Operations // Careers & People
5/23/2014
09:50 AM
Sara Peters
Sara Peters
Commentary
Connect Directly
Twitter
RSS
E-Mail
100%
0%

Women In Security: We've Still Got A Long Way To Go, Baby

Research shows that the gender gap in IT remains a real problem, but getting girls interested in technology is not the issue.

Don't get me wrong; I love that there's never a line for the ladies room at security conferences. Nevertheless, there is a gender problem in IT and it's particularly bad in security. And I'll tell you something: all the STEM education programs in the world aren't going to solve the problem.

The InformationWeek IT Salary Survey released this week shows the problem in rather stark terms. In security, only 14 percent of the staff and 10 percent of the managers are women. This is consistent with other figures. ISC(2)'s most recent figures show that only 11 percent of the security workforce is female.

An industry that claims to have a shortage of personnel can't afford to repel half the world's population. As Julie Peeler, head of the ISC(2) Foundation, told me a few months ago, "If we doubled the number of women in security tomorrow, it would eliminate the shortage for a full year. It's not just a cultural issue. It's an economic issue."

Not only are there far fewer women in security, there is a significant salary gap, according to the InformationWeek survey. Although the gap is rather narrow between male and female staff -- men’s base pay is $3,000 greater -- the story in security management is very different. Male security managers brought home $27,000 more than female security managers this year. Men reported receiving a base pay of $127,000 plus an additional $14,000 in bonuses; women reported a base salary of $109,000 and $5,000 in bonuses.

So there are two issues: There aren't enough women in security; and women still get paid less for the same work. The question, of course, is why?

One reason may be that girls are still not adequately encouraged to go into STEM fields. Kerstyn Clover, staff consultant for SecureState and a Dark Reading contributor, noted this in a post she wrote in January. Although Clover herself is only 21 years old, and therefore was raised in a rather enlightened era, she writes: "The amount of times that I tried to venture in and explore something and got pushed or scared off, or was made to feel ashamed because they weren't what I was 'supposed' to like, is astounding."

However, getting young women interested in IT fields is not the biggest problem. According to a February report released by the Center for Talent Innovation, roughly 50 percent of people graduating with STEM degrees are women, yet women working in high-tech fields are 45 percent more likely than their male peers to leave the industry within a year of entering it.

The research indicates that the reason they leave is not that they don't like the work. Eighty percent of American women in science, engineering, and technology jobs said they loved their work -- plus 87 percent of Brazilian women, 90 percent of Chinese women, and 93 percent of Indian women. Among the reasons they give for leaving are, rather, an exclusionary macho culture and a lack of executive sponsorship. Women's ideas were less likely to get green-lit, they were less likely to obtain management positions, and they struggled with being labeled "too emotional" or "too edgy" for management positions.

Ladies, gentlemen: We must all accept some of the responsibility for this.

Last month The Atlantic published a cover story titled "The Confidence Gap." The story shows evidence that "success, it turns out, correlates just as closely with confidence as it does with competence," and that women's success is inhibited by the fact that we have far less confidence than men. Among the pieces of research the authors reference:

Linda Babcock, a professor of economics at Carnegie Mellon University and the author of Women Don’t Ask, has found, in studies of business-school students, that men initiate salary negotiations four times as often as women do, and that when women do negotiate, they ask for 30 percent less money than men do.

This article hit me so close to home that I couldn't read the whole thing the first time. I am no shrinking violet, but I have never once asked for a pay raise. I asked for a promotion only once in my career, and did so with the caveat "but you don't need to pay me more." (I got the promotion, without the raise, as I foolishly requested.)

I'm also sorry to say that the security field has not always been particularly welcoming. I will never forget the first and only time I went to DEF CON (in 2005). The fact that I only saw two other women at the event for the entire time I was there was not the problem for me. The problem was that none of the men would speak to me -- not about security, not about anything. They weren't being cruel; they just didn't want me around. Finally, an hour before I was about to leave for the airport after a very lonely two days, a man spoke to me. He said:

"I gotta tell ya, you've got great legs."

In his defense, I did have great legs, but that's not what I'd gone to DEF CON to discuss. That was nine years ago, and I do believe the industry has evolved a bit since that time, but research shows that we still have a long way to go. That's the bad news. The good news is that these are fixable problems.

Ladies, we need to work on our confidence. We need to ask for raises and promotions. We need to speak up in meetings.

Everyone, we need to call out our colleagues -- male and female alike -- when they exhibit behavior that makes us feel that there is something wrong with being a woman in the workplace. Not just the outrageous acts of sexual harassment that require a trip to the HR department, but the small digs that undermine a female co-worker's authority and professionalism. Sexism isn't just a woman's problem. It's an everybody problem, especially in IT.

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Sara Peters
100%
0%
Sara Peters,
User Rank: Author
5/28/2014 | 2:47:27 PM
Re: Re : Women In Security: We've Still Got A Long Way To Go, Baby
@Kerstyn  Agreed! "if only we had all the answers and ability to fix it that would be peachy." I think really that the change is only going to happen if both men and women, boys and girls, help make it so. I just learned about a new non-profit aimed at getting more girls into STEM fields, but the group is for both girls AND BOYS. I think that's the right way to go. Instead of making boys feel excluded or girls feel separate, it's better to get them both working together so that they both feel that being different genders is no big deal.

I'll share more about them when I know more.
Kerstyn Clover
100%
0%
Kerstyn Clover,
User Rank: Moderator
5/28/2014 | 9:39:32 AM
Re: Re : Women In Security: We've Still Got A Long Way To Go, Baby
All this talk about guts and asking for things made me think of a spoken word piece I've seen by Lily Myers. Relevant portion: "I asked five questions in genetics class today and all of them started with the word 'sorry.'"

 

Sara, I think you brought up a lot of excellent points here and I appreciate that you backed them with some great references. I'll have to read through a couple I hadn't seen yet. Of course I also appreciate the shout-out; I think we've both honed in on the same issue. Now, if only we had all the answers and ability to fix it that would be peachy.
Kerstyn Clover
50%
50%
Kerstyn Clover,
User Rank: Moderator
5/28/2014 | 8:59:29 AM
Re: No problem
| When women don't enter IT (or other male dominated industries), they aren't always simply choosing to not enter the field.

 

Yes! This hits the nail on the head in my opinion. I've always based my judgment on the idea of women being interested (or not) in these fields on talking to young women, my experiences, and the environments. I feel like there are a lot of people who base their assessments of women's interests only on the idea of "if they were interested they'd work in it, if not they wouldn't, there are few women here and therefore few women are interested in the topic". I think that misses a lot of complex socioeconomic factors which can be hard to put a finger on.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
5/27/2014 | 12:51:45 PM
Re: No problem
@SaraPeters.

I very much agree with you Sara, as I said earlier no one should be detracted from a field they wish to pursue. 

What are somethings that could be done for women so that they stay in said career path?
Sadie!
50%
50%
Sadie!,
User Rank: Apprentice
5/27/2014 | 12:47:41 PM
Re: No problem
When women don't enter IT (or other male dominated industries), they aren't always simply choosing to not enter the field. Many girls grow up showing interests in STEM fields, but are discouraged from pursuing those interests directly or indirectly. When I was in high school I was interested in computer science, but never joined the computer club because I was intimidated by the all boy group. (I did end up pursuing my interests in college.) On the other side of your argument are professions like elementary teaching and nursing. I bet there are boys who are interested in these professions, but are encouraged to pursue more typically male jobs. Why was it so hilarious in the movie 'Meet the Parents' that Greg is a nurse?

This is an old video, recently passed around on the internet via upworthy (I know, yuck), but still relevant:
https://www.youtube.com/watch?feature=player_embedded&v=035lOhkNbkM
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
5/27/2014 | 10:23:55 AM
Re: FOSS and Women
@christianabryant  Thank you for the info and for being such a responsible dad to daughters! Hopefully they'll find the same supportive environment in the IT world as they get older.
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
5/27/2014 | 10:07:30 AM
Re: Re : Women In Security: We've Still Got A Long Way To Go, Baby
@SachinEE @Marilyn   Well it might be a problem with a lack of guts. But I can tell you that the time I asked for the promotion but not the raise was because I knew the better title would help me do a better job (because people were more likely to return my phone calls), but I also knew that the company was struggling a bit financially and I didn't want to a) hurt the company, or b) have them immediately reject my request for a promotion.

So, I guess it was partly a lack of confidence and partly a willingness to sacrifice a little something for the sake of the company. I think both of those things are rather common among women.

Regardless... I should have at least asked for the raise, even if I was willing to take the promotion without the money if they said they couldn't afford it. It's silly that I didn't do it.


 
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
5/27/2014 | 10:00:47 AM
Re: No problem
@RyanSepe  Well, I agree with you that aiming for a 50/50 split is pointless, but I don't think that's really what anybody's goal is. Certain fields attract more women, others attract more men, and there's nothing wrong with that. The trouble is when someone is attracted to a field that then rejects them.

What concerns me is that maybe the split would be 20:80, if half the women who left the field after a year decided to stay instead.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/27/2014 | 9:57:54 AM
Re: Re : Women In Security: We've Still Got A Long Way To Go, Baby
@SachinEE Knowing Sara, I'm sure she has the guts to ask for a raise. And as the daughter of an assertive working mother and the mother of an assertive (when she wants to be) daughter I totally agree that being proactive is an important strategy for women who want to achieve pay parity and recognization in security-- along with many other fields.

While I can't speak directly about women in security, after 30-plus years in the workforce, I've seen plenty of examples of "exclusionary macho culture and a lack of executive sponsorship" as mentioned in the article. We all have to play a role in elimiinating that bias.
SachinEE
50%
50%
SachinEE,
User Rank: Apprentice
5/26/2014 | 12:44:42 PM
Re : Women In Security: We've Still Got A Long Way To Go, Baby
In order to be taken seriously by men a woman should show she has the guts to face up to challenges brought out in a work place. Sara when you asked for a promotion, you should have just come out and said you want a pay rise too. Why did he give you the promotion if he didn't think you are not qualified to get the promotion? It just needs guts.
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7298
Published: 2014-10-24
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.

CVE-2014-8346
Published: 2014-10-24
The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.

CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.