Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Want Your Daughter to Succeed in Cyber? Call Her John
Newest First  |  Oldest First  |  Threaded View
frk055
50%
50%
frk055,
 User Rank: Apprentice
5/21/2018 | 12:37:07 PM
Changing perceptions and realities in cyber security
 

Rob Clyde with ISACA recently noted their research on the topic: https://www.linkedin.com/pulse/isaca-data-diversity-issues-rob-clyde/

"An overall 31-point gap was found when it came to male and female perceptions of career advancement opportunities for women, compared to a 10-point gap for those with diversity programs in place within their organization"

If there continues to be a perception that women do not have the same advancement opportunities as men in IT and cyber security, fewer are likely choose to pursue it as a career path. ISACA research data indicates that programs may help or at least change perceptions about advancement opportunities. Programs are a start, but I do not think that they alone can drive the shift that is needed. The points raised about merit and hiring the best candidate are solid ones, yet there's a need for cyber security leaders take action to address both the perceptions and realities of the issue so that we have a larger talent pool of both women and men to fill the need for cyber security professionals.

Full report from ISACA at: https://cybersecurity.isaca.org/state-of-cybersecurity

 
JohnDeSantis
83%
17%
JohnDeSantis,
 User Rank: Author
5/19/2018 | 1:13:18 PM
Re: A problem where there isn't one
"If more men/women applied for these jobs then there wouldn't be a problem" is a very tired argument that has been used to justify racial, gender, foreign origin and religious imbalances for years. I believe we instinctively tend to follow our embedded tribal/family traditions and learnings to follow careers and callings that feel comfortable to us and to go to places where we feel we belong. Maybe it's a survival thing. When one of my children went to college, one of the most interesting bits of advice he got for picking a major was this: look left, look right, are these the people you want to spend the rest of your life working with? In other words, do you feel you belong in this field? The point of the writing was to make more talented women feel that they could belong - and even thrive - if they were moved and/or attracted to the space, and that there were role models, mentors and sponsors that would help them find a path there. In spite of any tribal, family upbringing bias', or education choices made in the past, they could take a leap and belong to this new and exciting field full of opportunity and exciting prospects.
Surfer808
100%
0%
Surfer808,
 User Rank: Apprentice
5/18/2018 | 8:01:39 PM
Re: A problem where there isn't one
I agree 100% that if a man or woman does not have the minimum technical skills to perform an IT security job AND they are not trainable under your coaching/teaching/mentoring, then you are setting him/her up for ultimate failure in the position.


That being said, good security talent is challenging to find. It is incumbent upon good leaders and good companies to seek out a broad, diverse & highly qualified pool of applicants. Most innovative security companies I know are reaching early into academia to seek out the best & brightest, they look to social media to find who is an expert in the area they're pursuing. With this, you get a diversity of opinion on how to address problems and find solutions to propel your organization forward. Without it, you will be stuck in group think and continue to plow down the same rut in your journey.

BTW, RAID is high-reliability storage that divides and replicates data amongst drives in a group. For brevity, RAID1 is primarily used for heavy processing requirements while RAID5 is more used for transactional applications. RAID was introduced in the 1980's when I was in elementary school. Personally, I am more a supporter of the emerging technology like FEC which does away with the arcane issues with RAID storage. Now that's a useful debate.
JasonTLouis
50%
50%
JasonTLouis,
 User Rank: Strategist
5/18/2018 | 5:56:47 PM
Re: A problem where there isn't one
So, all men and women like the exact same things? When I hear someone say men and women like different things, it isn't an all or nothing issue. It's an "in general" type of situation. You could say more women prefer to go into the social work field because that field tends to be dominated by women. Same thing with nursing or teaching to some extent.

Most people can look at these surveys and agree that the ratio of men to women in the tech field is nowhere near even. I don't think we will EVER achieve that. I'm all about merit. I don't really care who you are, if you're good at what you do, that's all that matters to me.

