Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

A Fathers Perspective On The Gender Gap In Cybersecurity
Threaded  |  Newest First  |  Oldest First
User Rank: Ninja
9/30/2015 | 11:03:05 AM
Gradual Change will come if meritted
As I said in the previous article referenced there is disparity everywhere. Its our moral fabric as a society not to prohibit a person from pursuing a field that interests them. I do believe that more education around information technology and information security needs to become more prevalent within schools. But I doubt that this will result in closing the gender gap within these fields. My evidence is that even though education has been barren in this type of education it would result in a disparity of all genders from these fields as all genders/races/ethinicitys are schooled collectively. As someone who believes that people should do what they have interest in, I support women and men trying to attain any goal that they have. But from a early guidance point the first question should be "What are you interested in?" From that, positions and fields should be explained to compliment those interests. There should be no steering in any which way from those interests.

At this point, no one is restricted from attaining a job due to these physical data sets. It has been this way for a long time. Because of this if more women become interested in infosec and IT the change will come but will be gradual. But I think trying to invoke change because there is a disparity of this type is foolish and in the end may detract from what the persons true interests are. In the end, the quest to not steer an individual from a cause they are truly interested in may be violated as a result of trying to close the disparity. In essence, the ideal end goal may be riddled with hypocrisy. 
User Rank: Moderator
9/30/2015 | 2:26:43 PM
Re: Gradual Change will come if meritted
Great point. I think right now the interest in cybersecurity in particular is a bit funny for girls due to the strange role model disparancy that exists.  For example, if you look at more recent pop culture, it's natural for many girls to think that you need a bit of a tougher edge much like Lisbeth from the Girl with the Dragon Tattoo.  Seems a little funny, but as a woman working in the field, I do get lots of people trying to draw a connection between what I do (help organizations put together security strategies) and the type of character from that book.  In reality, when I got interested in cybersecurity, it was because of all the books I read on the history of cryptography and the work that many women did, especially in WWII.  These are the role models I think many girls need, but sadly they don't get as much recognition as it's more popular to focus on hacker culture which might scare many girls off as being too harsh or too technical of a career path.

Either way, we definitely need more role models, and while we are nowhere near there yet (In my experience I am a perfect example of a women sitting on all male IT security teams), we just need some more strong role models from all points of history to show girls that women have historically helped with great progress in cybersecurity, we just often get overlooked by the sheer number of our male peers.
User Rank: Apprentice
9/30/2015 | 10:34:36 PM
Re: Gradual Change will come if meritted
These are all fascinating personal stories, shared after a great post. All around one of the best things I've read on this site. That said, I am hoping for a little clarification. Is part of the problem that tech in general -- whether IT or security --- is more sexist a field than, say, marketing or consulting?
User Rank: Guru
10/1/2015 | 2:06:26 PM
Re: Gradual Change will come if meritted
Broadway0474, thanks for the feedback. Related to your question, everyone's experience is different and it's difficult to make broad generalizations about sexism in the industry. In my experience, the male dominated technology industry has produced regrettable bits of culture (as mentioned in the article) that are counterproductive to increasing the perception that information security is a desirable venue for women.
User Rank: Guru
10/1/2015 | 1:33:33 PM
Re: Gradual Change will come if meritted
Stratustician, I couldn't agree more about the need for role models, and "Lisbeth" is a fantastic example of a stereotype that isn't necessarily productive if the goal is increased participation in information security domains. Fortunately we do have some strong role models like yourself and hopefully over time the perceived "Lisbeth" character requirements cease to exist.

Thank you for commenting.  
User Rank: Guru
10/1/2015 | 1:24:04 PM
Re: Gradual Change will come if meritted
RyanSepe, thank you for commenting. I agree that the goal should be to raise awareness of the career potential in information security. The goal isn't perfect parity between genders, but rather a growth trend in female participation over time which will elevate the long term performance of operational defense teams. 
User Rank: Guru
9/30/2015 | 5:46:12 PM
I don't know anymore
I've dreamt of being in CyberSec for a really long time. Pretty much since I was an awkward teen in the early 2000's. I read, research, talk about joining the industry. Heck, I even tried to get into uni so I could study it. But all I hear is no, or your not good/smart enough. I'm used to those remarks. I have 8 years of solid work experience in a number of IT roles. I currently work in a high school and have contact with students. staff and administration and I understand the need for people in CyberSec. I give them the best information I can but as for possibly advancing into the industry, I doubt I will get this opportunity. I've applied for scholarships, loans, credit in order to go to training courses and bootcamps but I always get denied. With no family support and in a job where I barely make ends meat, I cannot afford to get the training. I've looked for mentoring. I've looked for jobs but you just get to the point where you've just got to let the dream go.

