Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Dark Reading Radio

Why Aren't There More Women In IT Security?
Date / Time: Wednesday, July 13, 2016, 1:00 p.m. Boston / 10:00 a.m. Seattle
Overview:

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.



The audio player will load automatically when the radio show audio begins. Some corporate networks block the sort of streaming audio content used by this player. Please make sure you have the latest version of Adobe Flash for your Internet browser via Adobe's web site. If the player loads but you are not able to hear the live audio, you may still be able to hear the archived audio after the live program begins by returning to this page. Please try refreshing your browser a few times if you still cannot hear the audio. More Troubleshooting
Live Chat
You must login to participate in this chat. Please login.

Kelly, more and more IT organizations are finally moving to motivate more women to enter into STEM activities. I belong to The Society for Information Management (SIM) and they have a women in technology group that is really blazing away at this. I'd like to think that as those activites increase across the industry, then statistically speaking, we will have greater female representation in infosec.

Ninja

Sara, that is a very good point. I can certainly see how the best of both worlds combine to create a more nurturing development.

Ninja

Excellent way to look at it @Sara and I agree. Having a female mentor has certainly taught me how to stand my ground in a business conversation and to know how to pick my battles!

Apprentice

I should add that the female students I've taught generally put in more effort than the males. Perhaps that is because they think they have to overcome some sort of barrier, but I'd like to think that is mainly because once they have made the decision to go with infosec, they are more resolute and really put their minds into it.

Ninja

Just one more friendly reminder about the Black Hat USA women's luncheon & panel on 8/4 "Removing Roadblocks to Diversity." I'll have Jamesha Fisher, Security Operations Engineer at GitHub; Elena Kvochko, Head of Global Cyber Security Strategy and Implementation at Barclays; Angie Leifson, Security Operations Center (SOC) Analyst at Insight Enterprises; and Chenxi Wang, Chief Strategy Officer of Twistlock. 

https://www.blackhat.com/us-16/womens-panel.html

 

@Barrett @Angela  @Gonz  I've had both male and female mentors too, and I'd say they were useful for different things. My male mentor was in a better position to stand up for me. My female mentor was in a better position to teach me to stand up for myself. 

Author

croosenraad, I'm not sure that can be accelerated, but it can be overcome if conference organizers simply recruited more women as speakers/presenters, and include panels such as the one in this session. As far as companies go, that's just simple attrition.

Ninja

@GonzSTL   Great points.

Author

@Sara - that is a good question. I have had both in my career and both have been rewarding but I do not think it is essential. In fact, the opportunity I had with my male mentor proved to be quite rewarding. Typically, because of the shortage of women in the field, women look up to the role they are striving for. Since most of those are occupied by men, that is who we pattern ourselves after. By discussing this with my male mentor, he took it to heart to become more aware of his behaviors in acceptance and inclusion. I considered this a win in terms of opening the eyes of someone who had given very little thought to it beforehand. He has been one of the most inspiring mentors I have had.

Apprentice

Is there now a burgeoning notion, though, that women are useful to this industry only because of this need for "soft skills"? Because if the women who are hard-core coders keep getting shoved away from their code bases so they can go talk to users or something, that's not progress either. 

Author

Sara, although not necessarily essential, it is critical. They must have a point of view that cannot be obtained from someone who hasn't experienced it. I know that sounds a bit sexist, but peer mentoring has incredible benefits. As a male, I would only be able to provide a theoretical point of view, which may or may not be reality.

Ninja

Sara.  I don't think it's essential to have female mentors.  I think it can be very useful but not necessarily essential.  I have had a lot of male managers and colleagues who have been great mentors.

Apprentice

@GonzSTL:  If there are suggestions you have for how to accelerate getting the "old guard" out of the way at conferences and the like, I'd imagine a lot of us would be quite interested.

Apprentice

Tim, that is true. Communication is absolutely critical in Infosec because you always have to sell a solution that doesn't directly add to the bottom line in the plus column. It is easy for us to communicate the message to peers because we understand the lingo. Delivering that same message in a way that is fit for executive consumption is a skill absent in a lot of infosec people. It makes sense because a lot of them advanced through tech work, and have not necessarily broadened their skill set to include those soft skills.

Ninja

One question I didn't get to:  Is it essential for women to have female mentors?  

Author

Good to hear that , Gonz. 

Strategist

@Pamela  That's a great point. I was heartened by Steve's informal study of how many women are at industry events, because it was markedly higher than those ISC2 numbers. Hopefully that means that they're at least taking their training / career advancement seriously.

Author

Thanks, Marilyn - it's been quite a hectic ride for me over the past year or so. I should be more active from now on.

Ninja

I've been to Infosec conferences and it is surprising how many women attend, and participate actively. I think that in time, the word will get out more, and there will be increased participation by women in technology. At some point in time, the "old guard" running companies will phase out, and with them, the stigma of women incompatibility with technology.

