Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Encrypted Traffic Strategies
Webinar: Best practices for enterprise net traffic
Omdia's On-Demand Webinars
Omdia's On-Demand Cybersecurity Webinars
What's next for DC firewalls?
Webinar: Net security for software-defined DCs
02:00 PM
Maxine Holt
Maxine Holt
Connect Directly
E-Mail vvv

On International Women's Day 2021, Does the 'Rule of Steve' Still Apply? Yes.

On International Women's Day 2021, gender diversity has improved in cybersecurity, but there is still a long way to go.

Some time ago, Dawn-Marie Hutchinson introduced the "Rule of Steve" to draw attention to the lack of diversity in cybersecurity. It goes like this: In a room (virtual or physical) full of cybersecurity professionals, there are usually more people named Steve than there are women.

Albeit tongue-in-cheek, it is a good indicator of how far the cybersecurity industry still has to go in terms of gender diversity. The situation has improved over recent years, but as we get to International Women's Day 2021, it is nowhere near parity. Everyone has a role to play in striving for parity this decade.

2020 Provided Opportunity to Change, but There Is Still a Long Way to Go
The (ISC)² Cybersecurity Workforce Study 2020 noted that the security workforce gap closed last year, and by a considerable margin: down from 4 million people to 3.1 million. This is little surprise in a global environment suffering from uncertainty and cost pressures. However, there is still a significant shortfall, and to build the cybersecurity workforce we need to encourage diversity.

To put it bluntly, we need more women, more ethnic diversity, and more neurodiversity. We need more men. We need more people from a whole range of "groups" who have the right aptitude and attitude to work in information and cybersecurity, regardless of location.

Related Content:

A New Opportunity to Break the “Rule of Steve

It's Time to Break the "Rule of Steve"

Does everyone who works in the industry need to be in an office? Most definitely, "no." The business challenges of COVID-19 brought about an opportunity for change and to encourage diversity by recruiting individuals away from traditional urban hubs. Remote working significantly expands the pool of candidates, which in turn brings access to a better and more diverse range of individuals.

A disparate and global workforce thinks more broadly, has different ideas, and can drive faster business outcomes than centrally located groups. For those naysayers who didn't believe it was possible to work remotely in cybersecurity, the COVID-19 crisis proved otherwise and has given organizations a new opportunity to break the Rule of Steve.

There are a range of statistics available for the number of women working in cybersecurity roles. The same (ISC)² study suggests around 28% of workers are female, but this is everyone with 25% or more of their role in cybersecurity. Other studies report percentages of females in the cybersecurity workforce at 21%, 20%, 14%, 11%. Omdia estimates the percentage to be around one-fifth, or 20%. Study after study shows that diverse teams — board level and others — deliver better results, but the Rule of Steve persists.

International Women's Day Is Not the Only Time We Should Focus on Improving Diversity in the Cybersecurity Workforce
As the mother of two daughters, I see every day as an opportunity to further the cause of women in the workforce. My children are not yet fully in the workforce, but when they do join, irrespective of their choice of profession, they will not regard their gender as any kind of impediment to what they want to achieve.

Everyone working in the cybersecurity industry today has a role to play. Many organizations recognize the lack of diversity in their workforce and have programs in place to improve the situation, but these programs take time to manifest. Every individual’s day-to-day attitude is an important component. We must challenge casual sexism in the workplace: letting it go unchallenged means it is acceptable. We must encourage diversity in job applications: gender language de-coders for job advertisements are free and can significantly improve diversity in applications. We must highlight diverse role models for others to aspire to — not only leaders but also experts in their field. We must constantly challenge ourselves with our own subconscious biases: Have we really addressed our own preconceptions?

There is much to do to break the "Rule of Steve" in cybersecurity, and if everyone plays their part, then we have a chance of achieving parity this decade. International Women's Day presents an opportunity for headlining the discussion, but the actions should take place 365 days a year.

Maxine leads Omdia's cybersecurity research, developing a comprehensive research program to support vendor, service provider, and enterprise clients. Having worked with enterprises across multiple industries in the world of information security, Maxine has a strong ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.