While the numbers are improving, the vast underrepresentation and underpromotion of women in technology roles is hampering the industry's effectiveness. Many organizations are joining a growing effort for more diversity and inclusion: Day of Shecurity. I recently spoke at the October virtual event and was inspired by the group of women in attendance — all eager to share their knowledge on how to break the glass ceiling (or in this case, "black mirror") of the information security arena, negotiate your worth, and overcome fears of moving into management.
Once reserved for tech blogs and DEF CON, discussions around securing our personal and professional devices have become more mainstream. Our shift to a largely at-home workforce with fewer safeguards on access to corporate infrastructure and assets gave attackers a multitude of new attack vectors. We also started relying on the Internet for many of the activities we used to perform in person: online banking, online shopping, online learning, online socializing, online everything.
There are, however, far too few trained cybersecurity professionals available to meet the demand set by businesses. Projections for workforce shortages in cybersecurity have vastly underestimated the requirements of an ever-growing and evolving threat to the technology we have grown dependent on. In my last article, I explored how eager minds can find their niche in cybersecurity, but another passion of mine is empowering women to join the cyber workforce.
I'm often asked how to gain footing in a new role in this industry, and my answer always boils down to these tips:
- Find a mentor. The cybersecurity industry is relatively small, and building relationships can help with everything from discovering new, open job positions to attending conferences and learning how best to prepare for an interview.
- Consider the benefits of moving laterally within your organization. In the current age of digital transformation, most organizations are starting their own security teams and realizing the benefits of having experts on hand. Employee turnover is expensive, and many companies would be much happier to reposition a valued employee within a different team — especially a team that's notoriously difficult to hire for.
- Try a self-directed side project. Choosing a project may require guidance from a mentor who can lead you toward an option that will be representative of working in that role, but this can also provide you with a portfolio for potential employers in lieu of work experience. By sharing my malware research projects with hiring managers, I was able to demonstrate my experience in malware analysis and bolster my resume.
- Understand the value of your "unrelated" skills. Your skills are more transferable than you realize: A history of software engineering grants you the ability to understand the process (and potential pitfalls) of the software delivery process; an undergraduate degree in humanities may make you well-equipped to effectively communicate strategies to executives. My time studying political science — a seemingly unrelated area of study — now helps me to understand the geopolitical context of the threat I'm researching.
Despite a growing interest in cybersecurity (due in large part to initiatives dedicated to equalizing the ratio of men and women in the industry), women still only represent 25% of the industry workforce, according to research from (ISC)2. This is concerning for several reasons, one of the most important being that diversity brings more varied solutions to major challenges in cybersecurity — just as it has in every other industry. Our attackers are constantly finding new, creative ways to exploit users; we need to be able to catch up.