Dark Reading Radio

Kelly, more and more IT organizations are finally moving to motivate more women to enter into STEM activities. I belong to The Society for Information Management (SIM) and they have a women in technology group that is really blazing away at this. I'd like to think that as those activites increase across the industry, then statistically speaking, we will have greater female representation in infosec.

Sara, that is a very good point. I can certainly see how the best of both worlds combine to create a more nurturing development.

Excellent way to look at it @Sara and I agree. Having a female mentor has certainly taught me how to stand my ground in a business conversation and to know how to pick my battles!

I should add that the female students I've taught generally put in more effort than the males. Perhaps that is because they think they have to overcome some sort of barrier, but I'd like to think that is mainly because once they have made the decision to go with infosec, they are more resolute and really put their minds into it.

Just one more friendly reminder about the Black Hat USA women's luncheon & panel on 8/4 "Removing Roadblocks to Diversity." I'll have Jamesha Fisher, Security Operations Engineer at GitHub; Elena Kvochko, Head of Global Cyber Security Strategy and Implementation at Barclays; Angie Leifson, Security Operations Center (SOC) Analyst at Insight Enterprises; and Chenxi Wang, Chief Strategy Officer of Twistlock. 

https://www.blackhat.com/us-16/womens-panel.html

@Barrett @Angela  @Gonz  I've had both male and female mentors too, and I'd say they were useful for different things. My male mentor was in a better position to stand up for me. My female mentor was in a better position to teach me to stand up for myself. 

croosenraad, I'm not sure that can be accelerated, but it can be overcome if conference organizers simply recruited more women as speakers/presenters, and include panels such as the one in this session. As far as companies go, that's just simple attrition.

@GonzSTL   Great points.

@Sara - that is a good question. I have had both in my career and both have been rewarding but I do not think it is essential. In fact, the opportunity I had with my male mentor proved to be quite rewarding. Typically, because of the shortage of women in the field, women look up to the role they are striving for. Since most of those are occupied by men, that is who we pattern ourselves after. By discussing this with my male mentor, he took it to heart to become more aware of his behaviors in acceptance and inclusion. I considered this a win in terms of opening the eyes of someone who had given very little thought to it beforehand. He has been one of the most inspiring mentors I have had.

Is there now a burgeoning notion, though, that women are useful to this industry only because of this need for "soft skills"? Because if the women who are hard-core coders keep getting shoved away from their code bases so they can go talk to users or something, that's not progress either. 

Sara, although not necessarily essential, it is critical. They must have a point of view that cannot be obtained from someone who hasn't experienced it. I know that sounds a bit sexist, but peer mentoring has incredible benefits. As a male, I would only be able to provide a theoretical point of view, which may or may not be reality.

Sara.  I don't think it's essential to have female mentors.  I think it can be very useful but not necessarily essential.  I have had a lot of male managers and colleagues who have been great mentors.

@GonzSTL:  If there are suggestions you have for how to accelerate getting the "old guard" out of the way at conferences and the like, I'd imagine a lot of us would be quite interested.

Tim, that is true. Communication is absolutely critical in Infosec because you always have to sell a solution that doesn't directly add to the bottom line in the plus column. It is easy for us to communicate the message to peers because we understand the lingo. Delivering that same message in a way that is fit for executive consumption is a skill absent in a lot of infosec people. It makes sense because a lot of them advanced through tech work, and have not necessarily broadened their skill set to include those soft skills.

One question I didn't get to:  Is it essential for women to have female mentors?  

Good to hear that , Gonz. 

@Pamela  That's a great point. I was heartened by Steve's informal study of how many women are at industry events, because it was markedly higher than those ISC2 numbers. Hopefully that means that they're at least taking their training / career advancement seriously.

Thanks, Marilyn - it's been quite a hectic ride for me over the past year or so. I should be more active from now on.

