Submit Search
Upload
ISACA_Bringing out the hidden security Ninjas
•
0 likes
•
4 views
L
Lilminow
Follow
cybersecurity talent
Read less
Read more
Technology
Report
Share
Report
Share
1 of 34
Download now
Download to read offline
Recommended
India's Leading Cyber Security Companies_compressed.pdf
India's Leading Cyber Security Companies_compressed.pdf
Insights success media and technology pvt ltd
csxnewsletter
csxnewsletter
Dominic Vogel
2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One
FRSecure
Opening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital Future
Security Innovation
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
Neil Curran MSc CISSP CRISC CGEIT CISM CISA
Security beyond compliance
Security beyond compliance
Parakum Pathirana
Opi cyber talk for executives
Opi cyber talk for executives
Expressworks International
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine
Bradford Sims
Recommended
India's Leading Cyber Security Companies_compressed.pdf
India's Leading Cyber Security Companies_compressed.pdf
Insights success media and technology pvt ltd
csxnewsletter
csxnewsletter
Dominic Vogel
2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One
FRSecure
Opening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital Future
Security Innovation
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
Neil Curran MSc CISSP CRISC CGEIT CISM CISA
Security beyond compliance
Security beyond compliance
Parakum Pathirana
Opi cyber talk for executives
Opi cyber talk for executives
Expressworks International
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine
Bradford Sims
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
TopCyberNewsMAGAZINE
The Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdf
The Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdf
InsightsSuccess4
What's Hot In IT - Cybersecurity
What's Hot In IT - Cybersecurity
Row Murray
10 Most Influential Leaders in Cybersecurity 2023.pdf
10 Most Influential Leaders in Cybersecurity 2023.pdf
CIO Look Magazine
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
Ulf Mattsson
The Most Impactful Women in Cybersecurity For 2024.pdf
The Most Impactful Women in Cybersecurity For 2024.pdf
thesiliconleaders
Effectiveness of Cyber Security Awareness.pdf
Effectiveness of Cyber Security Awareness.pdf
Chinatu Uzuegbu
Insights from 2016 Cyberthreat Defense Report
Insights from 2016 Cyberthreat Defense Report
Stephanie Brannan
Cyber Diversity Framework
Cyber Diversity Framework
Keith Chapman
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Edureka!
Do You Manage Software? Understanding Your Role in Cybersecurity Defense
Do You Manage Software? Understanding Your Role in Cybersecurity Defense
Flexera
Women in security_ Is the tide turning_ - Print Article - SC Magazine UK
Women in security_ Is the tide turning_ - Print Article - SC Magazine UK
Caroline Rivett
Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022
Matthew Rosenquist
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
NetworkCollaborators
GITA March 2015 Newsletter
GITA March 2015 Newsletter
Kevin Moore MSIT, MISM
Cisco Connect 2018 Singapore - Changing the Security Equation
Cisco Connect 2018 Singapore - Changing the Security Equation
NetworkCollaborators
Cyber security brochure(1)
Cyber security brochure(1)
Aegis School Of Business
Cybersecurity Talent : The Big Gap in Cyber Protection
Cybersecurity Talent : The Big Gap in Cyber Protection
Capgemini
Influential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO Look
CIO Look Magazine
ScotSecure 2020
ScotSecure 2020
Ray Bugg
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
More Related Content
Similar to ISACA_Bringing out the hidden security Ninjas
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
TopCyberNewsMAGAZINE
The Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdf
The Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdf
InsightsSuccess4
What's Hot In IT - Cybersecurity
What's Hot In IT - Cybersecurity
Row Murray
10 Most Influential Leaders in Cybersecurity 2023.pdf
10 Most Influential Leaders in Cybersecurity 2023.pdf
CIO Look Magazine
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
Ulf Mattsson
The Most Impactful Women in Cybersecurity For 2024.pdf
The Most Impactful Women in Cybersecurity For 2024.pdf
thesiliconleaders
Effectiveness of Cyber Security Awareness.pdf
Effectiveness of Cyber Security Awareness.pdf
Chinatu Uzuegbu
Insights from 2016 Cyberthreat Defense Report
Insights from 2016 Cyberthreat Defense Report
Stephanie Brannan
Cyber Diversity Framework
Cyber Diversity Framework
Keith Chapman
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Edureka!
