Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

03:30 PM
Connect Directly
E-Mail vvv

How to Crack Cybersecurity’s Glass Ceiling

Sage career advice to young women from the female CTO of a security startup: Get a pair of earplugs, and put them in when you hear words like 'can't' or 'don't.'

Does the "glass ceiling" still exist? On the one hand, a woman was almost elected president of the United States, and government statistics show that women constitute about half the US high-tech workforce. On the other hand, US Census data shows that of the women in the workforce, more work at lower-paying jobs than at higher-paying ones. And when it comes to the cybersecurity industry, women represent quite a slim margin, representing 11% of the world industry's workforce, making me somewhat of a unique creature.  

I'm the CTO of a cybersecurity startup called Secret Double Octopus (an odd name, but one people tend to remember), and it's my job to oversee the company's R&D operations and conduct the tech deep dive at client meetings. My immersion into a male-dominated environment dates back to my days as a soldier in the Israel Defense Forces, where I served as a sabotage and mines instructor.

My professional career in cybersecurity began as part of my academic research as a PhD student at Hebrew University, where I focused on anomaly detection for zero-day attacks, fast pattern matching for deep packet inspection and software-defined networks (SDN), and then continued as a postdoctoral researcher at Ben-Gurion University in Beer Sheba with Professor Shlomi Dolev. It was there that JVP, one of Israel's leading venture capital firms, approached me because of my research and proposed practically applying my research, matching me with our CEO, Raz Rafaeli.

I wouldn't say I'm a women's rights activist by choice, but being in an executive position within the IT industry automatically makes me one, whether I like it or not. As a result, I've become a de facto spokesperson of sorts, advising young women professionals on how to make it in an industry where the glass ceiling is still pretty thick. My advice: Get a pair of earplugs, and put them in when you hear words like "can't" or "don't." It worked for me.

Fortunately for me, the path of STEM has been clear to me since I was a little girl. Thankfully, I do not experience the "thick glass ceiling" on a daily basis within my own team, but intentional or not, the fact of the matter is that cybersecurity is indeed a male-dominated field and, although we do live in a heightened gender-aware generation, gender biases still exist.

There are numerous reasons for this lingering sexism. According to a 2015 National Bureau of Economic Research study, teacher (both male and female) gender biases turn girls off from studying STEM subjects. These biases "have an asymmetric effect by gender — positive effect on boys' achievements and negative effect on girls. Such gender biases also impact students' enrollment in advanced level math courses in high school — boys positively and girls negatively," the study noted.

Others blame it on parents: According to the UK's Institution of Engineering and Technology, only half as many parents had tech aspirations for their daughters as they had for their sons while only 1% saw engineering as a career path for their daughters. Still others blamed the "geeky environment" in tech, with "girls' lower sense of belonging could be traced to lower feelings of fit with computer science stereotypes."

All this may be true, but there is a way to fight it: Determination. If the glass ceiling for deep tech is still thick, the good news is that there is a lot more support for girls in school today than there was when I was a student. High schools, universities, and the business world are much more sensitive to the glass ceiling than ever, and there is a plethora of organizations and programs that help girls get involved in math, science, and tech. I know some people are uncomfortable with preferential programs of this type, but they exist for a reason — and when there is an employment imbalance as in cybersecurity, such programs are more than justified.

In the end, it's about motivating yourself, believing in yourself. Don't let others' attitudes put you off from your goal. I know it sounds like a cliché, but it's still true: You have to believe in yourself, and believe that you are just as good as men — and maybe better because we're blessed with women's intuition, and that's one thing they will never have.

Related Content:


Shimrit Tzur-David is the chief technology officer and co-founder of Secret Double Octopus, the world's only keyless multi-shield authentication technology that protects identity and data across cloud, mobile and IoT environments. Shimrit has over 10 years of research ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
4/13/2017 | 9:28:46 AM
Read advice
As a woman working in the IT and cybersecurity industry for over 15 years, I can tell you the glass ceiling is real and that I am treated differently than my male co-workers in the workplace. I am treated differently because of social norms and how men are used to relating to women. Men initially interact with me as if I'm either their mother or their wife/girlfriend. It takes some months to set the working relationship into the only-professional relation which men automatically assume with each other. 

That aside, I don't think this article was helpful at all and in fact hurts how people interact at work. First off, the author is representing women's rights against her will or "whether I like it or not", so she's definitely not passionate about the subject. And why should she be? She had support to enter a technical career since she was a little girl and she doesn't experience the glass-ceiling on a daily basis. I can't think of a less qualified person to give me advice. As for earplugs when can't or don't is said, should I wear ear plugs when I am told I can't attend the meeting or we don't need your input? Or should I put them in when I'm told I can't expect that pay raise and don't even think about negotiating for better pay? Is that when I become silent and deaf? And did you seriously just pull the "women's intuition" card? Is that my super power? Should I intuit how my router is configured or if my server room door meets physical security standards? No, that's called work, education, attention to detail; all the same things my male co-workers have and do. That kind of stereotypical rhetoric will only continue the idea that men and women posses unique traits which make them uniquely unqualified to do certain kinds of work. Do Jewish people have a mathematical intuition and white men have no intuition of rhythm? I mean, let's double down on those stereotypes! 

