Why Are So Few Women In Cybersecurity?

Ellison Anne Williams has a PhD in mathematics, vast experience at the den of wizards known as the National Security Agency, and entrepreneurial chops. She’s accomplished and smart.  So what happened to her at a recent business meeting left her dismayed, although it is far from uncommon for women in cybersecurity.

“I was in the room and the fellow walked in. He stopped dead in his tracks and the first words out of his mouth were, ‘You’re a girl.’ And I said, ‘Yes, what were you expecting?’” said Williams, founder and chief executive of Enveil, a Matyland data security company.

Males hold three out of four jobs in the tech world, but it is in cybersecurity where the lack of participation of women is most acute. By one reckoning, only 14 percent of the US workforce in cybersecurity is female. 

Those women that do break into the industry talk of glass ceilings, insensitivity in the workplace, a lack of mentors and popular culture that reinforces the image of male tech workers.

The gender imbalance has potential consequences for the nation’s security. The United States, already suffers a shortage of cyber-security workers, even as global hacking threats grow more acute. The labor shortage is forecast to worsen. A study last year by Frost & Sullivan, a consulting firm, found that North America will face a shortage of 265,000 cybersecurity workers by 2022.

Prod just about any woman at a cyber-security firm and anecdotes pour forth.

“Everyone has a story where you’re the only woman in the room, and being asked to take notes,” said Priscilla Moriuchi, director of strategic threat development at Recorded Future, a Boston-area cyber threat intelligence firm. The cybersecurity industry writ large has yet to take the gender imbalance seriously, she said, even as some firms take big steps.

“Women are not getting promoted at the same rate as men are, and women are not getting salary increases at the same rate as men are even though they are asking for and applying at the same rate,” Moriuchi said. 

A number of nonprofit groups and private companies actively promote training to get younger girls involved in information security. They include goodgirlswritecode.org and girlswhocode.com. The Girl Scouts organisation says that later this year it will add merits badge in cybersecurity.

Several executives said girls winnow out of tech and cyber-security career paths at a young age.

Electronic games and movies reinforce stereotypes that tech and cyber-security are for males, said Kim Tremblay, founder of Arctic Wolf Networks, a California security firm. Search online for images of cybersecurity researchers, Tremblay said, and “you’re going to get an image of a guy in a hoodie.” Females see such images and feel alienation. “They don’t see themselves as these people with the hoodies on.”

In middle and high schools, girls interested in computer science and coding clubs commonly feel little social support, several executives said. Moriuchi recalled her own experience: “They weren’t unfriendly to girls but there weren’t many girls there, and as a result that lessens the appeal.” 

Ashley Podhradsky, a professor of computer forensics at Dakota State University, is among experts trying to change this. In 2015, Podhradsky founded a residential cybersecurity summer camp for girls under a trademarked name: CybHER Security. It’s bursting at the seams. Last year, the camp attracted 130 students from 16 states.

The weeklong camp is free for participants, and the costs are partly funded by the National Security Agency and a series of private corporations, like AT&T and Citigroup, she said. At the camp, girls learn things like how to find deleted messages on a phone and how to analyze photos to see where they were taken and by what device.

“I’ve heard so many times that girls aren’t interested. That’s just not true,” added Podhradsky, who is an associate professor of information security at the university. Once out in the workplace, women in cybersecurity often find themselves in a common situation, being the only woman in a room.

“It’s a very male dominated culture,” Williams said. “It can be, a little more, crass and a little bit more rough, and maybe some … females don’t like that, and it is off-putting.”

Even getting a foot in the door can be hard.

“There’s a lot of unconscious bias in hiring,” said Lisa Jiggetts, founder and chief executive of Women’s Society of Cyberjutsu, a support community for women in the field. “There’s conscious bias, too. For whatever reason, women aren’t viewed as capable and skillful in the field.”

As a rule, women wait until they accrue required skills before applying for cybersecurity jobs, said Tremblay, of Arctic Wolf, while men routinely bluff their way through.

“The men may have none of (the skills) and will still apply,” Tremblay said. Some positive stories are out there. Williams spent 12 years working at the National Security Agency, the top-secret government branch that deals in signals intelligence, hacking and defending against cyber-attack. As she rose in the ranks, helped by male mentors, she said she was able to help make inroads on the gender issue.

“One of the things that NSA has gotten really right is that they’ve done a really great job of building a cadre of excellent female mathematicians,” she said.

But for every positive story, there are also negative ones.
Leah Figueroa, lead data engineer at Gravwell, a data analytics company out of Coeur D’Alene, Idaho, is a frequent speaker on cybersecurity issues at industry conferences.

“Yesterday, I was walking around and I had on my speaker’s badge. Someone asked me who’s speaker badge I was borrowing. I was like, ‘This is mine,’” Figueroa said on the sidelines of the Shmoocon hacker conference in Washington earlier this month.

Figueroa said she has professional colleagues who face diminishment at client meetings.

“They have clients who won’t speak directly to them,” she said. “It’s the assumption that the woman is not the lead on the project. They just default to speaking to the men.”

McClatchyDC

You Might Also Read: 

Very Few Women Are CISOs:

Women Write Better Computer Code Than Men:
 

 

« Blockchain Is Transforming The Investment Business
Getting The Most From Investing In AI »

Directory of Suppliers

Darktrace

Darktrace

Darktrace’s Enterprise Immune System is capable of detecting and responding to emerging cyber-threats, from within the network.

Centre for Secure Information Technologies (CSIT)

Centre for Secure Information Technologies (CSIT)

CSIT is the UK's Innovation and Knowledge Centre (IKC) for secure information technologies. Our vision is to be a global innovation hub for cyber security.

DataCore Software

DataCore Software

DataCore Software is a leader in Software-Defined Storage. Solutions offered include back up and disaster recovery.

Karamba Security

Karamba Security

Karamba provide an IoT Security solution for ECUs in automobiles which ensures that all cars are protected (not just autonomous cars).

Vera Security

Vera Security

Vera is a data security platform that provides 360-degree visibility and control over critical business data, anywhere it's shared or stored.

OnSecure

OnSecure

OnSecure is the central online community portal for information security professionals working for the Australian government.

6cure

6cure

The 6cure Threat Protection solution eliminates malicious traffic to critical services in real time and protects against DDoS attacks.

Tieto

Tieto

Tieto is the largest Nordic IT services company that provides full life-cycle services in areas including cybersecurity

4N6

4N6

4N6 is a privately-owned firm founded with the goal of providing expert knowledge of computer forensics.

Netpay International

Netpay International

Netpay's innovative technology ensures your business can provide secure, innovative payments solutions to all your e-commerce transactions.

Netresec

Netresec

Netresec is an independent software vendor with focus on the network security field. We specialize in software for network forensics and analysis of network traffic.

SIGASEC (SIGA)

SIGASEC (SIGA)

SIGA provides cyber security solutions for Industrial Control Systems SCADA systems used in critical infrastructures and industrial processes.

Veristor

Veristor

Veristor are seasoned experts in IT technology, providing a full suite of design, deployment, support, and managed service offerings.

InfoReliance

InfoReliance

InfoReliance is a cybersecurity managed service provider, consultant, systems integrator, and independent software vendor.

International Journal of Cyber-Security and Digital Forensics (IJCSDF)

International Journal of Cyber-Security and Digital Forensics (IJCSDF)

The International Journal of Cyber-Security and Digital Forensics (IJCSDF) is a knowledge resource for practitioners working in various fields of Cyber Security.