Careers & People
4/6/2017
03:30 PM
Connect Directly
LinkedIn
RSS
E-Mail vvv
0%
100%

How to Crack Cybersecuritys Glass Ceiling

Sage career advice to young women from the female CTO of a security startup: Get a pair of earplugs, and put them in when you hear words like 'can't' or 'don't.'

Does the "glass ceiling" still exist? On the one hand, a woman was almost elected president of the United States, and government statistics show that women constitute about half the US high-tech workforce. On the other hand, US Census data shows that of the women in the workforce, more work at lower-paying jobs than at higher-paying ones. And when it comes to the cybersecurity industry, women represent quite a slim margin, representing 11% of the world industry's workforce, making me somewhat of a unique creature.  

I'm the CTO of a cybersecurity startup called Secret Double Octopus (an odd name, but one people tend to remember), and it's my job to oversee the company's R&D operations and conduct the tech deep dive at client meetings. My immersion into a male-dominated environment dates back to my days as a soldier in the Israel Defense Forces, where I served as a sabotage and mines instructor.

My professional career in cybersecurity began as part of my academic research as a PhD student at Hebrew University, where I focused on anomaly detection for zero-day attacks, fast pattern matching for deep packet inspection and software-defined networks (SDN), and then continued as a postdoctoral researcher at Ben-Gurion University in Beer Sheba with Professor Shlomi Dolev. It was there that JVP, one of Israel's leading venture capital firms, approached me because of my research and proposed practically applying my research, matching me with our CEO, Raz Rafaeli.

I wouldn't say I'm a women's rights activist by choice, but being in an executive position within the IT industry automatically makes me one, whether I like it or not. As a result, I've become a de facto spokesperson of sorts, advising young women professionals on how to make it in an industry where the glass ceiling is still pretty thick. My advice: Get a pair of earplugs, and put them in when you hear words like "can't" or "don't." It worked for me.

Image Source: kryzhov via Shutterstock
Image Source: kryzhov via Shutterstock

Fortunately for me, the path of STEM has been clear to me since I was a little girl. Thankfully, I do not experience the "thick glass ceiling" on a daily basis within my own team, but intentional or not, the fact of the matter is that cybersecurity is indeed a male-dominated field and, although we do live in a heightened gender-aware generation, gender biases still exist.

There are numerous reasons for this lingering sexism. According to a 2015 National Bureau of Economic Research study, teacher (both male and female) gender biases turn girls off from studying STEM subjects. These biases "have an asymmetric effect by gender — positive effect on boys' achievements and negative effect on girls. Such gender biases also impact students' enrollment in advanced level math courses in high school — boys positively and girls negatively," the study noted.

Others blame it on parents: According to the UK's Institution of Engineering and Technology, only half as many parents had tech aspirations for their daughters as they had for their sons while only 1% saw engineering as a career path for their daughters. Still others blamed the "geeky environment" in tech, with "girls' lower sense of belonging could be traced to lower feelings of fit with computer science stereotypes."

All this may be true, but there is a way to fight it: Determination. If the glass ceiling for deep tech is still thick, the good news is that there is a lot more support for girls in school today than there was when I was a student. High schools, universities, and the business world are much more sensitive to the glass ceiling than ever, and there is a plethora of organizations and programs that help girls get involved in math, science, and tech. I know some people are uncomfortable with preferential programs of this type, but they exist for a reason — and when there is an employment imbalance as in cybersecurity, such programs are more than justified.

In the end, it's about motivating yourself, believing in yourself. Don't let others' attitudes put you off from your goal. I know it sounds like a cliché, but it's still true: You have to believe in yourself, and believe that you are just as good as men — and maybe better because we're blessed with women's intuition, and that's one thing they will never have.

