Note to parents everywhere: If you want your daughter to rise to the top echelons of power in politics, business, entertainment, or cybersecurity, name them after me — John.
Or possibly James or Michael. That's one (tongue-in-cheek) takeaway from a recent New York Times piece that found women in top jobs are so scarce as to be outnumbered by men named John, or other common names.
There are fewer women among Republican senators than there are men named John. There are fewer women among Fortune 500 CEOs than there are men named James. And there were fewer women among directors of top-grossing movies last year than there are men named James and Michael, according to the Times. You get the point: Women are woefully underrepresented in the halls of American power. The world of cybersecurity is no exception; women represent just 11% of cybersecurity professionals worldwide, according to a report from Forrester Research, with even fewer in leadership roles.
This gender disparity is hardly news, but the pace of change has been glacial, with only pockets of significant progress. I recently had the opportunity to speak with a number of women in leadership roles in cybersecurity. I'm writing this column because I believe their observations and ideas around this issue deserve broad notice. Full disclosure: I am named John and I'm not a woman. So, you may ask, what qualifies me to opine on this topic? Truthfully, nothing. However, as the CEO of an innovative technology company, I am passionate about mining every possible source of talent, whether it be technical, managerial, or leadership/executive. What follows is a roundup of practical solutions for increasing the proportion of women in cybersecurity positions.
Set Concrete Goals
Tammy Moskites is managing director and senior security executive with Accenture, which has more than 150,000 female employees, accounting for nearly 40% of its global workforce. According to Moskites, establishing concrete goals set at the highest levels of the company is key to achieving these impressive numbers. It's also key to creating a pathway to arrive at full gender equality — an objective the company plans to reach by 2025. The consulting firm also plans to have 25% of its managing director positions filled by women. The progress and forward momentum the firm has attained come from visualizing progress and being specific about goals, Moskites says. Accenture is proof positive that goals can become reality and that change is possible.
Keep It Fun
Monica Pal, chief executive officer of 4iQ, sees the gender gap as having far-reaching implications. "To protect people and defend democracy in the 21st century, we need to attract more girls into cybersecurity and keep more women engaged once they start by taking a comprehensive approach," she says. But just getting girls interested in coding or providing mentors for women in cybersecurity is not enough. Pal says we need to get more girls started on the journey and provide support for them every step of the way — and it has to be fun. "If it is not fun, girls will lose interest, and women will find environments that are more welcoming," she says, noting that "a few strong souls will have the motivation and courage to stay on the path, but we need many more women on this journey to secure our future."
Hannah Clifford, vice president of corporate development for Nehemiah Security, stresses the importance of speaking up — even if your viewpoint puts you in the minority. That's how she got into the cybersecurity industry. At the time, she was studying for her MBA at the Fuqua School of Business in Durham, North Carolina. "I had a different opinion on a case study than my adjunct professor, who was a venture capitalist," Clifford recalls. "He hired me after graduation for articulating a differing perspective on the case study versus the rest of the class, then asked me to help turn around a struggling portfolio company in the same industry." Based in Tysons, Virginia, Nehemiah Security has three senior executives who are women. "As a high-growth company, we look to broaden the tent to hire the best people we can in the cyber industry," she says.
Take the Plunge
Hemma Prafullchandra, HyTrust's chief technology officer and executive vice president of products, has already achieved an accomplished career. She urges women to seek out technology positions and "take the plunge; you are more capable than you allow yourself to believe." Prafullchandra says change needs to begin with each individual, and that lack of experience is not an automatic disqualification from advancing. Opportunities present themselves often, and you may well find yourself at a fork in the road that leads to potential advancement. "Don't just look to your current capabilities and experiences," she offers. "Recognize the new things you have learned and know that you can keep on learning. You will have the ability to fulfill a new role when the opportunity presents itself."
Prafullchandra also underscores the importance of finding and developing sponsors for your advancement: "There are many who can fill the role of a mentor, and you may [want to] strategize different topics with different people [who] can provide meaningful and trusted advice. However, a sponsor lends their credibility and stakes their own reputation for you when they introduce, recommend, and support you for a project, role, or some other form of advancement in your career. [So], of course, you must earn that privilege through building your own reputation and network."
In sum, reaching gender equality in cybersecurity is within our reach. We need to commit to goals and offer the support, mentoring, and coaching to make it happen. In recent months, I have written articles here on "automating ethics" and "doing the right thing" when it comes to either the operation or enforcement of security controls needed to run an IT infrastructure. It's also time to "do the right thing" when it comes to gender in the hiring, promotion, and sponsorship of women in technology and cybersecurity in particular. I am on a mission to effect that change — in spite of my gender and name advantage.