I've been to Infosec conferences and it is surprising how many women attend, and participate actively. I think that in time, the word will get out more, and there will be increased participation by women in technology. At some point in time, the "old guard" running companies will phase out, and with them, the stigma of women incompatibility with technology.

Having spoken with a number of IT security recruiters in the past year, they consistently tell me that enterprises are looking for more of the "soft skills" in security professionals, such as communication with others, understanding of the business, etc., which are areas where women tend to score very highly. Do you think there is a way to re-cast the image and the job description of the IT security professional to highlight these highly-needed skills?

BTW, it's nice to see you back on the boards, Gonz

That is true across the board, Kelly. Coding to them is sexier, and more likely to instantly gratifty. Infosec is seen as more like a back room secret activity, with no visibility, and run by a bunch of socially averse geeks.

Thanks, Gonz. I think that's true in a lot of industries. But it's so much more crippling in tech and security... I wonder why?

(and I tell them it had better be written with security in mind...) 

But they have no clue.

I try to advocate for the industry, but most every young person I come across in high school and college are all about "coding" -- security is just not on their radar screens. I try to get them excited about it, offer them resources, info, etc., etc., but they all want to write the next cool app.

Marilyn, what I've found is that in academia, there is no gender distinction, which makes a lot of sense because students are students, and they pay enrollment. In the workforce, at least with the women I've talked to regarding this topic, the acceptance is the same as men among peers. Perhaps that is because their peers know what it takes to get them there. The issue may lie in upper management, though, because there appears to still be that glass ceiling.

@sawbon3s  You can find a replay of the show in the Dark Reading Radio show archives on the site. It will be available immediately!

I know we would hire more women if more women were trained in the field. But we are having a hard time finding anyone! I think there is a lot of mystery in Infosec. Some people think it is magic somehow and that they will never be qualified. I would like to encourgae more people to even just apply for positions even if they feel they are not ready. 

@Kelly - you make a critical point here and one of the key messages I mentioned. With the introduction of groups, we give our youth a place to start but we need to get the schools up to speed as well. One way to do this is to get in out in front of this by participating in school career days - that is a wonderful opportunity to talk with them about what we do everyday and to ge tthem excited about the field.

I was also wondering if there would be transcripts posted anywhere? 

In other words, is academia more accepting of women in tech/security than the actual work place?

As a woman just getting into cyber security in the Bay Area, I love that this panel happened and this issue is getting talked about. Thank you so much for putting it on! Great job! 

hope you post the show somewhere. I missed most of it. :(

I agree Gonz! Wondering if women who pursue engineering in higher ed notice any difference in the culture when they join the workforce?

Great job, Sara and panelists! 

The way I look at it, we are missing out on half the talent pool.

Really great convo, @Sara and awesome guests!

Here's a telling stat from that Raytheon/NCSA report: 77% of millennial women in the U.S. say no high school or secondary school or guidance and career counselor talked about cybersecurity as a career, while 67% of men said the same.

My question for the panelists is what can we do about giving girls (and boys) better resources & guidance nationwide? I know there are groups out there, but still so many girls have no idea about security. 

@Sara That's a great question.

It's great to have the male perspective here on this topic, too!

Hi everyone! Sorry I'm late!

Here's some data on awareness from a recent survey of young adults by Raytheon and the National Cyber Security Alliance (NCSA):  52% of millennial women say cybersecurity programs and activities aren't available to them, while 39% of millennial men said the same. Nearly 50% of the men in the survey were aware of what cybersecurity jobs entail, while just 33% of women in the survey were.

@Steve is a major proponent and supporter for women and diversity in security. 

Join me at Black Hat USA's annual panel & luncheon on women in security: 

Lunch: 13:00 - 13:30 
Panel "Removing Roadblocks to Diversity": 13:30 – 14:30 
Q&A: 14:30 – 15:00 
Breakout Sessions & Networking: 15:00 – 16:00

If this is a topic you're interested in...

There's data showing women get lower exposure to security.

I'm looking forward to this show today!

See U there