Related Content:

 

Shimrit Tzur-David is the chief technology officer and co-founder of Secret Double Octopus, the world's only keyless multi-shield authentication technology that protects identity and data across cloud, mobile and IoT environments. Shimrit has over 10 years of research ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
techelek
50%
50%
techelek,
User Rank: Apprentice
4/13/2017 | 9:28:46 AM
Read advice
As a woman working in the IT and cybersecurity industry for over 15 years, I can tell you the glass ceiling is real and that I am treated differently than my male co-workers in the workplace. I am treated differently because of social norms and how men are used to relating to women. Men initially interact with me as if I'm either their mother or their wife/girlfriend. It takes some months to set the working relationship into the only-professional relation which men automatically assume with each other. 

That aside, I don't think this article was helpful at all and in fact hurts how people interact at work. First off, the author is representing women's rights against her will or "whether I like it or not", so she's definitely not passionate about the subject. And why should she be? She had support to enter a technical career since she was a little girl and she doesn't experience the glass-ceiling on a daily basis. I can't think of a less qualified person to give me advice. As for earplugs when can't or don't is said, should I wear ear plugs when I am told I can't attend the meeting or we don't need your input? Or should I put them in when I'm told I can't expect that pay raise and don't even think about negotiating for better pay? Is that when I become silent and deaf? And did you seriously just pull the "women's intuition" card? Is that my super power? Should I intuit how my router is configured or if my server room door meets physical security standards? No, that's called work, education, attention to detail; all the same things my male co-workers have and do. That kind of stereotypical rhetoric will only continue the idea that men and women posses unique traits which make them uniquely unqualified to do certain kinds of work. Do Jewish people have a mathematical intuition and white men have no intuition of rhythm? I mean, let's double down on those stereotypes! 

You want some advice. Here. Pretend it doesn't matter. Pretend you don't notice. All the routers have the password "crackwhorz"? Don't bat an eye. Do conversations fall silent when you arrive? Don't miss a beat. Are you not invited to Friday's lunch at the local strip club, where they apparently have an amazing buffet? Bring your lunch on Friday's. Wave after wave of bulls***- let it go. There's another woman right behind you, drafting off your progress. Do it for her sake, if you can't do it for own.
NVPatriot
100%
0%
NVPatriot,
User Rank: Apprentice
4/11/2017 | 2:28:38 PM
Inaccurate Op-Ed
At it's premise, I get the basic intent of this piece, yet after reading through it a few times I find myself disagreeing with many of the points within. Simply because an industry is populated by more males than females does not necessarily correlate to an existence of a "glass ceiling" within that realm. With specific regards to this continual reference to a wage gap, which, thanks to the Equal Pay Act of 1963, is a complete null-issue.

Where the thin argument comes from stating that women earn a mere .75 cents to every dollar that a man does, comes from a skewed and cherry-picked array of data. Meaning, people are comparing a female with less than a year at an entry level IT position to a male with 40 years and is a CEO. Thanks to the Equal Pay Act of 1963, paying someone less because of their gender for doing the SAME job is federally illegal.

As to your point about more women working lower paying jobs than men, here's a few reasons straight from U.S Bureau of Labor Statistics:

-Men choose jobs that are more dangerous / time intensive / physically demanding.

-Males are more likely to work in less desirable locations

-Men work longer hours, the weekends / holidays

-Men are more likely to pursue higher-stress / higher-paying specializations.

What does this imply? This is what men "choose" to do, while women choose to go other routes based on comfort, fullfillment, autonomy and safety. Nursing, teaching, social sciences, fashion, retail etc. Also, unmarried females make statistically MORE than unmarried males across the board.

Secondly, the cybersecurity industry, in the grand scope of the field, is a fairly young discipline. Specifically, to how it exists today. I realize components of it have been around for many years, cryptography, risk management, physical security and etc. Yet as it is today, its combined application as a suite of tools is young comparatively. That being said, the lack of women within this field does not correlate to some unified oppressive front to prevent them from joining, and benefitting, this industry.

They are simply *choosing* not to at this point, in a substantially less amount that men *are*.

