Cybersecurity problems and deficiencies have been front-page news for some time, yet some of the industry’s most intractable — and embarrassing — themes remain the same. Along with SQL injections, weak passwords and social engineering, we continue to deal with the fact that women currently only make up about 20 percent of the global security workforce, according to Cybersecurity Ventures. It’s important to note that the gender gap that our industry faces today also occurred in previous waves of technology. And while some security advances have unexpectedly benefited gender inclusion, others have had the opposite effect.

How Emerging Security Technologies Have Impacted Gender Inclusion

Many of us spend time reflecting on the men and women who were not only ahead of their time, but truly helped engineer the times we live in now.

My thoughts sometimes turn to my own late mom, who grew up in Brooklyn in the 1930s — way before Brooklyn was anything near cool. Among the many aspects of her amazing but difficult life was the time she spent as a champion high school swimmer and New York City lifeguard, as well as a supervisor and trainer of other lifeguards. Unfortunately, at the time, women could typically only be lifeguards at city pools and basins, not at the more challenging open-ocean beaches. Thus, my mom’s own lifeguarding was primarily based at a public pool in Brooklyn, while many of her male students graced the more glamorous chairs of Coney Island and Rockaway. Ocean security was almost exclusively a man’s domain. The stated reasons for this were that only men — large men — could handle the panicked throes of the near-drowning ocean swimmer, in which there were often desperate and instinctual attempts to submerge the rescuing lifeguards who approached.

Now, as anyone who has been on a beach or watched Baywatch — personally, I watch it for the lifeguarding techniques — knows, there are presently many women lifeguards, even in the most treacherous waters. One factor that accelerated this long-delayed inclusion was a small, simple piece of security technology: the lifeguard’s rescue can, or float. A lifeguard typically throws the can to calm a distressed swimmer and keep him or her above water while being towed back to shore. With this technique, a lifeguard’s key attributes are swimming ability, empathy, judgment and timing — not merely the ability to stay big and buoyant.

While the lifeguarding float almost immediately improved gender inclusion, another piece of technology — of which my mother was also familiar — may have reduced it: the typewriter. The typewriter was originally considered a complex and arcane men’s-only piece of machinery that, to some extent, made documents more secure. It was only when the typewriter was streamlined and commoditized that typing became “women’s work.” Before modern technologies, the typewriter resulted in further gender differentiation — not the inclusion the rescue float brought about. Today, no one would think of gender considerations for a typing class.

Break Down the Walls Holding Back Women in Cybersecurity

These past examples can inform initiatives for present-day cybersecurity gender inclusion. Once, when discussing surf security and ocean rescue with my mom and other lifeguards, I said that I believed a lifeguard could recognize a swimmer who would be in trouble as soon as he or she stepped into the water. They gently shook their heads at my naiveté and corrected me: You can recognize a swimmer who will be in trouble as soon as he or she steps onto the beach.

When it comes to a fully enabled and diverse cybersecurity workforce, many enterprises may be inadvertently walking into trouble as they enter the dangerous waters of threat proliferation and workforce challenges. Thus, as new cybersecurity techniques and technologies make their way into society and the workplace, we should all pay close attention to both their anticipated and unexpected effects on gender inclusion.

While we can’t predict the future, we can help shape it during every passing minute. It is up to all of us to implement the waves of emerging security technologies and processes — whether they protect ocean surfing or web surfing — in ways that encourage, not deter, greater gender inclusion.

More from CISO

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Emotional Blowback: Dealing With Post-Incident Stress

Cyberattacks are on the rise as adversaries find new ways of creating chaos and increasing profits. Attacks evolve constantly and often involve real-world consequences. The growing criminal Software-as-a-Service enterprise puts ready-made tools in the hands of threat actors who can use them against the software supply chain and other critical systems. And then there's the threat of nation-state attacks, with major incidents reported every month and no sign of them slowing. Amidst these growing concerns, cybersecurity professionals continue to report…

Moving at the Speed of Business — Challenging Our Assumptions About Cybersecurity

The traditional narrative for cybersecurity has been about limited visibility and operational constraints — not business opportunities. These conversations are grounded in various assumptions, such as limited budgets, scarce resources, skills being at a premium, the attack surface growing, and increased complexity. For years, conventional thinking has been that cybersecurity costs a lot, takes a long time, and is more of a cost center than an enabler of growth. In our upcoming paper, Prosper in the Cyber Economy, published by…

Reporting Healthcare Cyber Incidents Under New CIRCIA Rules

Numerous high-profile cybersecurity events in recent years, such as the Colonial Pipeline and SolarWinds attacks, spurred the US government to implement new legislation. In response to the growing threat, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) in March 2022.While the law has passed, many healthcare organizations remain uncertain about how it will directly affect them. If your organization has questions about what steps to take and what the law means for your processes,…