Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
New Initiative Aims to Fast-Track Women into Cybersecurity Careers
Newest First  |  Oldest First  |  Threaded View
blackjack0021
blackjack0021,
 User Rank: Apprentice
5/20/2019 | 10:27:09 AM
more on ramps needed
The article clearly states this is for entry level on ramp training into the field (beginner certs), not instant expert status. 

There is always resistance to any novel idea to get people in to the Security (or IT) field, even if it's entry level and even if it's capturing people already skilled in other areas.  That's entirely predictable if we understand that we all self-justify and think the only path that is "good" is the one we took.  You see those arguments constantly re: degress are good vs. bad, certs are good vs. bad, etc.  So unless YOU had something like a 3-4 month boot camp on ramp then it sounds like a bad idea?  "It's not how I did it!" crows the peacock!  We need to realize how other people get into the field doesn't undermine our achievements and get over it.  Then there is the whole fear of competition, change, or whatever.  The Security field has a lot of change and competition in it... so let's get past that and just pull up our big people pants. Get to work solving the problem instead of causing more resistance.

One of the key global competitve advantages is getting ALL your smart people working on tough problems, as opposed to letting societal frameworks narrowly restrict your talent pool.  Being good at Security has little to do with a demographic, because your individual characterists (e.g. persistence, analytics, vision, etc.) that make you good at this line of work (or not) always trumps any generic demographic stereotypes.  So a targeted outreach to attract an otherwise alienated talent pool (and half the population at that) is a good idea if it brings more smart, talented, and competent people to work on Security problems, right?  

 
Kelly Jackson Higgins
Kelly Jackson Higgins,
 User Rank: Strategist
5/17/2019 | 3:04:24 PM
Re: A worthwhile initiative
Agreed, and all on point. Thank you for sharing your insight here.

 
secdatanoms
secdatanoms,
 User Rank: Author
5/16/2019 | 12:43:13 PM
A worthwhile initiative
Unfortunately, some of the initial comments to this post fail to recognize the impact that history has on society, including opportunity and hiring. Look around at most tech companies, including the vast majority in the infosec space, and you will see people that all look alike (... like me). This initiative is recognition that we need to encourage the development of talented people across gender and racial lines. We will all benefit from the inclusion of diverse backgrounds, ideologies, and ways of thinking.

The 2019 Fortune 500 list just came out and people are celebrating 6.6% of CEOs being women. Women account for >50% of the US population. Hopefully, people recognize the "improvement" as a small step in the right direction - not the finish line. Minorities face similar statistical discrepancies with regard to their representation in tech and tech leadership. More companies should be running their own talent incubators, so that it isn't such a foreign idea to help 100 women. Kudos to Carmen Marsh for stepping into the gap and trying to help close it.
REISEN1955
REISEN1955,
 User Rank: Ninja
5/15/2019 | 9:50:51 AM
Re: This is why we have a mess in his country
Agree - hiring should always be based on skill set and ability and all other factors secondary.  Oh you can have affirmative action policies to a degree and then one does not hire a highly skilled poodle for a job but it should be, and often is not, based just on skills and abilities.  In a perfect world............ More women ARE needed and more MEN with skills ARE needed too.  Our skill shortage set is pretty bad right now.   Poodles need not apply. LOL.  ( Full disclosure - I own a rescue Maltipoo.)
cerminqqbiz
cerminqqbiz,
 User Rank: Apprentice
5/13/2019 | 7:57:46 AM
Re: This is why we have a mess in his country
very nice :)
Yenrab
Yenrab,
 User Rank: Strategist
5/10/2019 | 1:14:09 PM
Re: This is why we have a mess in his country
So, perhaps you are young and misguided thus you missed the point.  Hiring should be color blind, sex blind, everything blind.  Simply put, when it's do or die (I'll bet you've never been there), you go for the most qualified.  We're not talking about a mailroom or table server position here, we're talking about keeping the enemy from the gates where you have to get it correct EVERY time where as the bad guys only have to get it correct ONCE.  I have no fear of losing my job to Mexicans or anybody else.  I just lament the basic lack of todays "yout" not being able to understand the difference between being created equal, and forcing or even expecting equal outcomes.  If you have to give someone an "extra boost" or other preferential treatment you are essentially saying they are incapable of performing on a level playing field and they are incompetent idiots.  That is extremely denigrating to those purporting to be helped.
schopj
schopj,
 User Rank: Strategist
5/10/2019 | 10:21:28 AM
Re: This is why we have a mess in his country
If you have a few years or decades of experience, you should have no trouble getting hired on in security over these women.  Your concerns are sexist nonsense, similar to the racist nonsense we see in the US where people are afraid of poor uneducated Mexicans stealing their jobs.  The reality is there are more jobs in Infosec to go around then there are skilled workers.  This initiative aims to fill some of those empty slots that current, experienced InfoSec professionals are unable to fill due to lack of numbers.  It also aims to target women due to the underrepresentation of women in infosec.  Any male with appropriate skills and training or experience should have no fear of losing out on a job "because of whats between their legs".  Thats just sexist nonsense that shows how ignorant you are.  
Yenrab
Yenrab,
 User Rank: Strategist
5/10/2019 | 9:42:39 AM
This is why we have a mess in his country
At the risk of being politically incorrect, are we now less concerned with someone's skill set then we are with what may or may not be between their legs?  No way 100 days of training compares with a few years (or decades) of security experience.  But wait, after all they are girls and deserve a chance regardless if we get hacked on their first watch and all of our companies trade secrets have been compromised, at least we feel good about ourselves.  Is the next step to allow foreign agents into the gates because they "self-identify" as patriotic Americans?  Sheesh!


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-23476
PUBLISHED: 2022-12-08
Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid markup is being par...
CVE-2022-23492
PUBLISHED: 2022-12-08
go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the a...
CVE-2022-3092
PUBLISHED: 2022-12-08
GE CIMPICITY versions 2022 and prior is vulnerable to an out-of-bounds write, which could allow an attacker to execute arbitrary code.
CVE-2022-4261
PUBLISHED: 2022-12-08
Rapid7 Nexpose versions prior to 6.6.172 failed to reliably validate the authenticity of update contents. This failure could allow an attacker to provide a malicious update and alter the functionality of Rapid7 Nexpose. The attacker would need some pre-existing mechanism to provide a malicious updat...
CVE-2022-4291
PUBLISHED: 2022-12-08
The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component.