Good luck ladies.
User Rank: Guru
10/1/2015 | 1:57:30 PM
Re: I don't know anymore
Nemocraig, I'm sorry to hear that people are providing such negative feedback. I don't think you should let the dream go. In the words of Walt Disney ""If you can dream it, you can do it."

I don't know your exact situation, but I do know that there are a lot of employers who need qualified candidates with a strong portfolio of work. Forget about the classes and certifications and focus on building your skills. If you're determined to succeed here are two suggestions:

1. Start a blog and regularly chronicle your journey which will help publicly demonstrate your security knowledge and skills. For inspiration and a testament to the power of patience and persistence check out the Year of Python project.

2. Network within open security communities. Start with your local OWASP chapter. These types of forums are invaluable resources to meet like minded people who share your passion across the full spectrum of skill levels.

Thank you for your comment.
User Rank: Guru
10/11/2015 | 3:48:47 AM
Re: I don't know anymore
I'm not determined to succeed anymore. I've given up. 

In the words of Walt Disney ""If you can dream it, you can do it."

I can't anymore. I've been on my own since I was 14 and now I am 24 with no formal education. I struggle to make ends meet and I have no support. I have to do everything on my own and I've reached out to so many people to help me but I get turned away.

There is only so many no's/you can't that a kid can deal with and I've reached the end of my rope. I've given up on my career, on my life really. You'll probably read my obituary before you read that I've succeeded in getting into CyberSec
[email protected],
User Rank: Apprentice
10/1/2015 | 11:22:30 AM
The gender gap in infosec
I agree with Levi in that the US government's numbers for females in the information security field (at almost 20%) is far higher than I've experienced personally.  5% is much closer to the number I see at conferences and seminars, if you disregard IT Audit related personnel.

That said, I'm not convinced this is a real problem unless there are some sort of artificial barriers to women entering this industry.  As we're always looking for more qualified practicioners women entering in higher numbers would certainly be welcomed, but how would one go about nudging females into the career, and why exactly should we do that?  

I agree the issue is larger than the narrow slice of infosec, but it seems that society is saying "follow your dreams" or "pursue your interests" and then turning around and saying "but more of you females should be interested in STEM careers."  As a father of male and female teenagers and an infosec practicioner myself, I've always presented my career positively and would welcome their interest in pursuing it, but I don't think either of them will end up in infosec.  At the local high school they have some great STEM-oriented classes that the school administration is really marketing to the female students, and yet the classes are still 80% male.

When I want help repairing my lawn mower or working on my car my daughter will turn me down almost every time, while my son will want to try to do the job by himself.  My son hates the one required foreign language class he has to take, while my daughter buys books and programs to teach herself 3 additional languages.

Is there something wrong that my daughter gravitates to linguistics while my son tends toward mechanical engineering when they both had virtually the same exposure and opportunities?  Does that represent a problem that needs resolved?  Isn't there a possiblity that the sexes have some inherent differences in their outlook on life, and shouldn't we allow that to happen?
User Rank: Guru
10/1/2015 | 2:23:00 PM
Re: The gender gap in infosec
Rookiewilliams99, I completely agree that we shouldn't be forcing our daughters into STEM paths in order to achieve gender parity. You're absolutely correct that children should pursue their inherent academic interests.

I think the problem that needs solving is increasing awareness about information security careers at an earlier age. Obviously your children are well aware of the possibilities and career path, but generally I believe there is a shortage of information in schools about information security. Given the higher female collegiate graduation rates, if as an industry we can raise awareness, perhaps more women will naturally choose INFOSEC careers.

Thank you for commenting.
User Rank: Guru
10/1/2015 | 1:36:16 PM
No reason to drag feet on gender bias
Computing in general is an old boys club with the attendant male priviledge that keeps it that way. There is a bias and as long as we don't acknowledge it clearly and do what we each can do to break stereotype driven personnel decisions it will remain.

Sure there may be some inherent gender differences, but looking at the way things are today tells you nothing clearly. Social historical baggage clouds the view.

I could go on, but there is no reason to be satisfied with gradual change. That's just lazy thinking and reminds me of the excuses regarding civil rights.

I went to school with some bright girls who went on to engineering careers. It was clear they were expected to produce excellent results always or be dismissed as serious students.

Is that how you want life to go for your daughter?
User Rank: Guru
10/1/2015 | 2:35:16 PM
Re: No reason to drag feet on gender bias
Mwalker871, thanks for commenting. This article was focusing on the dearth of information security career awareness in our education system, but I agree that there are multiple issues affecting the female participation rate in information security (and STEM more generally). Conscious and unconscious gender bias is certainly a core issue and personal responsibility for bias identification and removal is something that we should all be advocating. 

