Red Or Blue, I'm Usually The Only Woman On The TeamWomen are still few and far between in the cybersecurity field
Kerstyn Clover is a staff consultant for SecureState, a management consulting firm specializing in information security. She is a member of the incident response and forensics team.
As a kid, I was almost always the only female gamer or coder in my class. I recently joined the SecureState team as its youngest consultant, a month past my 21st birthday, and I'm the only woman on my team. My young age grants me many advantages, and one of them is being able to remember how it felt as that vulnerable, scared little girl growing up feeling like an outcast.
Sometimes other women are around, and it's an incredible feeling on some fundamental level. It's not like we have a secret handshake (that would be cool, though), but there is something to be said for finally seeing someone you can relate to, who looks like you, doing the things you love.
As of 2006, only 13 percent of U.S. cybersecurity professionals were women. After four years of school, a couple of internships, and at my present position, I can still count on my hands the number of women who I have worked with in cybersecurity and digital investigation combined.
I've heard the argument that women just aren't interested in the field, but in my experience, that's patently false. Talking with the women in my life, I've heard everything from, "It just wasn't done back then" to, "I had no idea what the opportunities were like," in addition to it not being their cup of tea, which is a perfectly acceptable answer -- the goal isn't to shoehorn in people that don't love the field.
I got lucky: Within the last four months of my senior year of high school, I discovered my field through a series of fortunate events, starting with a career catalog that had a photo of Warrick from "CSI" on the cover. Not everyone gets to have a serendipitous experience with a handout from the guidance counselor's office.
Trying to determine why the number of women in our field is so low is where things get complicated. It's worth noting that a recent study found that only 16 percent of female characters in movies and TV (PDF) are shown to hold a job in any STEM field. I can't remember many female role models of my own, except that I was a goth/punk in high school, so Abby from NCIS was a frequent comparison when I told people what I wanted to do with my life.
Also worth noting is the long list of people (mostly women) who have published op-eds, blogs, and even vetted scientific studies about the gender disparity in STEM/tech fields and faced incredible backlash, up to and including stalking and threats.
Creating Awareness Of Cybersecurity As A Career
I feel that a large part of the issue is that there are people with passion for just about everything, but if they never know that what they love can be a career, they will find something else. For me -- and I suspect, many other women -- working with computers was in the ranks of weightlifting, working on cars, and playing video games: things that I love today, but got into much later in life than my male counterparts because I didn't often have opportunities to explore them.
On top of that, I think young women face some pushback once they do discover these things. The amount of times that I tried to venture in and explore something and got pushed or scared off, or was made to feel ashamed because they weren't what I was "supposed" to like, is astounding.
I taught myself some coding and computer repair in probably the most painstaking ways possible, but my experiences growing up put me at a disadvantage that I am still working to overcome. Throughout college, I was secretly fighting tooth and nail to understand concepts, references, and information that my classmates knew from young ages. From what I can tell, this is not uncommon.
I can see lots of things today that I wish existed when I was a kid. You might have seen this commercial for GoldieBlox, developed by an engineer who did a lot of research before launching a Kickstarter and using her own money to create the toys she always wanted to have. The project reminds me of the research and intentions behind Alice, a set of story-driven coding lessons that Randy Pausch of Carnegie Mellon discussed in his famous "Last Lecture" presentation and book. Fast Company recently wrote an article about a young woman who created her own group at school called XX Hackers. The group was inspired by the Girls Who Code programs; both aim to bring girls into a welcoming and encouraging space where they can make friends, bond over shared interests in computing, and learn together.
A somewhat similar program on a far smaller scale started at Defiance College my freshman year: I got to watch as middle and high school students came to campus for a summer camp about criminal justice, forensic science, and digital forensic science. As a counselor, I met quite a few who said they were interested in selecting digital forensics as their focus area, but had some trepidation about being "that one weird girl" who picked it. Thing is, there were always multiple girls worried about being the only one: They just didn't realize it. Without reassurance that they won't be marginalized or made fun of it can be very hard for a young woman to feel like taking that leap off of the diving board.
Here at SecureState, we're going to be having a Capture the Flag-style hacking competition soon, designed to help high school students learn more about hacking (ethically), information security, and the opportunities available to them. It's even going to have zombies. So if any young women are out there interested in the SecureState Zombie CTF, but not sure if they can do it, or if they'll be stuck feeling alone, drop me a line. I would be happy to see you there. We can even do the super-secret handshake.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
As a staff consultant on the SecureState Attack and Defense Team, Kerstyn works with a broad range of organizations across a variety of industries on security assessments including incident response, forensic analysis, and social engineering. View Full Bio