Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

2/2/2021
10:00 AM
Sarah Tatsis
Sarah Tatsis
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

How Recruiting Women Can Help Solve Security's Biggest Problems

We can solve cybersecurity's longstanding talent gap by bringing more women into the field.

Long before the COVID-19 pandemic, the cybersecurity profession faced a talent crisis. Multiple studies show a growing skills gap in the field; while the numbers quantifying unmet demand vary, the message is consistent. There are simply not enough cybersecurity experts in the global market to manage the growing number and range of cyber-risks out there. 

It's clear that COVID-19 made these talent problems more acute. The sudden shift to remote work accelerated the expansion of the attack surface through a precipitous rise of Internet of Things (IoT) and connected devices. Meanwhile, cybercriminals redoubled their efforts to lob phishing, ransomware, and other attacks against the newly distributed workforce. This combination of an overwhelming expansion of the attack surface and threat volume increases pressure on already strained security professionals, strengthening the need for reinforcements to help them fight the good fight.

Related Content:

The Cybersecurity Skills Gap: It Doesn't Have to Be This Way

Special Report: Understanding Your Cyber Attackers

New From The Edge: FBI Encounters: Reporting and Insider Security Incident to the Feds

Layered on top are the troubling work-life balance trends that have caused many workers — in IT, cybersecurity, and beyond — to withdraw from the workforce to help children in online learning, care for sick relatives, and tend to other personal matters. Early studies show that the effects of COVID have disproportionately affected women's career and economic wellbeing. This may be the perfect moment to plan a dramatic, strategic shift in how companies attract, recruit, and retain a new and expanded generation of cybersecurity rock stars.

An Opportunity to Reduce Risk
As vaccines come available and the world recovers, the post-COVID era will be an opportunity to recruit more women to cybersecurity careers at all levels. By focusing on reengagement campaigns with women and training female professionals seeking to reenter the workforce, cybersecurity organizations may be able to kick-start momentum in recruiting women into the field. Hopefully, these gains can snowball into more outreach to girls as they progress through school and enter the workforce.

This may enable the cybersecurity industry to solve some of the broader talent problems that have been endemic to the career for a long time. This includes three of the biggest ones hiring managers and team leaders are trying to address. 

1. Filling the Talent Gap
There are millions of open positions, and statistically, the only way we'll be able to fill them is by broadening the field of prospective employees. Women have been underrepresented in cybersecurity, which is artificially restricting the pool of candidates. It makes no sense to leave half the population out. The more we encourage and facilitate women to enter the field, the easier it will be to fill the talent gap. 

2. Creating a More Resilient Brain Trust
Managers are not only struggling to find enough bodies to fill their teams; they also need a range of creative thinkers who bring different perspectives to the threats they face. Anticipating a range of risks and threats in advance and coming up with expedient ways of dealing with vulnerabilities and incidents as they happen are harder when everyone on the team comes from the same cultural and educational backgrounds. Adding more women to the mix creates a diverse workforce that incorporates different modes of working on a problem, different viewpoints, and different backgrounds. This makes the industry stronger. 

3. Tackling a Greater Diversity of Threats
Diversity in perspective could also help the security profession broaden its mission beyond its dogged focus on data breaches to solving difficult and dangerous social issues. For example, using technology to perpetrate gender-based violence is a growing problem, and getting more female representation in cybersecurity may help shift the focus toward addressing these threats. BlackBerry recently sponsored a great event about technology-facilitated gender-based violence by The Centre for International Governance Innovation and Soroptimist International of Kitchener-Waterloo that discussed issues such as deepfake technology used to fabricate sexual images, public disclosure of private information, stalkerware, doxing, online harassment, unauthorized access to information or devices, and other tactics that perpetrate physical, psychological, emotional, and economic harm. To tackle these kinds of serious, gender-based threats, it's important to have a diverse group looking at ways to reduce risk. 

