Operations // Careers & People
5/23/2014
09:50 AM
Sara Peters
Sara Peters
Commentary
Connect Directly
Twitter
RSS
E-Mail
100%
0%

Women In Security: We've Still Got A Long Way To Go, Baby

Research shows that the gender gap in IT remains a real problem, but getting girls interested in technology is not the issue.

Don't get me wrong; I love that there's never a line for the ladies room at security conferences. Nevertheless, there is a gender problem in IT and it's particularly bad in security. And I'll tell you something: all the STEM education programs in the world aren't going to solve the problem.

The InformationWeek IT Salary Survey released this week shows the problem in rather stark terms. In security, only 14 percent of the staff and 10 percent of the managers are women. This is consistent with other figures. ISC(2)'s most recent figures show that only 11 percent of the security workforce is female.

An industry that claims to have a shortage of personnel can't afford to repel half the world's population. As Julie Peeler, head of the ISC(2) Foundation, told me a few months ago, "If we doubled the number of women in security tomorrow, it would eliminate the shortage for a full year. It's not just a cultural issue. It's an economic issue."

Not only are there far fewer women in security, there is a significant salary gap, according to the InformationWeek survey. Although the gap is rather narrow between male and female staff -- men’s base pay is $3,000 greater -- the story in security management is very different. Male security managers brought home $27,000 more than female security managers this year. Men reported receiving a base pay of $127,000 plus an additional $14,000 in bonuses; women reported a base salary of $109,000 and $5,000 in bonuses.

So there are two issues: There aren't enough women in security; and women still get paid less for the same work. The question, of course, is why?

One reason may be that girls are still not adequately encouraged to go into STEM fields. Kerstyn Clover, staff consultant for SecureState and a Dark Reading contributor, noted this in a post she wrote in January. Although Clover herself is only 21 years old, and therefore was raised in a rather enlightened era, she writes: "The amount of times that I tried to venture in and explore something and got pushed or scared off, or was made to feel ashamed because they weren't what I was 'supposed' to like, is astounding."

However, getting young women interested in IT fields is not the biggest problem. According to a February report released by the Center for Talent Innovation, roughly 50 percent of people graduating with STEM degrees are women, yet women working in high-tech fields are 45 percent more likely than their male peers to leave the industry within a year of entering it.

The research indicates that the reason they leave is not that they don't like the work. Eighty percent of American women in science, engineering, and technology jobs said they loved their work -- plus 87 percent of Brazilian women, 90 percent of Chinese women, and 93 percent of Indian women. Among the reasons they give for leaving are, rather, an exclusionary macho culture and a lack of executive sponsorship. Women's ideas were less likely to get green-lit, they were less likely to obtain management positions, and they struggled with being labeled "too emotional" or "too edgy" for management positions.

Ladies, gentlemen: We must all accept some of the responsibility for this.

Last month The Atlantic published a cover story titled "The Confidence Gap." The story shows evidence that "success, it turns out, correlates just as closely with confidence as it does with competence," and that women's success is inhibited by the fact that we have far less confidence than men. Among the pieces of research the authors reference:

Linda Babcock, a professor of economics at Carnegie Mellon University and the author of Women Don’t Ask, has found, in studies of business-school students, that men initiate salary negotiations four times as often as women do, and that when women do negotiate, they ask for 30 percent less money than men do.

This article hit me so close to home that I couldn't read the whole thing the first time. I am no shrinking violet, but I have never once asked for a pay raise. I asked for a promotion only once in my career, and did so with the caveat "but you don't need to pay me more." (I got the promotion, without the raise, as I foolishly requested.)

I'm also sorry to say that the security field has not always been particularly welcoming. I will never forget the first and only time I went to DEF CON (in 2005). The fact that I only saw two other women at the event for the entire time I was there was not the problem for me. The problem was that none of the men would speak to me -- not about security, not about anything. They weren't being cruel; they just didn't want me around. Finally, an hour before I was about to leave for the airport after a very lonely two days, a man spoke to me. He said:

"I gotta tell ya, you've got great legs."

In his defense, I did have great legs, but that's not what I'd gone to DEF CON to discuss. That was nine years ago, and I do believe the industry has evolved a bit since that time, but research shows that we still have a long way to go. That's the bad news. The good news is that these are fixable problems.

Ladies, we need to work on our confidence. We need to ask for raises and promotions. We need to speak up in meetings.

Everyone, we need to call out our colleagues -- male and female alike -- when they exhibit behavior that makes us feel that there is something wrong with being a woman in the workplace. Not just the outrageous acts of sexual harassment that require a trip to the HR department, but the small digs that undermine a female co-worker's authority and professionalism. Sexism isn't just a woman's problem. It's an everybody problem, especially in IT.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Sara Peters
100%
0%
Sara Peters,
User Rank: Author
5/28/2014 | 2:47:27 PM
Re: Re : Women In Security: We've Still Got A Long Way To Go, Baby
@Kerstyn  Agreed! "if only we had all the answers and ability to fix it that would be peachy." I think really that the change is only going to happen if both men and women, boys and girls, help make it so. I just learned about a new non-profit aimed at getting more girls into STEM fields, but the group is for both girls AND BOYS. I think that's the right way to go. Instead of making boys feel excluded or girls feel separate, it's better to get them both working together so that they both feel that being different genders is no big deal.

I'll share more about them when I know more.
Kerstyn Clover
100%
0%
Kerstyn Clover,
User Rank: Strategist
5/28/2014 | 9:39:32 AM
Re: Re : Women In Security: We've Still Got A Long Way To Go, Baby
All this talk about guts and asking for things made me think of a spoken word piece I've seen by Lily Myers. Relevant portion: "I asked five questions in genetics class today and all of them started with the word 'sorry.'"

 

Sara, I think you brought up a lot of excellent points here and I appreciate that you backed them with some great references. I'll have to read through a couple I hadn't seen yet. Of course I also appreciate the shout-out; I think we've both honed in on the same issue. Now, if only we had all the answers and ability to fix it that would be peachy.
Kerstyn Clover
50%
50%
Kerstyn Clover,
User Rank: Strategist
5/28/2014 | 8:59:29 AM
Re: No problem
| When women don't enter IT (or other male dominated industries), they aren't always simply choosing to not enter the field.

 

Yes! This hits the nail on the head in my opinion. I've always based my judgment on the idea of women being interested (or not) in these fields on talking to young women, my experiences, and the environments. I feel like there are a lot of people who base their assessments of women's interests only on the idea of "if they were interested they'd work in it, if not they wouldn't, there are few women here and therefore few women are interested in the topic". I think that misses a lot of complex socioeconomic factors which can be hard to put a finger on.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
5/27/2014 | 12:51:45 PM
Re: No problem
@SaraPeters.

I very much agree with you Sara, as I said earlier no one should be detracted from a field they wish to pursue. 

What are somethings that could be done for women so that they stay in said career path?
Sadie!
50%
50%
Sadie!,
User Rank: Apprentice
5/27/2014 | 12:47:41 PM
Re: No problem
When women don't enter IT (or other male dominated industries), they aren't always simply choosing to not enter the field. Many girls grow up showing interests in STEM fields, but are discouraged from pursuing those interests directly or indirectly. When I was in high school I was interested in computer science, but never joined the computer club because I was intimidated by the all boy group. (I did end up pursuing my interests in college.) On the other side of your argument are professions like elementary teaching and nursing. I bet there are boys who are interested in these professions, but are encouraged to pursue more typically male jobs. Why was it so hilarious in the movie 'Meet the Parents' that Greg is a nurse?

This is an old video, recently passed around on the internet via upworthy (I know, yuck), but still relevant:
https://www.youtube.com/watch?feature=player_embedded&v=035lOhkNbkM
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
5/27/2014 | 10:23:55 AM
Re: FOSS and Women
@christianabryant  Thank you for the info and for being such a responsible dad to daughters! Hopefully they'll find the same supportive environment in the IT world as they get older.
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
5/27/2014 | 10:07:30 AM
Re: Re : Women In Security: We've Still Got A Long Way To Go, Baby
@SachinEE @Marilyn   Well it might be a problem with a lack of guts. But I can tell you that the time I asked for the promotion but not the raise was because I knew the better title would help me do a better job (because people were more likely to return my phone calls), but I also knew that the company was struggling a bit financially and I didn't want to a) hurt the company, or b) have them immediately reject my request for a promotion.

So, I guess it was partly a lack of confidence and partly a willingness to sacrifice a little something for the sake of the company. I think both of those things are rather common among women.

Regardless... I should have at least asked for the raise, even if I was willing to take the promotion without the money if they said they couldn't afford it. It's silly that I didn't do it.


 
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
5/27/2014 | 10:00:47 AM
Re: No problem
@RyanSepe  Well, I agree with you that aiming for a 50/50 split is pointless, but I don't think that's really what anybody's goal is. Certain fields attract more women, others attract more men, and there's nothing wrong with that. The trouble is when someone is attracted to a field that then rejects them.

What concerns me is that maybe the split would be 20:80, if half the women who left the field after a year decided to stay instead.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/27/2014 | 9:57:54 AM
Re: Re : Women In Security: We've Still Got A Long Way To Go, Baby
@SachinEE Knowing Sara, I'm sure she has the guts to ask for a raise. And as the daughter of an assertive working mother and the mother of an assertive (when she wants to be) daughter I totally agree that being proactive is an important strategy for women who want to achieve pay parity and recognization in security-- along with many other fields.

While I can't speak directly about women in security, after 30-plus years in the workforce, I've seen plenty of examples of "exclusionary macho culture and a lack of executive sponsorship" as mentioned in the article. We all have to play a role in elimiinating that bias.
SachinEE
50%
50%
SachinEE,
User Rank: Apprentice
5/26/2014 | 12:44:42 PM
Re : Women In Security: We've Still Got A Long Way To Go, Baby
In order to be taken seriously by men a woman should show she has the guts to face up to challenges brought out in a work place. Sara when you asked for a promotion, you should have just come out and said you want a pay rise too. Why did he give you the promotion if he didn't think you are not qualified to get the promotion? It just needs guts.
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6306
Published: 2014-08-22
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

CVE-2014-0232
Published: 2014-08-22
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1)...

CVE-2014-3525
Published: 2014-08-22
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVE-2014-3563
Published: 2014-08-22
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

CVE-2014-3594
Published: 2014-08-22
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.