Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Want Your Daughter to Succeed in Cyber? Call Her John
Newest First  |  Oldest First  |  Threaded View
frk055
frk055,
 User Rank: Apprentice
5/21/2018 | 12:37:07 PM
Changing perceptions and realities in cyber security
 

Rob Clyde with ISACA recently noted their research on the topic: https://www.linkedin.com/pulse/isaca-data-diversity-issues-rob-clyde/

"An overall 31-point gap was found when it came to male and female perceptions of career advancement opportunities for women, compared to a 10-point gap for those with diversity programs in place within their organization"

If there continues to be a perception that women do not have the same advancement opportunities as men in IT and cyber security, fewer are likely choose to pursue it as a career path. ISACA research data indicates that programs may help or at least change perceptions about advancement opportunities. Programs are a start, but I do not think that they alone can drive the shift that is needed. The points raised about merit and hiring the best candidate are solid ones, yet there's a need for cyber security leaders take action to address both the perceptions and realities of the issue so that we have a larger talent pool of both women and men to fill the need for cyber security professionals.

Full report from ISACA at: https://cybersecurity.isaca.org/state-of-cybersecurity

 
JohnDeSantis
JohnDeSantis,
 User Rank: Author
5/19/2018 | 1:13:18 PM
Re: A problem where there isn't one
"If more men/women applied for these jobs then there wouldn't be a problem" is a very tired argument that has been used to justify racial, gender, foreign origin and religious imbalances for years. I believe we instinctively tend to follow our embedded tribal/family traditions and learnings to follow careers and callings that feel comfortable to us and to go to places where we feel we belong. Maybe it's a survival thing. When one of my children went to college, one of the most interesting bits of advice he got for picking a major was this: look left, look right, are these the people you want to spend the rest of your life working with? In other words, do you feel you belong in this field? The point of the writing was to make more talented women feel that they could belong - and even thrive - if they were moved and/or attracted to the space, and that there were role models, mentors and sponsors that would help them find a path there. In spite of any tribal, family upbringing bias', or education choices made in the past, they could take a leap and belong to this new and exciting field full of opportunity and exciting prospects.
Surfer808
Surfer808,
 User Rank: Apprentice
5/18/2018 | 8:01:39 PM
Re: A problem where there isn't one
I agree 100% that if a man or woman does not have the minimum technical skills to perform an IT security job AND they are not trainable under your coaching/teaching/mentoring, then you are setting him/her up for ultimate failure in the position.


That being said, good security talent is challenging to find. It is incumbent upon good leaders and good companies to seek out a broad, diverse & highly qualified pool of applicants. Most innovative security companies I know are reaching early into academia to seek out the best & brightest, they look to social media to find who is an expert in the area they're pursuing. With this, you get a diversity of opinion on how to address problems and find solutions to propel your organization forward. Without it, you will be stuck in group think and continue to plow down the same rut in your journey.

BTW, RAID is high-reliability storage that divides and replicates data amongst drives in a group. For brevity, RAID1 is primarily used for heavy processing requirements while RAID5 is more used for transactional applications. RAID was introduced in the 1980's when I was in elementary school. Personally, I am more a supporter of the emerging technology like FEC which does away with the arcane issues with RAID storage. Now that's a useful debate.
JasonTLouis
JasonTLouis,
 User Rank: Strategist
5/18/2018 | 5:56:47 PM
Re: A problem where there isn't one
So, all men and women like the exact same things? When I hear someone say men and women like different things, it isn't an all or nothing issue. It's an "in general" type of situation. You could say more women prefer to go into the social work field because that field tends to be dominated by women. Same thing with nursing or teaching to some extent.

Most people can look at these surveys and agree that the ratio of men to women in the tech field is nowhere near even. I don't think we will EVER achieve that. I'm all about merit. I don't really care who you are, if you're good at what you do, that's all that matters to me.

The gender pay gap is an interesting issue. When we look at these studies, it takes everyone and then averages it out. It also looks at maternity leave, taking more part time jobs, etc, to raise a family. It's being blatantly disingenuous to not mention that when it comes to the pay gap. All these surveys take that into account as to why many women are paid less than men in the same career field. Now, I'm not saying there could be cases where women are just paid less, but the majority of these surveys look at everything with regards to pay, including time you take off. Most men do not take any kind of maternity leave. You also have many women not taking more stressful or demanding jobs because of family related things. This obviously doesn't apply to all but whenever you read an article about the pay gap, they NEVER include how they came to those conclusions and what variables are included. You have to look at the methodology to figure out how they came to those conclusions. Just looking at a graph that says women are paid less is fooling yourself if all these companies are illegally paying people less because of their gender. Remember, there are federal and state laws against that kind of behavior.

At the end of the day, more men than women enroll in tech oriented programs. More men than women are looking for tech related jobs. More men than women are wanting to get into the tech field. Security included. That probably won't change anytime soon. What needs to change is starting at the family/education level and removing all stigmas around women in tech or "encouraging" someone to not get into that field due to their gender. They need to realize it doesn't matter, just be good at what you do and you will succeed.
cengel3
cengel3,
 User Rank: Apprentice
5/17/2018 | 2:40:47 PM
Re: A problem where there isn't one
Same experience from my perspective with nearly 30 years in IT. It's been a few years since the last time I hired a direct report, however, when I did only about 10 percent of the resumes I got for the position were female. We did a basic skills competency test for all applicants that looked reasonably qualified and of the few women who came in to do the test, not one scored a passing grade. The male applicants didn't do all that stellar either, but at least a few passed.

The test was pretty basic, there was nothing "gender biased" about it.... either an applicant knows what the difference between RAID1 and RAID5 is or they don't.

The simple solution, if you want more females working in IT, have more qualified females apply for jobs in IT.

 

 
Kelly Jackson Higgins
Kelly Jackson Higgins,
 User Rank: Strategist
5/17/2018 | 8:49:35 AM
Re: A problem where there isn't one
I have to strongly and respectfully disagree with you, @gmax28. First off, your presumption that men and women "like different things" literally echoes the underlying societal problem here. That's a fallacy that has been propagated by generations of outdated mindsets about women's "roles" in the workforce. You probably haven't seen a woman "restricted, disregarded or prevented" in or from an IT or infosec job because you are a man who hasn't experienced the same hurdles and pay gap issues. Dismissing the gender and diversity issue as a nonissue is a systemic problem and is one of the reasons why we are still grappling with a gender and diversity gap in security. The goal is to give everyone a fair shake to contribute to this massive and critical industry that can't keep up with the demand for people to fill its jobs.
gmax28
gmax28,
 User Rank: Strategist
5/16/2018 | 12:31:39 PM
A problem where there isn't one
I've been in IT for over 20 years now.  Not once have I seen a time where a woman was restricted, disregarded, or prevented in any way from an IT job, much less Infosec.  The FACT is that men and women LIKE DIFFERENT THINGS.  Where is the concern that 80% of teachers are women?  I don't see articles on 'How Do We Get More Men into Education."   This is just another liberal cause and this guy is falling right in line with it.  The reason there aren't more women in IT, BECAUSE THEY DON'T WANT TO.  Problem solved!  And it didn't take a CEO solve it... as usual. 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31884
PUBLISHED: 2022-06-28
Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.
CVE-2022-31887
PUBLISHED: 2022-06-28
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.
CVE-2020-19896
PUBLISHED: 2022-06-28
File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.
CVE-2020-19897
PUBLISHED: 2022-06-28
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.
CVE-2021-41559
PUBLISHED: 2022-06-28
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document.