Fortalice Solutions President and CEO and Dark Cubed Co-Founder Theresa Payton sheds light on the gender gap in cybersecurity and discusses ways to engage more women in cyber careers. Fortalice Solutions Chief Information Security Officer Ken Bailey will be speaking on the The Life of a Hack: A Business Survival Guide panel at the second annual Capital Cybersecurity Summit on Nov. 14-15, 2017 in Tysons Corner.
What image flashes in your mind when you hear the word “cybersecurity?” Is it a room filled with happy, diverse, productive people making a difference in the world around them? Sadly no. More than likely, it’s a guy hunched over his computer wearing a dark hoodie with some ones and zeros floating above his head. Or maybe it’s a cold room in a basement filled with rows and rows of computer servers. If you’re a woman looking at the next 30-40 years of your life, would you pick a career that looks so ominous? Probably not.
Optics is one of the biggest hurdles we face as cybersecurity professionals and the hurdle is even greater for women in security. Generally speaking, women are more drawn to careers where they can use their intellectual, emotional and interpersonal skills and cybersecurity does a terrible job promoting itself in those areas. What if I told you that cyber can be an extremely emotionally charged field? Yes, it’s logical and yes, it’s technical – but the beauty is that we use those skills in conjunction with softer skills to truly help people.
In my daily life as CEO of Fortalice Solutions, I work directly with the government, corporations and people to protect what’s most important to them, including intellectual property, financial assets and healthcare information. And perhaps the most rewarding of all, I work frequently with law enforcement to use innovative technology to combat human trafficking and childhood sexual exploitation. We need to demystify cybersecurity and talk plainly about how our field helps people, in real tangible ways.
For example, I’ve often said that security is inherently flawed because it is not designed for the human psyche. Today security is not only an afterthought, security designs have zero empathy for the human. Do you know any non-technical professionals that profess a deep fondness for strong passwords? You don’t. Passwords are designed for the technology and we ask the human to conform. According to cybersecurity best practices, people will share and forget passwords and they will do unsafe things to get their jobs done, such as use free, unsecure Wi-Fi. Haven’t you? Women’s natural intuition and emotional intelligence to see themselves in someone else’s shoes is exactly what we need to combat this problem!
In order to be more inclusive of women in cybersecurity, at least three things need to happen.
First, hiring managers need to expand their criteria and qualifications. Many hiring managers are leaving women and minority candidates on the sidelines by chasing the same resumes, the same degrees and the same alphabet soup of certifications in future employees. While this might be one indicator of a successful hire it is not the only indicator. The best cybersecurity professionals are insatiable learners and highly skilled problem solvers who think about the user while never underestimating the adversary. Take a chance on a different degree and background and invest in cross training. Some of my best cybersecurity team members started out in a different field and are now some of the best, most well rounded cybersecurity professionals we have on the front lines of fighting cybercrime.
Second, an April 2013 survey of Women in Technology, found that 45% of respondents noted a “lack of female role models or [the encouragement to pursue a degree in a technology-related field].” It’s been proven that professional mentorship and development dramatically increase participation in any given field, so the lack of women in cybersecurity is really a compounding problem – we don’t have enough women in cyber because there aren’t enough women role models in cyber. While connecting with other women has had its challenges, there are wonderful women in cyber today… look at KT McFarland, Deputy National Security Advisor and Ambassador to Singapore, and Keren Elazari, a global speaker on cybersecurity and ethical hacker out of Israel. They are rock stars.
I’ve been very lucky to work with wonderful, inspiring women in cyber, but I recognize that my exposure might be more than women starting their career. This brings me to my third point: I recommend all cyber practitioners, and especially women, take advantage of all the amazing free tools out there from RSA, TED talks, and even YouTube. You can watch speeches from veteran cybersecurity professionals about their careers, hear their advice on how to succeed, and learn new skills to keep you competitive in the workplace. Consider free online courses in cybersecurity or popular programming languages like Python. Ask your colleagues to show you their favorite geek gadget or ethical hack. There are some excellent security frameworks and guidance available for free online such as the NIST framework, CIS Critical Security Controls, SSÅE 16, and discussions on GDPR. Leverage social media to hear what’s on the minds of security experts. In this field, be a constant student of your profession.
It’s true there is a shortage of women in cybersecurity but there is not a lack of talented and strong women in this world. Cybersecurity requires a general shakeup and perhaps women are the ones to do it. I’m grateful that I can talk about my industry and I hope more women join this exciting field… and they can even wear their favorite hoodie.