What It Will Take to Recruit Women Into Cybersecurity
Bringing women to the field is no simple task. It will take a combination of outreach and educational programs to recruit women at all stages of educational and professional development. It's important to demystify cybersecurity so that women and girls understand it isn't just hackers with hoodies doing mystical things with code. For example, the Digital Defenders program BlackBerry created with the Girl Guides of Canada encourages girls to take a "how stuff works" approach to cybersecurity, giving them a robust and in-depth look at industry-specific topics through play and discovery-based learning. Companies also need to create inclusive environments where all genders thrive.

At BlackBerry, we're using our internal programs and funding external initiatives to boost the diversity of the workforce. I encourage my security peers at other organizations — vendors, consultancies, governments, and enterprises alike — to advocate for investments to bring more women into the cybersecurity fold. I believe this effort can help solve some of the most acute problems the industry faces.

Sarah Tatsis is the VP, Advanced Technology Development Labs at BlackBerry. Sarah and her team of engineers are responsible for taking new technologies from ideation, to incubation, to delivery into BlackBerry products and for helping BlackBerry stay on the cutting edge of ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tcritchley07
50%
50%
tcritchley07,
User Rank: Moderator
2/6/2021 | 1:10:47 PM
Interest Isnt The Only Problem
Does your daughter have a solid underpinning IT education. With the WW shortage of cybersecurity skills to fill the 3.5m positions I find the lack of response puzzing too. Might I ask where the degree was obtained?

Cybersec is not a silo subject; it needs knowlege of other aspects of IT, such as networks. monitors and some peronal ideas about the analysis of network traffic to sort th good guys form the bad. Alo, I suggest she looks at RINA (Recursive Internet Architecture), bne up and sock it to them; it is 100% faster and more secure that the curent , poorly desinged nternet and the products which support it. Can help here but not in the detal.

Terry
Prmcgrat
50%
50%
Prmcgrat,
User Rank: Apprentice
2/4/2021 | 3:02:27 PM
Interest Isnt The Only Problem
While I agree that there may be limited interest in the field from our young women, this is not the only barrier they face. My daughter obtained a cybersecurity degree with a desire to pursue this line of work a year ago, and has yet to receive a call back for any of the cyber positions that she has applied for. I applaud your efforts at Blackberry, but I am not certain that the rest of the industry is as forward thinking.
tcritchley07
50%
50%
tcritchley07,
User Rank: Moderator
2/3/2021 | 2:05:22 PM
Females in Cybersecurity
I devised a survey for female student aged 14-18 on why they didn't take up compting studies at school. The top reasons were it is boring, needs to much maths and is geekish, a male preserve, The 'computing' in question is computer science (CS) which today bears little resemblance to what the workplace wants. You cannot push females of this persuasion directly into cybersecurity from a standing start. They need a comprehensive, pragmatic underpinning computing knowledge befoe moving to specialisation. The current underpinning (CS) is inadequate and they cannot pick up cybersecurity without this (non-existent) base any more than a medic can become a heart specialist without going through general medical school first.

This approach to specialisation is a huge mistake, made by people who do not understand the current fast moving and evolving computing scenario today. Can demonstrate this if necessary.

Terry Critchley  [email protected] with 50-year notches on my IT gun.
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32812
PUBLISHED: 2021-08-02
Monkshu is an enterprise application server for mobile apps (iOS and Android), responsive HTML 5 apps, and JSON API services. In version 2.90 and earlier, there is a reflected cross-site scripting vulnerability in frontend HTTP server. The attacker can send in a carefully crafted URL along with a kn...
CVE-2021-32787
PUBLISHED: 2021-08-02
Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads and ...
CVE-2021-32811
PUBLISHED: 2021-08-02
Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and have the optional `Produ...
CVE-2021-21866
PUBLISHED: 2021-08-02
A unsafe deserialization vulnerability exists in the ObjectManager.plugin ProfileInformation.ProfileData functionality of CODESYS GmbH CODESYS Development System 3.5.16 and 3.5.17. A specially crafted file can lead to arbitrary command execution. An attacker can provide a malicious file to trigger t...
CVE-2021-27499
PUBLISHED: 2021-08-02
Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application layer encryption of the communication protocol between the Ypsomed mylife App and mylife Cloud uses non-random IVs, which allows man-in-...