07:35 AM
Kerstyn Clover
Kerstyn Clover
Connect Directly

Red Or Blue, I'm Usually The Only Woman On The Team

Women are still few and far between in the cybersecurity field

Kerstyn Clover is a staff consultant for SecureState, a management consulting firm specializing in information security. She is a member of the incident response and forensics team.

As a kid, I was almost always the only female gamer or coder in my class. I recently joined the SecureState team as its youngest consultant, a month past my 21st birthday, and I'm the only woman on my team. My young age grants me many advantages, and one of them is being able to remember how it felt as that vulnerable, scared little girl growing up feeling like an outcast.

Sometimes other women are around, and it's an incredible feeling on some fundamental level. It's not like we have a secret handshake (that would be cool, though), but there is something to be said for finally seeing someone you can relate to, who looks like you, doing the things you love.

As of 2006, only 13 percent of U.S. cybersecurity professionals were women. After four years of school, a couple of internships, and at my present position, I can still count on my hands the number of women who I have worked with in cybersecurity and digital investigation combined.

I've heard the argument that women just aren't interested in the field, but in my experience, that's patently false. Talking with the women in my life, I've heard everything from, "It just wasn't done back then" to, "I had no idea what the opportunities were like," in addition to it not being their cup of tea, which is a perfectly acceptable answer -- the goal isn't to shoehorn in people that don't love the field.

I got lucky: Within the last four months of my senior year of high school, I discovered my field through a series of fortunate events, starting with a career catalog that had a photo of Warrick from "CSI" on the cover. Not everyone gets to have a serendipitous experience with a handout from the guidance counselor's office.

Trying to determine why the number of women in our field is so low is where things get complicated. It's worth noting that a recent study found that only 16 percent of female characters in movies and TV (PDF) are shown to hold a job in any STEM field. I can't remember many female role models of my own, except that I was a goth/punk in high school, so Abby from NCIS was a frequent comparison when I told people what I wanted to do with my life.

Also worth noting is the long list of people (mostly women) who have published op-eds, blogs, and even vetted scientific studies about the gender disparity in STEM/tech fields and faced incredible backlash, up to and including stalking and threats.

Creating Awareness Of Cybersecurity As A Career
I feel that a large part of the issue is that there are people with passion for just about everything, but if they never know that what they love can be a career, they will find something else. For me -- and I suspect, many other women -- working with computers was in the ranks of weightlifting, working on cars, and playing video games: things that I love today, but got into much later in life than my male counterparts because I didn't often have opportunities to explore them.

On top of that, I think young women face some pushback once they do discover these things. The amount of times that I tried to venture in and explore something and got pushed or scared off, or was made to feel ashamed because they weren't what I was "supposed" to like, is astounding.

I taught myself some coding and computer repair in probably the most painstaking ways possible, but my experiences growing up put me at a disadvantage that I am still working to overcome. Throughout college, I was secretly fighting tooth and nail to understand concepts, references, and information that my classmates knew from young ages. From what I can tell, this is not uncommon.

I can see lots of things today that I wish existed when I was a kid. You might have seen this commercial for GoldieBlox, developed by an engineer who did a lot of research before launching a Kickstarter and using her own money to create the toys she always wanted to have. The project reminds me of the research and intentions behind Alice, a set of story-driven coding lessons that Randy Pausch of Carnegie Mellon discussed in his famous "Last Lecture" presentation and book. Fast Company recently wrote an article about a young woman who created her own group at school called XX Hackers. The group was inspired by the Girls Who Code programs; both aim to bring girls into a welcoming and encouraging space where they can make friends, bond over shared interests in computing, and learn together.

A somewhat similar program on a far smaller scale started at Defiance College my freshman year: I got to watch as middle and high school students came to campus for a summer camp about criminal justice, forensic science, and digital forensic science. As a counselor, I met quite a few who said they were interested in selecting digital forensics as their focus area, but had some trepidation about being "that one weird girl" who picked it. Thing is, there were always multiple girls worried about being the only one: They just didn't realize it. Without reassurance that they won't be marginalized or made fun of it can be very hard for a young woman to feel like taking that leap off of the diving board.

Here at SecureState, we're going to be having a Capture the Flag-style hacking competition soon, designed to help high school students learn more about hacking (ethically), information security, and the opportunities available to them. It's even going to have zombies. So if any young women are out there interested in the SecureState Zombie CTF, but not sure if they can do it, or if they'll be stuck feeling alone, drop me a line. I would be happy to see you there. We can even do the super-secret handshake.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. As a staff consultant on the SecureState Attack and Defense Team, Kerstyn works with a broad range of organizations across a variety of industries on security assessments including incident response, forensic analysis, and social engineering. View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
5/28/2014 | 12:45:36 AM
Women are just not interested
You wrote in your article:

"I've heard the argument that women just aren't interested in the field, but in my experience, that's patently false."

But I have found, in my experience, that women are not really interested in technical or engineering fields for the most part. When I went to college for electrical enginneering, I had only about 4 or 5 girls in my class. The calss size wass close to 60 or 70.


User Rank: Apprentice
2/13/2014 | 8:55:44 PM
re: Red Or Blue, I'm Usually The Only Woman On The Team
Some things we have to deal with. I was the only male cellist in my community orchestra for a couple of years and women have always been a small minority of brass players (thought there do appear to be more female trumpeters than male flautists). It doesn't at all surprise me that female techies feel a bit lonely with all those male colleagues, but maybe it would help if you thought of yourself as an only daughter with lots of brothers (and there are usually other women in the office with whom one might socialize).

We actually want more she-techies because they tend to look at problems differently than the men do and the differences are valuable. But culture is hard to change, and there's a price for going against the grain that can be lowered, but not eliminated. Regardless, it's one that those wanting to pursue careers they actually enjoy should be willing to pay.

The other thing to remember is that men have just as much of a right to pursue the careers they love (and a lot of us like to tinker) as women do.

It's also the case that most computer professionals need to spend less time socializing with each other and more time hanging out with end users. It seems to me that with women being a small minority, they're more likely to do that than are their male colleagues.
User Rank: Apprentice
1/30/2014 | 8:30:47 PM
re: Red Or Blue, I'm Usually The Only Woman On The Team
>> but there is something to be said for finally seeing someone you can relate to, who looks like you, doing the things you love.

... So you clearly do believe there are innate gender-based differences in peoples interests. Why can't you then accept:

>> I've heard the argument that women just aren't interested in the field, but in my experience, it's patently false.

Actually in my experience as a professional software developer for 35 years its patently true.

>> I can't remember many female role models of my own, except that I was a goth/punk in high school, so Abby from NCIS was a frequent comparison when I told people what I wanted to do with my life.

When I was getting into software I dont remember having or needing any male or female role models. I just discovered I liked programming on my own so I made my own way. actually both my parents were ignorant of computers so were both against it. It seems in order to do something, females more often expect a whole pre-existing support network of encouragement from society/other people, whereas men mostly just get stuck in, dont expect help, suck it up and make it happen on their own, even under adversity.

>> Throughout college, I was secretly fighting tooth and nail to understand concepts, references, and information that my classmates knew from young ages. From what I can tell,this is not uncommon.

So are you saying all men get born with innate STEM abilities that women don't have? ..or that it just came easier for them for some other reason than they had to work hard to learn it too? (both are ridiculous, they all had to put in the same effort as you).

In EVERY company I've worked at as a software developer in 35 years, It seems clear to me that there's actually more than a level playing field. Professional companies are always VERY careful about not being even possibly perceived as being predjudiced on gender/race/religion etc. in fact its usually so PeeCee they tend to overly compensate and actually give women and racial minorities better opportunities than white men of the same ability. This was very noticeably true on my CS degree course but there were still only 4 women and about 30 guys. Women still chose not to do the course even though they had several distinct advantages just because of their gender such as academically lower entrance criteria, and also several female-only programs through the uni for extra financial help for a CS degree. The girls hardly ever did their own coursework either as they were of the mindset that the better approach was to hit on the male CS students to get them do their coursework for them. Needless to say that came unstuck at every exam time when they actually needed to know the subject, so consequently those that didn't flunk just got really low-graded degrees, which was the actual reason the female grads couldn't as easily get jobs in Software Dev companies.

I'm sorry but after 35 years in the biz I just don't believe its any harder for women to be Software Developers than guys at all. You may think its automatically easy for anyone with a penis but it just isn't. It is obvious however that when asked/expected to individually perform the same level of hard work as the guys, many women often expect pity, extra support than a guy, or to get exceptions made just because of their gender.

Being a good software developer takes long-term dedication, it is harder than many jobs and there's nowhere to hide if you aren't actually good. In my opinion thats the only reason why there aren't more women involved. Many women apparently just want an easy life. Easier than what it takes to be a good software dev. And just by being born female, many societies already give them way more options for an easy life than guys ever get (marry a rich guy, be a stay-at-home mom etc etc).
User Rank: Apprentice
1/30/2014 | 8:26:34 PM
re: Red Or Blue, I'm Usually The Only Woman On The Team
Wonderful article. Have been following the Goldieblox concept since it's debut on Kickstarter. Already a top 5 present contender for daughter's upcoming birthday. Continue to push past the humble demeanor that enshrouds peoples perceptions of female STEM. Be fierce!
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-10-24
Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.4.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name.

Published: 2014-10-24 in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

Published: 2014-10-24
WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.

Published: 2014-10-24
Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request.

Published: 2014-10-24
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) and (2), which allows local users to execute arbitrary Perl code by modifying these files.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.