It’s International Women’s Day — so where are the women in cybersecurity?
Years ago, while working in product marketing for a network security vendor, I attended my employer’s big user conference to demonstrate our threat intelligence service to prospects and clients. A colleague brought over a big-name customer of another product in the portfolio, and while making introductions, my colleague — a very nice and intelligent man — introduced me as “the pretty one” on our team.
I believe this colleague meant no ill will and was not posturing. Rather, he simply defaulted to the one characteristic that differentiated me from everyone else on the team: I was the only woman.
My story here is not unique. In the years since, I’ve spoken with many female colleagues in the industry and heard a lot of similar stories. The most common thing I heard was women in technical or professional roles being asked to order and/or clean up lunch or take notes for the team. On the surface, these tasks might seem innocuous; being a team player is important. However, they are often given to women, perhaps subconsciously, because they are more “care-oriented” or associated with roles that have traditionally been filled by women.
I do think the industry has come a long way in a short time. As I’ve continued on my own security career journey, I’ve had the opportunity to work for a number of bosses, both men and women, who are very sensitive to this type of bias and do their best to curb it wherever possible. However, these situations illustrate an important point that is still relevant in the industry today: equal representation of people from diverse backgrounds, in all kinds of roles, matters.
It’s important to note that representation is imperative for everyone regardless of gender, ethnicity, religion, race or sexual orientation. However, in honor of International Women’s Day, I’d like to dig in further into why representation of women in cybersecurity is so crucial.
What Do Women Bring to Cybersecurity?
The number of women in security has risen since the incident I referenced above thanks to direct efforts by multiple women in cyber groups. However, it is still quite small: Cybersecurity Ventures predicted that women will represent only 20 percent of the global cybersecurity workforce by the end of 2019. When you consider that women make up 50 percent of the population, it’s shocking to think that so few are working in cybersecurity.
I’ve focused most of my professional life in security, so I can’t speak to other technology areas. However, I’ve always felt the security industry was much more “edgy,” more willing to rewrite the rules to get the job done well. Maybe that means we can be a catalyst for changing the balance of women in technology.
Security attacks don’t discriminate; attackers use any avenue available to reach their intended target. This includes but is not limited to: poor patch management, inadequate access controls with suppliers and social engineering of employees. To effectively combat these varied attacks, organizations must tackle threat investigation, attack mitigation and risk prevention with the same all-hands-on-deck approach.
Here are just a few of the ways women bring value to the cybersecurity field:
Diverse Skills
Finding risks and stopping threats is just one aspect of security. For cybersecurity teams to really succeed, they need members with a variety of business and nontechnical skills, including experience in business, leadership, communications and behavioral sciences such as economics. While not unique to women, an infusion of women into the cybersecurity workforce can only add to this diversity of skills.
Industry Expertise
Even though there aren’t many women working in cybersecurity, women make up a substantial piece of the general workforce. Women working in other fields such as healthcare, insurance, finance, education and retail can fortify your team by filling gaps in vertical-specific attack vectors and risk identification.
Balanced Views
If women make up 50 percent of the population, it stands to reason that your business is also selling to women. If a customer-first strategy is a pillar of your business goals — and security should be central to that — then you definitely need the perspective and balance of the people you’re selling to.
A Skills Shortage Is an Abundance for Women in Security
The cybersecurity skills shortage is well-documented. For women in cybersecurity, though, this translates to an abundance of opportunity.
IBM Security is fortunate to count among its ranks some of the top minds in the industry, many of whom are accomplished and influential women in the space. Let’s take a look at how they established themselves in cybersecurity, the work they did to develop their own careers and advance in the field, and the advice they offer to women looking to follow in their footsteps.
Limor Kessem: Build Upon Your Existing Strengths and Talents
Limor had planned to open her own clinic for naturopathic medicine. However, with her entrepreneurial spirit and an ability to translate very technical information into something easily understood and actionable, Limor’s strengths were a natural fit for a career in cybersecurity. Today, she leads the governance, risk management and compliance (GRC) processes for content at IBM Security.
Danna Pelleg: Embrace Your Passion
With a passion for psychology and fighting “bad guys,” Danna found a way to combine the two into a rewarding career in cybersecurity. Danna is a fraud specialist and security operations team lead at IBM Trusteer. She channels her passions for threat intelligence and research to deliver insights that, when translated into business terms, help clients improve cyber awareness.
Rhonda Childress: Take the Right Risks to Advance Your Career
The first woman at IBM Security to become an IBM Fellow and the first woman in IBM Services to be named an IBM Master Inventor, Rhonda Childress is no stranger to firsts. She embodies the adage that growth and comfort cannot coexist. In her 25-year career at IBM, Rhonda has had lots of opportunities to take risks to advance her career. In that time, she has submitted more than 200 patent applications and has more than 130 approved patents for inventions related to cybersecurity, the internet of things (IoT) and systems management.
Opening the Doors for Tomorrow’s Leaders
Mentoring is a common thread among all the women highlighted above. In addition to helping them learn and grow, mentoring has become an important way for these women to give back and share their skills. Programs such as IBM Cyber Day 4 Girls and Pathways in Technology Early High Schools (P-TECH) help capture the attention of young people interested in technology and cybersecurity. Others, such as the IBM Tech Re-Entry Program and the New Collar initiative, help experienced professionals apply their experience and skill sets in new ways. These programs help increase representation not only for women, but also people across various ages, ethnicities and industry experience.
Why It All Matters
There are obviously great business reasons for increasing the number of women in cybersecurity. However, as mentioned above, representation is crucial. Right now there are girls and young women — our daughters, granddaughters, sisters, nieces and friends — who are looking at the world and wondering what they can do to make it better. What better way to protect the world than with a career in cybersecurity? These girls and women need to see that it’s possible, and the only way to do that is to make it a reality right now.