*In the *last post,* Cassia Martin introduced us some ideas on encouraging women to grow their information security career. I asked three women from my network whom I respect for the information security careers they’ve built for themselves and also for their wise words on how women can build an information security career.*
I’m relatively new to this field (7 years) and I have found my peers and colleagues to be very welcoming and passionate about information security. I encourage leaders to truly recognize the value of a diverse team and create a path for women at all stages of their careers. One way to do this is to mentor and influence women already in professions that involve analysis, research or problem solving. Another idea is to attract young women through internships or school-to-work programs. By making the path into information security clear, I believe the odds of women sticking with the profession are good since typically there is a lot of camaraderie, continuous challenge, personal satisfaction and reward.
To encourage more women to become information security or cyber security professionals, I feel that we need to do more proactive outreach to encourage enrollment at universities that offer cyber security degrees and within our own organizations for individuals that may be seeking a change and have the desire and aptitude to continually learn new skills. Many young women are assuming that computer science is the only way into this industry. My degree was focused on computer information systems, so while programming was a component of the program (and actually my least favorite), I also learned network security and business aspects. Cyber security today is an enterprise-wide issue, beyond just the realm of IT and absolutely requires professionals with varying leadership skill sets.
Our proactive outreach to women needs to focus on career flexibility, opportunity, advancement, and retention. While the field is a demanding one, the cyber security field offers flexibility, and with growing families and personal priorities, this is an essential “must have’ especially for women professionals. Also, since the percentage of women in this industry severely needs growth improvement, this means the women joining will continue to be “one of the few” for a number of years to come. Why not aim for the industry where you can be part of the change, where your inputs will add diversity to the decision making, and help you continue to grow as “one of the few”?
Some of what I think needs to be done is less on the industry and more on society/Hollywood — having visible role models of women in computer security that aren’t there for eye candy would be great. CSI-cyber for example has a few women, but they aren’t really portrayed as knowledgeable in cyber (they need to have basics of computing explained to them).
In the industry itself, in my experience, the boys’ network is thriving. There is a lot of the culture that is male-centric (think of the entertainments, booths, etc that you see at most conferences that cater towards the male majority), so as a women, I do feel like I don’t belong, and in general like I am not wanted there. I have often been seen as the assistant for my male counterparts, and vendors will choose not to speak directly to me. Because of this, women leave the industry, or choose not to participate in the social aspects because it is uncomfortable, which leads to a lack of women as role models, which leads to girls seeing it as a boys-only thing.
The industry as a whole needs to want to change for anything to get better. And from my experience, that isn’t something that most are interested in. There are some individual efforts to change the culture, but generally the hacker culture likes being offensive, making everything a contest, being counter-culture. And that’s the part that I don’t know how to change — until the industry sees the benefit of being more welcoming, things will still be uncomfortable for women, and you will have a hard time convincing some who could be the best to put up with the BS that is part of being a women’ in tech.