Operations
6/6/2014
05:32 PM
Marilyn Cohodas
Marilyn Cohodas
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Dark Reading Radio: Breaking the Glass Ceiling in InfoSec

Join the discussion about the challenges and rewards of being a woman in IT security from the vantage point of three accomplished security professionals. Wednesday, June 11, 2014 at 1:00 p.m. ET

"Lean in," says Facebook COO Sheryl Sandberg in her best-selling 2013 book of the same name, which advises women on how to shatter glass ceilings in tech and other male-dominated industries. But, as any woman in tech will tell you, the challenges today are daunting.

The numbers say a lot, especially in a field where there is a gigantic skills shortage: According to the recently released InformationWeek IT Salary Survey, women comprise only 14% of security staff positions, just 10% of management roles, and female managers earn about $27,000 less than their male counterparts.  

Even more disconcerting is research from the Center for Talent Innovation, which reports that while roughly 50% of STEM program graduates are women, women working in high-tech fields are 45% more likely than their male peers to leave the industry within a year of entering it.

In our next episode of Dark Reading Radio on Wednesday, June 11, 2014 at 1:00 p.m. ET (10:00 a.m. PT), I’ll be leading a panel discussion about the challenges and opportunties for women in IT security. In addition to the issues of the gender gap and pay equity, we'll be talking about the psychic rewards of a career in the security field -- things like learning, camaraderie, and fighting the good fight. Our panelists will also share some of their hard-earned wisdom about how to get ahead in a man's world.

Let me tell you a little bit about our guest speakers:

Lysa Myers began her tenure in malware research labs in the weeks before the Melissa virus outbreak in 1999. Over the years, Lysa has worked both within antivirus research labs, finding and analyzing new malware, and within the third-party testing industry to evaluate the effectiveness of security products. As a Security Researcher for ESET, she currently focuses on providing practical analysis and advice of security trends and events.

Marisa Fagan is a community manager at Bugcrowd where she oversees 7,000 security researchers. Before that, Marisa was a member of the Facebook product security team responsible for the Facebook Bug Bounty, and she managed penetration testing and research projects at Errata Security. Marisa is a co-founder of the Bay Area hacker con, BayThreat, in Mountain View, Calif.

Kerstyn Clover  is a consultant on the SecureState Attack and Defense Team, where she works with a broad range of organizations across a variety of industries on security assessments including incident response, forensic analysis, and social engineering.

I hope you’ll join us on Wednesday for what promises to be an exciting discussion about opportunities in the security industry from the vantage point of three professional women with stellar resumes and a passion about their work. You can post your comments below or bring them to the Dark Reading radio studio. I look forward to seeing you there. 

Marilyn has been covering technology for business, government, and consumer audiences for over 20 years. Prior to joining UBM, Marilyn worked for nine years as editorial director at TechTarget Inc., where she launched six Websites for IT managers and administrators supporting ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/12/2014 | 10:00:08 AM
Thanks to all for a fantastic radio show and discussion.
You can still listen to the broadcast and read (and add to the commentary. Just go to our Dark Reading Radio studio and start the audio player. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/11/2014 | 10:54:36 AM
Link to the Radio Show
We're just a few hours away from today's Radio Show. Here's the link to our studio where you can listen to the panel discussion and chat live with your peers. 

http://www.darkreading.com/radio.asp?webinar_id=93

See you at 1 pm ET/10 am PT. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/10/2014 | 3:52:21 PM
Re: Question to the Panelists
Looking forward to "seeiing" some new names & "faces" tomorrow for our Radio Show but if our date and time doesn't fit into your schedule please be sure to post your comments or questions here. Of course, we are an equal opportunity radio broadcast so if you aren't a woman in IT but work with one, are friends with one, or are related to one, we welcome you to the discussion as well.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/9/2014 | 11:50:19 AM
Re: Question to the Panelists
Thanks for the clarifications. I'll make sure that gets asked during the broadcast or text chat on Wednesday. I hope you can make it -- then you can ask it yourself.

Marilyn
SecOpsSpecialist
50%
50%
SecOpsSpecialist,
User Rank: Apprentice
6/9/2014 | 11:48:08 AM
Re: Question to the Panelists
Marilyn,

What I'm asking specifically is in their experience, they may have run into the perpetual issue where others in the field, or customers, do not believe that they have the technical chops to know what they are talking about, as such, how have they dealt with that adversity? What did they do to overcome it? How did they not let it bother them?

 

Sorry, should have been a touch more specific.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/9/2014 | 11:41:47 AM
Re: Question to the Panelists
Thanks for your comment and question @SecOpsSpecialist.  I'm a little unclear about what you are asking. Do you mean your male colleagues don't think you have the appropriate knowledge and understanding of the job and the underlying technology? 

 
SecOpsSpecialist
50%
50%
SecOpsSpecialist,
User Rank: Apprentice
6/9/2014 | 11:21:46 AM
Question to the Panelists
As a female security professional, I've been finding this one common theme in the computer STEM field:

Women are not expecting to know anything about their job or how a computer works.

 

As women in the Security field and the computer field which is male-dominated, how do you respond when you have to interact with someone who clearly views you as inferior to them? How do you get around it?
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/9/2014 | 9:38:59 AM
Re: Lysa Myers
Thanks for your comment, @christianbryan! This is indeed  great panel and it's one hat is open to everyone -- not just for women in InfoSec. Fathers, brothers and colleagues of women in InfoSec. Please come and add your voice and views to the discussion.

 
Christian Bryant
100%
0%
Christian Bryant,
User Rank: Ninja
6/7/2014 | 10:10:23 AM
Lysa Myers
I look forward to this, especially for Lysa Myers.  I've been following her writing and enjoy her style.  This is a great panel and, as I've noted in the past, as a father of daughters - one of whom is demonstrating high-tech abilities already - I'm really happy to see role models out there to reference if either of my girls chooses a professional path in tech.
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6335
Published: 2014-08-26
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and ...

CVE-2014-0480
Published: 2014-08-26
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL ...

CVE-2014-0481
Published: 2014-08-26
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a d...

CVE-2014-0482
Published: 2014-08-26
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors relate...

CVE-2014-0483
Published: 2014-08-26
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.