Third, women have the exact same rights as men do in the U.S. Period. Again, it is federally illegal if any entity, in any capacity, to exclude or prevent them from doing so. Staing you're a women's rights activist within the IT industry..for what? You point out any specific instance of a woman being denied pay, training, opportunities or promotion based solely on the fact of her gender and I'm right there with you in the fight. Until then, please let me know what rights are being infringed upon that require such activism?

Yet another point of contradiction I read was your closing paragraph versus the one before it that stated the need for a plethora of programs aimed at females for STEM. You encourage women to believe in themselves, self-motivate, and ignore others' attitudes..but say they should have their own preferential programs? Does that not, at its very core, undermine the entire premise of gender equality? If a male or a female are competing for the same spot in a cybersecurity firm, shouldn't the position be awarded to the one most technically proficient? Saying women require their own special programs seems to damage their case more than enhance it.

In the end, your successes and hard work are more of an example to emulate as well as being a beacon to women not yet in the industry, than saying they are doomed to be crushed under a glass ceiling that, quite frankly, exists because people keep stating it does.

Also, the entirety of this article lost its punch with me when you added "You have to believe you are just as good as men, and maybe better because of women's intuition". Again, it undermines premise of equality by implying a genetic advantage, and also, further perpetuates the notion of "us vs them". Which is incredibly dangerous and divisive in itself. When it should be all of *us* in cyber security are versus *them* trying to break our systems and companies.. 

 
JulietteRizkallah
50%
50%
JulietteRizkallah,
User Rank: Ninja
4/11/2017 | 12:50:02 PM
Israel does it right
When it comes to women in Cybersecurity or Hight Tech, Israel does it right. Having worked as an executive for several years in an Isareli Security company, i have seen it first hand: there is there no difference between what a woman or a man can achieve in Isreali executives' mind.  It is rooted in the country traditions: after all, women  have to do military service.  There is no "light" treatment of women for hard tasks if they are up for them, nor for technical tasks.  Parents and teachers support them, through strong training and by building character.  I believe it starts with parenting, pushing our daughters and sons similarly through all tasks and developing their determination so that they reach the goals they want to achieve. 
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Ninja
4/11/2017 | 11:16:35 AM
Stats
Thanks for sharing the stats from the EEOC.  I have seen a variety of statistics putting women in tech at 15 percent to 50 percent and everywhere in between.  It'd be nice to have hard data with transparent methodology on this.
vinderofficial
0%
100%
vinderofficial,
User Rank: Apprentice
4/10/2017 | 5:45:21 AM
SSC Exam Calendar 2017
Staff Selection Commission Board has recently released a notification for the latest Exam Calendar for the year 2017. All the exam will be conducted through the SSC Exam Calendar 2017.

SSC Exam Calendar 2017
vinderofficial
0%
100%
vinderofficial,
User Rank: Apprentice
4/10/2017 | 5:44:19 AM
SSC Exam Calendar 2017
Staff Selection Commission Board has recently released a notification for the latest Exam Calendar for the year 2017. All the exam will be conducted through the SSC Exam Calendar 2017.

SSC Exam Calendar 2017
cybersecfem
50%
50%
cybersecfem,
User Rank: Apprentice
4/6/2017 | 4:37:18 PM
Thank you!
Being a female in a Cybersecurity program, I have felt the pressures of being in a male-dominated field already. Although I feel very comfortable around men, being no stranger to this atmosphere in prior career paths I have chosen, I feel a very intense pressure to have to prove myself in this field already. I thank you for writing this article, it has given me a new sense of determination and confirmation that I have made the right decision by going choosing this field of study.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
Surviving the IT Security Skills Shortage
Surviving the IT Security Skills Shortage
Cybersecurity professionals are in high demand -- and short supply. Find out what Dark Reading discovered during their 2017 Security Staffing Survey and get some strategies for getting through the drought. Download the report today!
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.