Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
To Improve Workforce Diversity, Widen The Search, Feed Infosec Talent Pipeline
Newest First  |  Oldest First  |  Threaded View
DorisG987
DorisG987,
 User Rank: Strategist
3/12/2016 | 5:54:10 AM
To improve diversity, train the top
Edgar Perez teaches a 3 Day Masterclass in Cybersecurity designed for C-level executives and senior managers. Furthermore, he is offering cyber security workshops for boards of directors and CEOs worldwide. He is the author of The Speed Traders and Knightmare on Wall Street, and his comprehensive training programs have been widely recognized by the media for his independent and non-biased approach.
syntax_attack
syntax_attack,
 User Rank: Strategist
3/11/2016 | 1:03:05 PM
Re: "Sweetie, those toys are meant for boys!"
Thank you for providing more information.  I certainly cannot speak to the cultural atmosphere regarding women and STEM careers in Columbia.  I do hope things continue to improve for women down there.
CamiloD
CamiloD,
 User Rank: Apprentice
3/10/2016 | 10:44:51 PM
Re: "Sweetie, those toys are meant for boys!"
Thanks for your comments, and it's great to hear about those activities taking place near you.

I apologize for not giving first a bit of context - My country (Colombia) is a developing nation with a kinda-sexist society. Sure, lots of improvements have been made in the last few years, but even today you can hear and "feel" certain sexist conducts against women. A small example - Girls who decide not to have kids are usually met with heavy social backslash. Their families and friends constantly nag them for "not contributing to society", "being selfish", "aiming to become a lonely person", and other ridiculous statements. But back to our topic: As I mentioned, women in my country are sometimes met with social backslash for showing interest in science & IT subjects and careers.

I absolutely agree with you - It's not like "girls can't be scientists or IT professionals" around here in Colombia. If a girl wants to do so, she'll make it like any other person. What I meant was that those girls will sometimes be seen as "awkward", "weird", "not very feminine", and (again) other ridiculous statements.
syntax_attack
syntax_attack,
 User Rank: Strategist
3/10/2016 | 3:45:16 PM
Re: "Sweetie, those toys are meant for boys!"
What are you talking about?  My children's school has engineering and STEM fairs held only for girls.  Our local community college holds STEM days for the females in the local high schools.  I have seen numerous commercials for women in stem fields as well.  Girls are being shoved towards these fields and they simply don't want to enter them.  In fact, the more egalitarian a society the less likely women are to enter STEM fields, it is only when STEM jobs are the only option for a decent salary (like in many developing nations) that women flock to them.  The more choices a woman has the less likely she is to choose STEM.  Please tell me the last time you heard a girl told that she couldn't be a scientist or an IT professional.  I haven't heard that in at least 25 years.  
CamiloD
CamiloD,
 User Rank: Apprentice
3/9/2016 | 3:46:14 PM
"Sweetie, those toys are meant for boys!"
Although it's true companies have to "broaden the pool", I believe another important factor is how science and IT topics are shown to kids. Specifically, girls in some cultures are discouraged of getting in touch with tech & science subjects, hobbies, and toys because "those things are meant for men" and "they aren't feminine". Even worse, that social scolding is done by both men and women.

Of course it's not the sole reason of the whole "diversity gap". But societies need to further evolve and to put past them all those sexist and racist ideas. I can only hope I live long enough to see it with my own eyes =)
syntax_attack
syntax_attack,
 User Rank: Strategist
3/3/2016 | 11:00:17 AM
Broaden the pool
"Yes, we all want the best candidates," says Joseph, "but broaden the pool." She suggests actively recruiting women and people of color, by going to them instead of waiting for them to find you through the same old channels.

 

If you want to "broaden the pool" then you should be trying to get as many poeple as possible to apply, not just as many "people of color" or "women" as possible.  The fact of the matter is the pool already consists of the majority of people, almost anybody who wants to become an IT security professional can self educate (serveral ivy league colleges have their class materials online for free).  If someone is too poor to even have a computer at home they can use the public library.  In fact the largest demographic that is probably truely cut off from the profession would be those who live in poor rural areas (often there is no public transportation to take them to a public library that could be 50 miles away.  If you truely want to broaden the pool then the best way to do it is to help that demographic regardless of the racial or gender makeup of the population that needs access to these programs.  

 

I really tire of the "we must have diversity" crowd.  This is the same group of people who will tell you that race or gender don't matter and then turn around and demand racial or gender quotas.  How about we hire based upon merit and recruit those that have a desire to learn and leave it at that!
DarwinC123
DarwinC123,
 User Rank: Strategist
3/2/2016 | 10:43:36 AM
can lead a horse to water
While I was able to brainwash my daughters to love Dr Who, computer gaming and the science genre, they were still more captivated by human drama in customer support and education fields.   They are smart and 'workaholic' (lol), but, they have told me that due to their gender and race, they have been able to go whereever they wanted in IT. They are were they want to be and only limit themselves. So, when, I see my employer advertise only in minority associations and such schemes to increase diversity, I wonder if we are looking for the best candidates or wanting to checkbox a statistic.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-10074
PUBLISHED: 2023-02-07
A vulnerability was found in OpenSeaMap online_chart 1.2. It has been classified as problematic. Affected is the function init of the file index.php. The manipulation of the argument mtext leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version staging is ab...
CVE-2022-31254
PUBLISHED: 2023-02-07
A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to r...
CVE-2023-0706
PUBLISHED: 2023-02-07
A vulnerability, which was classified as critical, has been found in SourceCodester Medical Certificate Generator App 1.0. Affected by this issue is some unknown functionality of the file manage_record.php. The manipulation of the argument id leads to sql injection. The attack may be launched remote...
CVE-2023-22643
PUBLISHED: 2023-02-07
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADA...
CVE-2023-23696
PUBLISHED: 2023-02-07
Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system.