Closing the Gender Gap in Cybersecurity: 3 Critical Steps

Women in security need to step up as industry role models and set the example for future generations. Here’s how.

Haiyan Song, SVP Security Markets, Splunk

May 20, 2016

5 Min Read

The gender gap in Silicon Valley gets a lot of attention but this is not just a Silicon Valley problem. As a woman in the male-dominated technology industry, I first experienced the gender gap when I was in college at Tsinghua University (the top engineering school in China), where less than 3 percent of my class was women. I’ve seen the issue throughout my career and have managed to overcome my fair share of adversity.

Here is my advice to women looking to enter and excel in cybersecurity:

Be Yourself

The best way to break stereotypes in tech is to be comfortable in your own skin. The confidence you carry allows people to focus on the merits of your opinions and contributions. To help women break into the security industry, we need more female role models to step up and show that there are no gender-specific qualities that make a cybersecurity professional great at their job. Female cybersecurity professionals who are looking to help close the gap should offer their wealth of experience to others and mentor them through the challenges of breaking into a male-dominated industry.

I learned early on to take what feels like a disadvantage in a situation and use it to your advantage. In my early 30s, I was the only woman at the table during a business meeting in Japan and felt like I was being underestimated. Rather than feeling intimidated or discouraged, I took the opportunity to challenge the stereotype my audience placed upon me and showcase my understanding of the business partnership from both perspectives. This was a memorable experience for me, as I learned that being underestimated can sometimes be your biggest strength when negotiating.  

It’s also important to realize that you don’t need to have a highly technical background in order to have a role in the cybersecurity industry. If you don’t have a degree in computer science, work hard to learn and develop your skills. Then, when an opportunity presents itself, take it. Backgrounds in non-technical industries, like music, for example, can be a great indicator for success in analytical jobs, such as a security analyst.

Push the Boundaries

Many women are overly cautious and want to be 110 percent ready before venturing into something new. However, there is always a reward for taking risks and challenging yourself. Even if the outcome isn’t what you expected, the experience of pushing the limits is incredibly valuable -- and often bridges to new opportunities.

Early in my career, I was managing the security program at Informix, where I was succeeding and generally comfortable in my role. As part of the company’s talent development program, I was asked to switch teams and manage a new program. At the time, this seemed like unknown, daunting territory as I had very little knowledge of this new field. Despite the obstacles in this transition, I successfully took on this new challenge, relying on my technical skills and leadership experience paired with support from senior management.

I consider this experience a pivotal moment in the evolution in my thinking about leadership and management. It gave me the confidence to step into new and different roles, which has allowed me to build a diverse background. In today’s evolving security landscape, there are always new variables to consider. We have to be prepared for the unexpected. Without eclectic talent, we lack the diverse thinking necessary to overcome those unexpected challenges. Security needs the best of human intelligence to combat growing cyber threats, making it essential for those in the field to be lifelong students of the trade.   

Be a Role Model

A broad stereotype exists about who a security professional is, how they act, and even what they look like. The media depicts cybersecurity experts as lone, nerdy men, which makes it difficult to entice women at a young age to be interested in the industry, let alone math and science programs.

To combat this negative stereotype, women in security need to step up as industry role models and set the example for future generations. Industry professionals, both men and women, should offer their guidance and leadership to those looking to enter the field. We’re finally starting to see the media combat the gender gap, by casting women as lead roles in STEM-related shows. One of my personal favorites is Quantico, whose lead (Alex Parrish, played by Priyanka Chopra) is a young, female FBI recruit. It’s great to see Hollywood using its influence as a platform to encourage more women to pursue careers in STEM. I’m hopeful that more movies and TV series will follow suit.

To further these efforts, we need to prime our education system to incorporate forensics and intelligence courses into students’ curricula. The more we can interest girls in STEM programs at a young age, the more confident they will be as women entering and succeeding in the tech industry.   

The gender gap in security is a product of stereotypes about woman, STEM programs and the security industry as a whole. Constantly trying to fulfill the stereotype of a cybersecurity professional is holding the industry back. Worse, it hinders our ability to grow, strengthen our defense against, and respond to complex attacks. The cybersecurity industry needs smart people who are willing to think creatively and work hard. Gender should never be a factor.

Related Content:


About the Author(s)

Haiyan Song

SVP Security Markets, Splunk

Haiyan leads the security business at Splunk and is responsible for driving Splunk's strategy and execution in the fast-growing security market. Splunk Inc. provides the leading software platform for real-time operational and security intelligence.

Previously, Haiyan spent over 8 years at ArcSight-HP Enterprise Security Products as vice president and general manager, where she was responsible for driving product strategies and business execution. During her time at ArcSight, she led and grew the product team through the company's IPO and subsequent acquisition by HP. Before joining ArcSight, Haiyan held various executive leadership positions at enterprise software companies and service providers including Escalate, Ketera Technology, Omniva Policy Systems and Sensage. She started her career at IBM Informix where she led the development of Informix-Online/Secure, its trusted relational database management system product and its system management portfolio.

Haiyan studied computer science at Tsinghua University in Beijing (CS 32, 1983), China. She holds a Bachelor of Science and Master of Science degree in Computer Engineering from Florida Atlantic University. Haiyan completed the Stanford Executive Program for General Management in 2012.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights