Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Dark Reading Radio

Why Aren't There More Women In IT Security?
Date / Time: Wednesday, July 13, 2016, 1:00 p.m. Boston / 10:00 a.m. Seattle
Overview:

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.



The audio player will load automatically when the radio show audio begins. Some corporate networks block the sort of streaming audio content used by this player. Please make sure you have the latest version of Adobe Flash for your Internet browser via Adobe's web site. If the player loads but you are not able to hear the live audio, you may still be able to hear the archived audio after the live program begins by returning to this page. Please try refreshing your browser a few times if you still cannot hear the audio. More Troubleshooting
Live Chat
You must login to participate in this chat. Please login.

Kelly, more and more IT organizations are finally moving to motivate more women to enter into STEM activities. I belong to The Society for Information Management (SIM) and they have a women in technology group that is really blazing away at this. I'd like to think that as those activites increase across the industry, then statistically speaking, we will have greater female representation in infosec.

Ninja

Sara, that is a very good point. I can certainly see how the best of both worlds combine to create a more nurturing development.

Ninja

Excellent way to look at it @Sara and I agree. Having a female mentor has certainly taught me how to stand my ground in a business conversation and to know how to pick my battles!

Apprentice

I should add that the female students I've taught generally put in more effort than the males. Perhaps that is because they think they have to overcome some sort of barrier, but I'd like to think that is mainly because once they have made the decision to go with infosec, they are more resolute and really put their minds into it.

Ninja

Just one more friendly reminder about the Black Hat USA women's luncheon & panel on 8/4 "Removing Roadblocks to Diversity." I'll have Jamesha Fisher, Security Operations Engineer at GitHub; Elena Kvochko, Head of Global Cyber Security Strategy and Implementation at Barclays; Angie Leifson, Security Operations Center (SOC) Analyst at Insight Enterprises; and Chenxi Wang, Chief Strategy Officer of Twistlock. 

https://www.blackhat.com/us-16/womens-panel.html

 

@Barrett @Angela  @Gonz  I've had both male and female mentors too, and I'd say they were useful for different things. My male mentor was in a better position to stand up for me. My female mentor was in a better position to teach me to stand up for myself. 

Author

croosenraad, I'm not sure that can be accelerated, but it can be overcome if conference organizers simply recruited more women as speakers/presenters, and include panels such as the one in this session. As far as companies go, that's just simple attrition.

Ninja

@Sara - that is a good question. I have had both in my career and both have been rewarding but I do not think it is essential. In fact, the opportunity I had with my male mentor proved to be quite rewarding. Typically, because of the shortage of women in the field, women look up to the role they are striving for. Since most of those are occupied by men, that is who we pattern ourselves after. By discussing this with my male mentor, he took it to heart to become more aware of his behaviors in acceptance and inclusion. I considered this a win in terms of opening the eyes of someone who had given very little thought to it beforehand. He has been one of the most inspiring mentors I have had.

Apprentice

Is there now a burgeoning notion, though, that women are useful to this industry only because of this need for "soft skills"? Because if the women who are hard-core coders keep getting shoved away from their code bases so they can go talk to users or something, that's not progress either. 

Author

Sara, although not necessarily essential, it is critical. They must have a point of view that cannot be obtained from someone who hasn't experienced it. I know that sounds a bit sexist, but peer mentoring has incredible benefits. As a male, I would only be able to provide a theoretical point of view, which may or may not be reality.

Ninja

Sara.  I don't think it's essential to have female mentors.  I think it can be very useful but not necessarily essential.  I have had a lot of male managers and colleagues who have been great mentors.

Apprentice

@GonzSTL:  If there are suggestions you have for how to accelerate getting the "old guard" out of the way at conferences and the like, I'd imagine a lot of us would be quite interested.

Apprentice

Tim, that is true. Communication is absolutely critical in Infosec because you always have to sell a solution that doesn't directly add to the bottom line in the plus column. It is easy for us to communicate the message to peers because we understand the lingo. Delivering that same message in a way that is fit for executive consumption is a skill absent in a lot of infosec people. It makes sense because a lot of them advanced through tech work, and have not necessarily broadened their skill set to include those soft skills.

Ninja

One question I didn't get to:  Is it essential for women to have female mentors?  

Author

@Pamela  That's a great point. I was heartened by Steve's informal study of how many women are at industry events, because it was markedly higher than those ISC2 numbers. Hopefully that means that they're at least taking their training / career advancement seriously.

