a “NO!” function, blocking change because of security concerns, and sometimes via arbitrary-seeming mandates. Lamcbert sees huge potential for women in cybersecurity, who have “an outstanding opportunity to bring maturity of thought, keen analytical skills and patience to a historically knee-jerk operation,” and helping the industry transition to more of a “HOW?” approach.
This looking at what's possible, versus shutting things down, is a very different viewpoint, and the transition from NO! to HOW? is something many women, both inside and outside the cybersecurity community, could contribute to.
Lambert adds, “The opportunities in cybersecurity are to solve big complex problems that require a great deal of patience and attention to details, not unlike the story told in the movie ‘Hidden Figures'; women are uniquely equipped to work for sustainable long-term solutions.”
Kim Green has worked in Information Technology for over 25 years, and in cybersecurity for the past 11, with several senior-level and board advisory roles under her belt, before founding the security consultancy KAZO Security. She believes that being successful in cybersecurity is tough regardless of gender, because there are certain technical skills and attributes a person must demonstrate. It can also be tough for those who are thin-skinned, because egos are XL-sized, and communications are sometimes filled with smugness.
That said, in 2017 there can still be a frat-boy mentality in cybersecurity, especially at security startups, and this can be very intimidating. Women (and men too) can greatly benefit by having an experienced mentor, no matter how far along you are in your career. Also look for opportunities at organizations that are making workplace diversity and inclusion a big priority. Great opportunities can come in all sizes, so look beyond the tech and security giants for opportunities in new or growing companies. These can be great opportunities to take on more responsibility and advance quickly.
Green believes progress in this area will really come down to women's self-awareness, self-confidence and perseverance. Successful women in cybersecurity sometimes appear more assertive than others. She attributes it to the fact, at some point in their careers, they simply made the choice to fully embrace their aggressive ambitions and inquisitive natures.
Betsy Cooper, who is the executive director of the Center for Long-Term Cybersecurity at UC Berkeley, noted that the 11 percent figure doesn't represent the whole story. For example, the digital privacy field — which is a big part of what we mean when we talk about cybersecurity — is close to gender parity.
Cooper and many others posit that this is due to the divergent pipelines from which the privacy and cybersecurity fields draw their workers. They come from multiple disciplines such as law, policy and human resource management, as opposed to the cybersecurity workforce of computer scientists and former national security professionals. Cooper looks to this as a successful example of how to diversify the cybersecurity workforce, even with the current mismatch in tech. She points out that there are very good reasons why cybersecurity professionals shouldn't all come from the same backgrounds.
“Whether the question is how to design a legal framework that balances the needs of government surveillance with privacy, how to identify data that has been manipulated, or how to get people to actually keep their passwords secure, cybersecurity is about a lot more than just technological know-how. We need sociologists, psychologists, lawyers and economists to understand human behavior; designers and data scientists to help change that behavior; and businesspeople and bio-scientists to bring products to market. In other words, we need people from all walks of life to work on cybersecurity problems. And unless we expand the frame of who ‘belongs' in cybersecurity, we're not going to get there," Cooper stated.
From Rodriguez's perspective, what really made the difference in Australia was a commitment by many of the male participants to have a more diverse speaker lineup. Several male speakers asked whether women were also being included, and they provided names of well-qualified female leaders to help broaden the selection pool. The proof was in the pudding, as they say, with near parity on the podium and a high-caliber, lively and informative set of talks from all. It's proof that, when all do their part, women and men can each participate and make great contributions to this exciting field.