Ninja

Having spoken with a number of IT security recruiters in the past year, they consistently tell me that enterprises are looking for more of the "soft skills" in security professionals, such as communication with others, understanding of the business, etc., which are areas where women tend to score very highly. Do you think there is a way to re-cast the image and the job description of the IT security professional to highlight these highly-needed skills?

Strategist

BTW, it's nice to see you back on the boards, Gonz

Strategist

That is true across the board, Kelly. Coding to them is sexier, and more likely to instantly gratifty. Infosec is seen as more like a back room secret activity, with no visibility, and run by a bunch of socially averse geeks.

Ninja

Thanks, Gonz. I think that's true in a lot of industries. But it's so much more crippling in tech and security... I wonder why?

Strategist

(and I tell them it had better be written with security in mind...) 

But they have no clue.

I try to advocate for the industry, but most every young person I come across in high school and college are all about "coding" -- security is just not on their radar screens. I try to get them excited about it, offer them resources, info, etc., etc., but they all want to write the next cool app.

Marilyn, what I've found is that in academia, there is no gender distinction, which makes a lot of sense because students are students, and they pay enrollment. In the workforce, at least with the women I've talked to regarding this topic, the acceptance is the same as men among peers. Perhaps that is because their peers know what it takes to get them there. The issue may lie in upper management, though, because there appears to still be that glass ceiling.

Ninja

@sawbon3s  You can find a replay of the show in the Dark Reading Radio show archives on the site. It will be available immediately!

Strategist

I know we would hire more women if more women were trained in the field. But we are having a hard time finding anyone! I think there is a lot of mystery in Infosec. Some people think it is magic somehow and that they will never be qualified. I would like to encourgae more people to even just apply for positions even if they feel they are not ready. 

 

Apprentice

@Kelly - you make a critical point here and one of the key messages I mentioned. With the introduction of groups, we give our youth a place to start but we need to get the schools up to speed as well. One way to do this is to get in out in front of this by participating in school career days - that is a wonderful opportunity to talk with them about what we do everyday and to ge tthem excited about the field.

 

Apprentice

I was also wondering if there would be transcripts posted anywhere? 

Apprentice

In other words, is academia more accepting of women in tech/security than the actual work place?

Strategist

As a woman just getting into cyber security in the Bay Area, I love that this panel happened and this issue is getting talked about. Thank you so much for putting it on! Great job! 

Apprentice

hope you post the show somewhere. I missed most of it. :(

 

Apprentice

I agree Gonz! Wondering if women who pursue engineering in higher ed notice any difference in the culture when they join the workforce?

 

 

 

Strategist

Great job, Sara and panelists! 

Strategist

The way I look at it, we are missing out on half the talent pool.

Ninja

Really great convo, @Sara and awesome guests!

Here's a telling stat from that Raytheon/NCSA report: 77% of millennial women in the U.S. say no high school or secondary school or guidance and career counselor talked about cybersecurity as a career, while 67% of men said the same.

My question for the panelists is what can we do about giving girls (and boys) better resources & guidance nationwide? I know there are groups out there, but still so many girls have no idea about security. 

@Sara That's a great question.

It's great to have the male perspective here on this topic, too!

Hi everyone! Sorry I'm late!

Strategist

Here's some data on awareness from a recent survey of young adults by Raytheon and the National Cyber Security Alliance (NCSA):  52% of millennial women say cybersecurity programs and activities aren't available to them, while 39% of millennial men said the same. Nearly 50% of the men in the survey were aware of what cybersecurity jobs entail, while just 33% of women in the survey were.

 

@Steve is a major proponent and supporter for women and diversity in security. 

Join me at Black Hat USA's annual panel & luncheon on women in security: 

Lunch: 13:00 - 13:30 
Panel "Removing Roadblocks to Diversity": 13:30 – 14:30 
Q&A: 14:30 – 15:00 
Breakout Sessions & Networking: 15:00 – 16:00

 

If this is a topic you're interested in...

There's data showing women get lower exposure to security.

I'm looking forward to this show today!

10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2019
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Jim, stop pretending you're drowning in tickets."
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13623
PUBLISHED: 2019-07-17
In NSA Ghidra through 9.0.4, path traversal can occur in RestoreTask.java (from the package ghidra.app.plugin.core.archive) via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis r...
CVE-2019-13624
PUBLISHED: 2019-07-17
In ONOS 1.15.0, apps/yang/web/src/main/java/org/onosproject/yang/web/YangWebResource.java mishandles backquote characters within strings that can be used in a shell command.
CVE-2019-13625
PUBLISHED: 2019-07-17
NSA Ghidra before 9.0.1 allows XXE when a project is opened or restored, or a tool is imported, as demonstrated by a project.prp file.
CVE-2019-3571
PUBLISHED: 2019-07-16
An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension.
CVE-2019-6160
PUBLISHED: 2019-07-16
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.