Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Encrypted Traffic Strategies
Webinar: Best practices for enterprise net traffic
Omdia's On-Demand Webinars
Omdia's On-Demand Cybersecurity Webinars
What's next for DC firewalls?
Webinar: Net security for software-defined DCs
02:00 PM
Maxine Holt
Maxine Holt
Connect Directly
E-Mail vvv

On International Women's Day 2021, Does the 'Rule of Steve' Still Apply? Yes.

On International Women's Day 2021, gender diversity has improved in cybersecurity, but there is still a long way to go.

Some time ago, Dawn-Marie Hutchinson introduced the "Rule of Steve" to draw attention to the lack of diversity in cybersecurity. It goes like this: In a room (virtual or physical) full of cybersecurity professionals, there are usually more people named Steve than there are women.

Albeit tongue-in-cheek, it is a good indicator of how far the cybersecurity industry still has to go in terms of gender diversity. The situation has improved over recent years, but as we get to International Women's Day 2021, it is nowhere near parity. Everyone has a role to play in striving for parity this decade.

2020 Provided Opportunity to Change, but There Is Still a Long Way to Go
The (ISC)² Cybersecurity Workforce Study 2020 noted that the security workforce gap closed last year, and by a considerable margin: down from 4 million people to 3.1 million. This is little surprise in a global environment suffering from uncertainty and cost pressures. However, there is still a significant shortfall, and to build the cybersecurity workforce we need to encourage diversity.

To put it bluntly, we need more women, more ethnic diversity, and more neurodiversity. We need more men. We need more people from a whole range of "groups" who have the right aptitude and attitude to work in information and cybersecurity, regardless of location.

Related Content:

A New Opportunity to Break the “Rule of Steve

It's Time to Break the "Rule of Steve"

Does everyone who works in the industry need to be in an office? Most definitely, "no." The business challenges of COVID-19 brought about an opportunity for change and to encourage diversity by recruiting individuals away from traditional urban hubs. Remote working significantly expands the pool of candidates, which in turn brings access to a better and more diverse range of individuals.

A disparate and global workforce thinks more broadly, has different ideas, and can drive faster business outcomes than centrally located groups. For those naysayers who didn't believe it was possible to work remotely in cybersecurity, the COVID-19 crisis proved otherwise and has given organizations a new opportunity to break the Rule of Steve.

There are a range of statistics available for the number of women working in cybersecurity roles. The same (ISC)² study suggests around 28% of workers are female, but this is everyone with 25% or more of their role in cybersecurity. Other studies report percentages of females in the cybersecurity workforce at 21%, 20%, 14%, 11%. Omdia estimates the percentage to be around one-fifth, or 20%. Study after study shows that diverse teams — board level and others — deliver better results, but the Rule of Steve persists.

International Women's Day Is Not the Only Time We Should Focus on Improving Diversity in the Cybersecurity Workforce
As the mother of two daughters, I see every day as an opportunity to further the cause of women in the workforce. My children are not yet fully in the workforce, but when they do join, irrespective of their choice of profession, they will not regard their gender as any kind of impediment to what they want to achieve.

Everyone working in the cybersecurity industry today has a role to play. Many organizations recognize the lack of diversity in their workforce and have programs in place to improve the situation, but these programs take time to manifest. Every individual’s day-to-day attitude is an important component. We must challenge casual sexism in the workplace: letting it go unchallenged means it is acceptable. We must encourage diversity in job applications: gender language de-coders for job advertisements are free and can significantly improve diversity in applications. We must highlight diverse role models for others to aspire to — not only leaders but also experts in their field. We must constantly challenge ourselves with our own subconscious biases: Have we really addressed our own preconceptions?

There is much to do to break the "Rule of Steve" in cybersecurity, and if everyone plays their part, then we have a chance of achieving parity this decade. International Women's Day presents an opportunity for headlining the discussion, but the actions should take place 365 days a year.

Maxine leads Omdia's cybersecurity research, developing a comprehensive research program to support vendor, service provider, and enterprise clients. Having worked with enterprises across multiple industries in the world of information security, Maxine has a strong ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.