You want some advice. Here. Pretend it doesn't matter. Pretend you don't notice. All the routers have the password "crackwhorz"? Don't bat an eye. Do conversations fall silent when you arrive? Don't miss a beat. Are you not invited to Friday's lunch at the local strip club, where they apparently have an amazing buffet? Bring your lunch on Friday's. Wave after wave of bulls***- let it go. There's another woman right behind you, drafting off your progress. Do it for her sake, if you can't do it for own.
User Rank: Strategist
4/11/2017 | 2:28:38 PM
Inaccurate Op-Ed
At it's premise, I get the basic intent of this piece, yet after reading through it a few times I find myself disagreeing with many of the points within. Simply because an industry is populated by more males than females does not necessarily correlate to an existence of a "glass ceiling" within that realm. With specific regards to this continual reference to a wage gap, which, thanks to the Equal Pay Act of 1963, is a complete null-issue.

Where the thin argument comes from stating that women earn a mere .75 cents to every dollar that a man does, comes from a skewed and cherry-picked array of data. Meaning, people are comparing a female with less than a year at an entry level IT position to a male with 40 years and is a CEO. Thanks to the Equal Pay Act of 1963, paying someone less because of their gender for doing the SAME job is federally illegal.

As to your point about more women working lower paying jobs than men, here's a few reasons straight from U.S Bureau of Labor Statistics:

-Men choose jobs that are more dangerous / time intensive / physically demanding.

-Males are more likely to work in less desirable locations

-Men work longer hours, the weekends / holidays

-Men are more likely to pursue higher-stress / higher-paying specializations.

What does this imply? This is what men "choose" to do, while women choose to go other routes based on comfort, fullfillment, autonomy and safety. Nursing, teaching, social sciences, fashion, retail etc. Also, unmarried females make statistically MORE than unmarried males across the board.

Secondly, the cybersecurity industry, in the grand scope of the field, is a fairly young discipline. Specifically, to how it exists today. I realize components of it have been around for many years, cryptography, risk management, physical security and etc. Yet as it is today, its combined application as a suite of tools is young comparatively. That being said, the lack of women within this field does not correlate to some unified oppressive front to prevent them from joining, and benefitting, this industry.

They are simply *choosing* not to at this point, in a substantially less amount that men *are*.

Third, women have the exact same rights as men do in the U.S. Period. Again, it is federally illegal if any entity, in any capacity, to exclude or prevent them from doing so. Staing you're a women's rights activist within the IT industry..for what? You point out any specific instance of a woman being denied pay, training, opportunities or promotion based solely on the fact of her gender and I'm right there with you in the fight. Until then, please let me know what rights are being infringed upon that require such activism?

Yet another point of contradiction I read was your closing paragraph versus the one before it that stated the need for a plethora of programs aimed at females for STEM. You encourage women to believe in themselves, self-motivate, and ignore others' attitudes..but say they should have their own preferential programs? Does that not, at its very core, undermine the entire premise of gender equality? If a male or a female are competing for the same spot in a cybersecurity firm, shouldn't the position be awarded to the one most technically proficient? Saying women require their own special programs seems to damage their case more than enhance it.

In the end, your successes and hard work are more of an example to emulate as well as being a beacon to women not yet in the industry, than saying they are doomed to be crushed under a glass ceiling that, quite frankly, exists because people keep stating it does.

Also, the entirety of this article lost its punch with me when you added "You have to believe you are just as good as men, and maybe better because of women's intuition". Again, it undermines premise of equality by implying a genetic advantage, and also, further perpetuates the notion of "us vs them". Which is incredibly dangerous and divisive in itself. When it should be all of *us* in cyber security are versus *them* trying to break our systems and companies.. 

User Rank: Ninja
4/11/2017 | 12:50:02 PM
Israel does it right
When it comes to women in Cybersecurity or Hight Tech, Israel does it right. Having worked as an executive for several years in an Isareli Security company, i have seen it first hand: there is there no difference between what a woman or a man can achieve in Isreali executives' mind.  It is rooted in the country traditions: after all, women  have to do military service.  There is no "light" treatment of women for hard tasks if they are up for them, nor for technical tasks.  Parents and teachers support them, through strong training and by building character.  I believe it starts with parenting, pushing our daughters and sons similarly through all tasks and developing their determination so that they reach the goals they want to achieve. 
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
4/11/2017 | 11:16:35 AM
Thanks for sharing the stats from the EEOC.  I have seen a variety of statistics putting women in tech at 15 percent to 50 percent and everywhere in between.  It'd be nice to have hard data with transparent methodology on this.
User Rank: Apprentice
4/10/2017 | 5:45:21 AM
SSC Exam Calendar 2017
Staff Selection Commission Board has recently released a notification for the latest Exam Calendar for the year 2017. All the exam will be conducted through the SSC Exam Calendar 2017.

SSC Exam Calendar 2017
User Rank: Apprentice
4/10/2017 | 5:44:19 AM
SSC Exam Calendar 2017
Staff Selection Commission Board has recently released a notification for the latest Exam Calendar for the year 2017. All the exam will be conducted through the SSC Exam Calendar 2017.

SSC Exam Calendar 2017
User Rank: Apprentice
4/6/2017 | 4:37:18 PM
Thank you!
Being a female in a Cybersecurity program, I have felt the pressures of being in a male-dominated field already. Although I feel very comfortable around men, being no stranger to this atmosphere in prior career paths I have chosen, I feel a very intense pressure to have to prove myself in this field already. I thank you for writing this article, it has given me a new sense of determination and confirmation that I have made the right decision by going choosing this field of study.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...
PUBLISHED: 2020-09-23
An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar...
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory a...
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains...