Cybersecurity problems and deficiencies have been front-page news for some time, yet some of the industry’s most intractable — and embarrassing — themes remain the same. Along with SQL injections, weak passwords and social engineering, we continue to deal with the fact that women currently only make up about 20 percent of the global security workforce, according to Cybersecurity Ventures. It’s important to note that the gender gap that our industry faces today also occurred in previous waves of technology. And while some security advances have unexpectedly benefited gender inclusion, others have had the opposite effect.
How Emerging Security Technologies Have Impacted Gender Inclusion
Many of us spend time reflecting on the men and women who were not only ahead of their time, but truly helped engineer the times we live in now.
My thoughts sometimes turn to my own late mom, who grew up in Brooklyn in the 1930s — way before Brooklyn was anything near cool. Among the many aspects of her amazing but difficult life was the time she spent as a champion high school swimmer and New York City lifeguard, as well as a supervisor and trainer of other lifeguards. Unfortunately, at the time, women could typically only be lifeguards at city pools and basins, not at the more challenging open-ocean beaches. Thus, my mom’s own lifeguarding was primarily based at a public pool in Brooklyn, while many of her male students graced the more glamorous chairs of Coney Island and Rockaway. Ocean security was almost exclusively a man’s domain. The stated reasons for this were that only men — large men — could handle the panicked throes of the near-drowning ocean swimmer, in which there were often desperate and instinctual attempts to submerge the rescuing lifeguards who approached.
Now, as anyone who has been on a beach or watched Baywatch — personally, I watch it for the lifeguarding techniques — knows, there are presently many women lifeguards, even in the most treacherous waters. One factor that accelerated this long-delayed inclusion was a small, simple piece of security technology: the lifeguard’s rescue can, or float. A lifeguard typically throws the can to calm a distressed swimmer and keep him or her above water while being towed back to shore. With this technique, a lifeguard’s key attributes are swimming ability, empathy, judgment and timing — not merely the ability to stay big and buoyant.
While the lifeguarding float almost immediately improved gender inclusion, another piece of technology — of which my mother was also familiar — may have reduced it: the typewriter. The typewriter was originally considered a complex and arcane men’s-only piece of machinery that, to some extent, made documents more secure. It was only when the typewriter was streamlined and commoditized that typing became “women’s work.” Before modern technologies, the typewriter resulted in further gender differentiation — not the inclusion the rescue float brought about. Today, no one would think of gender considerations for a typing class.
Break Down the Walls Holding Back Women in Cybersecurity
These past examples can inform initiatives for present-day cybersecurity gender inclusion. Once, when discussing surf security and ocean rescue with my mom and other lifeguards, I said that I believed a lifeguard could recognize a swimmer who would be in trouble as soon as he or she stepped into the water. They gently shook their heads at my naiveté and corrected me: You can recognize a swimmer who will be in trouble as soon as he or she steps onto the beach.
When it comes to a fully enabled and diverse cybersecurity workforce, many enterprises may be inadvertently walking into trouble as they enter the dangerous waters of threat proliferation and workforce challenges. Thus, as new cybersecurity techniques and technologies make their way into society and the workplace, we should all pay close attention to both their anticipated and unexpected effects on gender inclusion.
While we can’t predict the future, we can help shape it during every passing minute. It is up to all of us to implement the waves of emerging security technologies and processes — whether they protect ocean surfing or web surfing — in ways that encourage, not deter, greater gender inclusion.