The gender pay gap is an interesting issue. When we look at these studies, it takes everyone and then averages it out. It also looks at maternity leave, taking more part time jobs, etc, to raise a family. It's being blatantly disingenuous to not mention that when it comes to the pay gap. All these surveys take that into account as to why many women are paid less than men in the same career field. Now, I'm not saying there could be cases where women are just paid less, but the majority of these surveys look at everything with regards to pay, including time you take off. Most men do not take any kind of maternity leave. You also have many women not taking more stressful or demanding jobs because of family related things. This obviously doesn't apply to all but whenever you read an article about the pay gap, they NEVER include how they came to those conclusions and what variables are included. You have to look at the methodology to figure out how they came to those conclusions. Just looking at a graph that says women are paid less is fooling yourself if all these companies are illegally paying people less because of their gender. Remember, there are federal and state laws against that kind of behavior.

At the end of the day, more men than women enroll in tech oriented programs. More men than women are looking for tech related jobs. More men than women are wanting to get into the tech field. Security included. That probably won't change anytime soon. What needs to change is starting at the family/education level and removing all stigmas around women in tech or "encouraging" someone to not get into that field due to their gender. They need to realize it doesn't matter, just be good at what you do and you will succeed.
cengel3
33%
67%
cengel3,
 User Rank: Apprentice
5/17/2018 | 2:40:47 PM
Re: A problem where there isn't one
Same experience from my perspective with nearly 30 years in IT. It's been a few years since the last time I hired a direct report, however, when I did only about 10 percent of the resumes I got for the position were female. We did a basic skills competency test for all applicants that looked reasonably qualified and of the few women who came in to do the test, not one scored a passing grade. The male applicants didn't do all that stellar either, but at least a few passed.

The test was pretty basic, there was nothing "gender biased" about it.... either an applicant knows what the difference between RAID1 and RAID5 is or they don't.

The simple solution, if you want more females working in IT, have more qualified females apply for jobs in IT.

 

 
Kelly Jackson Higgins
83%
17%
Kelly Jackson Higgins,
 User Rank: Strategist
5/17/2018 | 8:49:35 AM
Re: A problem where there isn't one
I have to strongly and respectfully disagree with you, @gmax28. First off, your presumption that men and women "like different things" literally echoes the underlying societal problem here. That's a fallacy that has been propagated by generations of outdated mindsets about women's "roles" in the workforce. You probably haven't seen a woman "restricted, disregarded or prevented" in or from an IT or infosec job because you are a man who hasn't experienced the same hurdles and pay gap issues. Dismissing the gender and diversity issue as a nonissue is a systemic problem and is one of the reasons why we are still grappling with a gender and diversity gap in security. The goal is to give everyone a fair shake to contribute to this massive and critical industry that can't keep up with the demand for people to fill its jobs.
gmax28
50%
50%
gmax28,
 User Rank: Strategist
5/16/2018 | 12:31:39 PM
A problem where there isn't one
I've been in IT for over 20 years now.  Not once have I seen a time where a woman was restricted, disregarded, or prevented in any way from an IT job, much less Infosec.  The FACT is that men and women LIKE DIFFERENT THINGS.  Where is the concern that 80% of teachers are women?  I don't see articles on 'How Do We Get More Men into Education."   This is just another liberal cause and this guy is falling right in line with it.  The reason there aren't more women in IT, BECAUSE THEY DON'T WANT TO.  Problem solved!  And it didn't take a CEO solve it... as usual. 


COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13660
PUBLISHED: 2020-05-28
CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.
CVE-2020-11079
PUBLISHED: 2020-05-28
node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This has been fixed in 0.2.1.
CVE-2020-13245
PUBLISHED: 2020-05-28
Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P.
CVE-2020-4248
PUBLISHED: 2020-05-28
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484.
CVE-2020-8329
PUBLISHED: 2020-05-28
A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer from functioning until the printer is rebooted...