Author

Thanks, Marilyn - it's been quite a hectic ride for me over the past year or so. I should be more active from now on.

Ninja

I've been to Infosec conferences and it is surprising how many women attend, and participate actively. I think that in time, the word will get out more, and there will be increased participation by women in technology. At some point in time, the "old guard" running companies will phase out, and with them, the stigma of women incompatibility with technology.

Ninja

Having spoken with a number of IT security recruiters in the past year, they consistently tell me that enterprises are looking for more of the "soft skills" in security professionals, such as communication with others, understanding of the business, etc., which are areas where women tend to score very highly. Do you think there is a way to re-cast the image and the job description of the IT security professional to highlight these highly-needed skills?

Strategist

BTW, it's nice to see you back on the boards, Gonz

Strategist

That is true across the board, Kelly. Coding to them is sexier, and more likely to instantly gratifty. Infosec is seen as more like a back room secret activity, with no visibility, and run by a bunch of socially averse geeks.

Ninja

Thanks, Gonz. I think that's true in a lot of industries. But it's so much more crippling in tech and security... I wonder why?

Strategist

(and I tell them it had better be written with security in mind...) 

But they have no clue.

I try to advocate for the industry, but most every young person I come across in high school and college are all about "coding" -- security is just not on their radar screens. I try to get them excited about it, offer them resources, info, etc., etc., but they all want to write the next cool app.

Marilyn, what I've found is that in academia, there is no gender distinction, which makes a lot of sense because students are students, and they pay enrollment. In the workforce, at least with the women I've talked to regarding this topic, the acceptance is the same as men among peers. Perhaps that is because their peers know what it takes to get them there. The issue may lie in upper management, though, because there appears to still be that glass ceiling.

Ninja

@sawbon3s  You can find a replay of the show in the Dark Reading Radio show archives on the site. It will be available immediately!

Strategist

I know we would hire more women if more women were trained in the field. But we are having a hard time finding anyone! I think there is a lot of mystery in Infosec. Some people think it is magic somehow and that they will never be qualified. I would like to encourgae more people to even just apply for positions even if they feel they are not ready. 

 

Apprentice

@Kelly - you make a critical point here and one of the key messages I mentioned. With the introduction of groups, we give our youth a place to start but we need to get the schools up to speed as well. One way to do this is to get in out in front of this by participating in school career days - that is a wonderful opportunity to talk with them about what we do everyday and to ge tthem excited about the field.

 

Apprentice

I was also wondering if there would be transcripts posted anywhere? 

Apprentice

In other words, is academia more accepting of women in tech/security than the actual work place?

Strategist

As a woman just getting into cyber security in the Bay Area, I love that this panel happened and this issue is getting talked about. Thank you so much for putting it on! Great job! 

Apprentice

hope you post the show somewhere. I missed most of it. :(

 

Apprentice

I agree Gonz! Wondering if women who pursue engineering in higher ed notice any difference in the culture when they join the workforce?

 

 

 

Strategist

The way I look at it, we are missing out on half the talent pool.

Ninja

Here's a telling stat from that Raytheon/NCSA report: 77% of millennial women in the U.S. say no high school or secondary school or guidance and career counselor talked about cybersecurity as a career, while 67% of men said the same.

My question for the panelists is what can we do about giving girls (and boys) better resources & guidance nationwide? I know there are groups out there, but still so many girls have no idea about security. 

It's great to have the male perspective here on this topic, too!

Here's some data on awareness from a recent survey of young adults by Raytheon and the National Cyber Security Alliance (NCSA):  52% of millennial women say cybersecurity programs and activities aren't available to them, while 39% of millennial men said the same. Nearly 50% of the men in the survey were aware of what cybersecurity jobs entail, while just 33% of women in the survey were.

 

@Steve is a major proponent and supporter for women and diversity in security. 

Join me at Black Hat USA's annual panel & luncheon on women in security: 

Lunch: 13:00 - 13:30 
Panel "Removing Roadblocks to Diversity": 13:30 – 14:30 
Q&A: 14:30 – 15:00 
Breakout Sessions & Networking: 15:00 – 16:00

 

There's data showing women get lower exposure to security.

Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-5683
PUBLISHED: 2022-06-30
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.
CVE-2013-6390
PUBLISHED: 2022-06-30
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.
CVE-2013-6423
PUBLISHED: 2022-06-30
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.
CVE-2013-6464
PUBLISHED: 2022-06-30
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.
CVE-2013-6471
PUBLISHED: 2022-06-30
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none.