User Rank: Strategist
10/9/2015 | 1:16:26 PM
Re: No reason to drag feet on gender bias
First of all there is a lot of evidence that the apparent career preferences of the two genders are actually biological in nature.  Studies on children as young as 1 day old have shown that when presented with 2 images, one of a human moving and the other of a mechanical object, males will stare at the mechanical object far longer than female infants will.  Moreover studies conducted on juvenile primates have shown that male primates prefer to play with "traditional male toys" such as toy trucks and female primates prefer to play with "traditionally female toys" such as dolls.  These studies clearly indicate that the perceived "cultural gender norms" are more likely biological in nature.  We know there are differences in the ways that male and female brains function so why would we not expect these differences to manifest themselves in our career choices.  It quite probable that male preferences for STEM fields and female "aversion" to them is a consequence of biological underpinnings. 


Secondly why is a dearth of females in STEM fields even considered a "problem" to begin with?  The "gender gap" in STEM fields is no more a problem then the gender gap in nursing or education where women hold the majority of positions.  Nor is it any more of a problem then the lack of women in professions such as sanitation, auto mechanics, coal miners, ect.  We don't "need" more female STEM majors any more than we "need" more female coal miners or male nurses.  The only thing society needs is enough individuals to fill the required number of positions that are competent at their jobs.  Indeed pressuring females into fields where they may be less naturally inclined to excel in or be less content it could in fact be harmful to society as a whole as it would waste resources training somebody who will eventually drop out of the field or be less effective then another individual who would have otherwise received the position.  
User Rank: Moderator
10/1/2015 | 3:45:23 PM
Inherent Value in Diversity? Really?
>> "Women's participation rate in STEM is a problem because research suggests, and I know from experience, that mixed gender teams outperform uniform gender teams. The long-term implications are especially significant for a cybersecurity industry that is immature and desperately needs every advantage to compete against modern threats."

Using that logic, malicious actors have learned to employ mixed gender teams to achieve their present position of far outpacing the cybersecurity defense industry. What other explanation could there be?

It's religious-type uninformed statements like the above that obfuscate the reality of this non-issue. Has anyone considered the possibility that more women don't get involved in these careers for one simple reason - they don't want to - and there may be nothing at all wrong about that?

Let's also chuck the myth that there is inherent value in gender diversity. If that were true, that would mean that a relationship between a male and a female is inherently more valuable than a same-gender relationship.

See where you wind up when you leave the path of common sense?
User Rank: Apprentice
10/5/2015 | 10:08:29 AM
Re: Inherent Value in Diversity? Really?
I'm more inclinded to think the real issue has more to do with popular culture and perception, as the author put it: "It was no longer "cool" due to the social attitudes communicated to her peer group before she was even a teen."

Look at how society portrays people involved in this field in pop culture. The "STEM" guys and gals are almost always overly nerdy, uncool, quirty and have terrible fashion sense! Of course very few women are attracted to it! To be attracted to STEM is to be "unattractive" by the standard of Hollywood and pop culture.
User Rank: Strategist
10/2/2015 | 7:41:10 PM
The Why of Gender Bias
This is actually a topic I can speak to with the authority of actual research (all my generalizations can be supported by real numbers). My Thesis topic in grad school asked if there was an inherent gender bias in SW design (and yes, there is but that's another post).

It starts in grammer school, where feelings about STEM are first formed. The testosterone boys typically have at that age makes them aggressive in the classroom; they tend to dominate the teacher's attention and the classroom respources. (i.e. computers)

To compete with this, girls typically memorize subjects (better than boys) to please the teacher. However, by the time they get to college, this game has lost its charm. Consequently, the numbers for women who choose STEM majors are dwarfed by similar choices made by men.

This is because girls don't learn how fun STEM is, they simply learn by rote for approval. Boys learn that STEM is like a toy or game. This preloads their enthusiasm for STEM and the hard work it takes to be good at it. 

We need to provide is the same opportunities for growth to women, and this effort reaches way back to grammer school. Teachers need to (be better paid and) understand the biological classroom dynamic, so they can cultivate the enthusiuasm for STEM and infosec.


User Rank: Strategist
10/5/2015 | 11:21:47 AM
STEM has little to do with gender bias

"Author Robert Charette quotes CEO after CEO claiming an engineering shortage, all the way back to 1934. ... " :

The real problem is that those jobs don't pay enough or are in constant danger of being outsourced to places or people with cheaper labor rates.  If the shortage was real wages in those jobs would rise which is not happening and qualified people would not have given up looking for tech jobs they they kept getting passed over for.

Children are not stupid. They don't get to see one of their parents for 60 to 100 hours a week while they listen to the complaints about being paid for 40 in those few moments of time they do get to see their tired worn-out parent. Why would they want to do the same?

See the 400+ comments on "The STEM Crisis Is a Myth" on the ture problems:


Bottom line is that the people that do the hiring only want fresh young *exploitable* labor...




I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file