Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Encrypted Traffic Strategies
Webinar: Best practices for enterprise net traffic
Omdia's On-Demand Webinars
Omdia's On-Demand Cybersecurity Webinars
What's next for DC firewalls?
Webinar: Net security for software-defined DCs
3/5/2021
02:00 PM
Maxine Holt
Maxine Holt
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

On International Women's Day 2021, Does the 'Rule of Steve' Still Apply? Yes.

On International Women's Day 2021, gender diversity has improved in cybersecurity, but there is still a long way to go.

Some time ago, Dawn-Marie Hutchinson introduced the "Rule of Steve" to draw attention to the lack of diversity in cybersecurity. It goes like this: In a room (virtual or physical) full of cybersecurity professionals, there are usually more people named Steve than there are women.

Albeit tongue-in-cheek, it is a good indicator of how far the cybersecurity industry still has to go in terms of gender diversity. The situation has improved over recent years, but as we get to International Women's Day 2021, it is nowhere near parity. Everyone has a role to play in striving for parity this decade.

2020 Provided Opportunity to Change, but There Is Still a Long Way to Go
The (ISC)² Cybersecurity Workforce Study 2020 noted that the security workforce gap closed last year, and by a considerable margin: down from 4 million people to 3.1 million. This is little surprise in a global environment suffering from uncertainty and cost pressures. However, there is still a significant shortfall, and to build the cybersecurity workforce we need to encourage diversity.

To put it bluntly, we need more women, more ethnic diversity, and more neurodiversity. We need more men. We need more people from a whole range of "groups" who have the right aptitude and attitude to work in information and cybersecurity, regardless of location.

Related Content:

A New Opportunity to Break the “Rule of Steve

It's Time to Break the "Rule of Steve"

Does everyone who works in the industry need to be in an office? Most definitely, "no." The business challenges of COVID-19 brought about an opportunity for change and to encourage diversity by recruiting individuals away from traditional urban hubs. Remote working significantly expands the pool of candidates, which in turn brings access to a better and more diverse range of individuals.

A disparate and global workforce thinks more broadly, has different ideas, and can drive faster business outcomes than centrally located groups. For those naysayers who didn't believe it was possible to work remotely in cybersecurity, the COVID-19 crisis proved otherwise and has given organizations a new opportunity to break the Rule of Steve.

There are a range of statistics available for the number of women working in cybersecurity roles. The same (ISC)² study suggests around 28% of workers are female, but this is everyone with 25% or more of their role in cybersecurity. Other studies report percentages of females in the cybersecurity workforce at 21%, 20%, 14%, 11%. Omdia estimates the percentage to be around one-fifth, or 20%. Study after study shows that diverse teams — board level and others — deliver better results, but the Rule of Steve persists.

International Women's Day Is Not the Only Time We Should Focus on Improving Diversity in the Cybersecurity Workforce
As the mother of two daughters, I see every day as an opportunity to further the cause of women in the workforce. My children are not yet fully in the workforce, but when they do join, irrespective of their choice of profession, they will not regard their gender as any kind of impediment to what they want to achieve.

Everyone working in the cybersecurity industry today has a role to play. Many organizations recognize the lack of diversity in their workforce and have programs in place to improve the situation, but these programs take time to manifest. Every individual’s day-to-day attitude is an important component. We must challenge casual sexism in the workplace: letting it go unchallenged means it is acceptable. We must encourage diversity in job applications: gender language de-coders for job advertisements are free and can significantly improve diversity in applications. We must highlight diverse role models for others to aspire to — not only leaders but also experts in their field. We must constantly challenge ourselves with our own subconscious biases: Have we really addressed our own preconceptions?

There is much to do to break the "Rule of Steve" in cybersecurity, and if everyone plays their part, then we have a chance of achieving parity this decade. International Women's Day presents an opportunity for headlining the discussion, but the actions should take place 365 days a year.

Maxine leads Omdia's cybersecurity research, developing a comprehensive research program to support vendor, service provider, and enterprise clients. Having worked with enterprises across multiple industries in the world of information security, Maxine has a strong ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23381
PUBLISHED: 2021-04-18
This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23374
PUBLISHED: 2021-04-18
This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23375
PUBLISHED: 2021-04-18
This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23376
PUBLISHED: 2021-04-18
This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23377
PUBLISHED: 2021-04-18
This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.