Do You Manage Software? Understanding Your Role in Cybersecurity Defense
Do You Manage Software? Understanding Your Role in Cybersecurity Defense
Flexera
Women in security_ Is the tide turning_ - Print Article - SC Magazine UK
Women in security_ Is the tide turning_ - Print Article - SC Magazine UK
Caroline Rivett
Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022
Matthew Rosenquist
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
NetworkCollaborators
GITA March 2015 Newsletter
GITA March 2015 Newsletter
Kevin Moore MSIT, MISM
Cisco Connect 2018 Singapore - Changing the Security Equation
Cisco Connect 2018 Singapore - Changing the Security Equation
NetworkCollaborators
Cyber security brochure(1)
Cyber security brochure(1)
Aegis School Of Business
Cybersecurity Talent : The Big Gap in Cyber Protection
Cybersecurity Talent : The Big Gap in Cyber Protection
Capgemini
Influential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO Look
CIO Look Magazine
ScotSecure 2020
ScotSecure 2020
Ray Bugg
Similar to ISACA_Bringing out the hidden security Ninjas
(20)
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
The Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdf
The Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdf
What's Hot In IT - Cybersecurity
What's Hot In IT - Cybersecurity
10 Most Influential Leaders in Cybersecurity 2023.pdf
10 Most Influential Leaders in Cybersecurity 2023.pdf
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
The Most Impactful Women in Cybersecurity For 2024.pdf
The Most Impactful Women in Cybersecurity For 2024.pdf
Effectiveness of Cyber Security Awareness.pdf
Effectiveness of Cyber Security Awareness.pdf
Insights from 2016 Cyberthreat Defense Report
Insights from 2016 Cyberthreat Defense Report
Cyber Diversity Framework
Cyber Diversity Framework
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Do You Manage Software? Understanding Your Role in Cybersecurity Defense
Do You Manage Software? Understanding Your Role in Cybersecurity Defense
Women in security_ Is the tide turning_ - Print Article - SC Magazine UK
Women in security_ Is the tide turning_ - Print Article - SC Magazine UK
Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
GITA March 2015 Newsletter
GITA March 2015 Newsletter
Cisco Connect 2018 Singapore - Changing the Security Equation
Cisco Connect 2018 Singapore - Changing the Security Equation
Cyber security brochure(1)
Cyber security brochure(1)
Cybersecurity Talent : The Big Gap in Cyber Protection
Cybersecurity Talent : The Big Gap in Cyber Protection
Influential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO Look
ScotSecure 2020
ScotSecure 2020
Recently uploaded
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
Commit University
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
hariprasad279825
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
charlottematthew16
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Wonjun Hwang
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Alex Barbosa Coqueiro
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Manik S Magar
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
Dubai Multi Commodity Centre
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
SeasiaInfotech2
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
carlostorres15106
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
RankYa
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Zilliz
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
Recently uploaded
(20)
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
ISACA_Bringing out the hidden security Ninjas
1.
© 2017 ISACA.
All Rights Reserved BRINGING OUT THE HIDDEN SECURITY NINJAS Daksha Bhasker, Senior Network Security Architect, Bell Canada 18 May 2017
2.
WELCOME • Have a
question for the speaker? Text it in using the Ask A Question button! • Audio is streamed over your computer • Technical issues? Click the ? button • Use the Feedback button to share your feedback about today’s event • Questions or suggestions? Visit https://support.isaca.org Use the Attachments Button to find the following: • PDF Copy of today’s presentation • Link to the Event Home Page where ISACA members can find the CPE Quiz • Upcoming ISACA Events • More assets from today’s webcast © 2017 ISACA. All Rights Reserved 2
3.
TODAY’S SPEAKER © 2017
ISACA. All Rights Reserved 3 Daksha Bhasker Senior Network Security Architect Disclaimer: Speaker’s Note: Opinions expressed in this talk are the speaker’s and not necessarily those of her employer. Author of ISACA journal article: Balancing the Cyber-security battlefield & ISACA podcast Balanceando el campo de batalla de la seguridad cibernética Blog post: Reducing the gender disparity in cyber security
4.
AGENDA © 2017 ISACA.
All Rights Reserved The Cyber-Security Battlefield The Ninja Quest Skills Shortage & Unrecognized Ninjas The “Whys” Finding and retaining the Hidden Security Ninjas Summary 4
5.
© 2017 ISACA.
All Rights Reserved “ZANSHIN” 5
6.
© 2017 ISACA.
All Rights Reserved CYBER SECURITY BATTLE-FIELD 6 USERs of Technology ATTACKERS Security Professionals •Resourceful •Nation States to Script kiddies • Diverse •Target Group: Everyone • Men, Women, Children • Global, Diverse • Business & Consumers • Generally Homogenous • Male •SKILLS SHORTAGE!!! •Not representative of “target” group profile
7.
© 2017 ISACA.
All Rights Reserved SKILLS SHORTAGE 7 “Executive management and boards of directors are now recognizing that cyber security is not just a tech problem, it’s a business problem.” Cyber-security that used to be primarily owned by IT departments of technology companies is now pervasive across most industries Cisco studies reveal there is currently a deficit of 1 million security practitioners. This will increase to 1.5 million by 2019. Globally, 35% of organizations are facing security expertise shortages with security jobs growing at 12 times the rate of the overall job market. As Technology proliferates: https://www.forbes.com/sites/stevemorgan/2016/01/02/one-million-cybersecurity-job-openings-in-2016/#5b73ed327ea2
8.
© 2017 ISACA.
All Rights Reserved The Result: Cannot find skills Cannot afford the ninja Poor retention rates Continued focus on male candidates** In the meantime Pools of talent is being neglected •Women •Non STEM disciplines •Foreign trained candidates What minimum training can resolve remains untapped SECURITY JOBS TARGET… (THE NINJA QUEST) 8 A Ninja? A geek? A detective? A super hero? A spy cat? ** 65 to 75% of Infosec professionals identify as Caucasian https://iamcybersafe.org/research_millennials/ https://hbr.org/2016/11/how-ceos-can-put-gender-balance-on-the-agenda-at-their-companies
9.
© 2017 ISACA.
All Rights Reserved IN THE MEANTIME…THE HIDDEN NINJAS 9 Women comprise ~50% of the global population Women drive 70-80% of all consumer purchasing, The global incomes of women are predicted to reach a staggering $18 trillion by 2018. $12 trillion could be added to global GDP by 2025 by advancing women’s equality. Groups are collectively more intelligent than individuals – The collective intelligence increases as the percentage of women in the group increases. [US Military Studies] Women provide vital contribution to the critical and creative thinking and decision making in the national security apparatus Active Technology Users Economic benefits Intelligence & Defence http://www.mckinsey.com/global-themes/employment-and-growth/how-advancing-womens-equality-can-add-12-trillion-to-global-growth http://ssi.armywarcollege.edu/pubs/parameters/issues/summer_2013/3_haring_article.pdf http://www.ey.com/Publication/vwLUAssets/Women_the_next_emerging_market/$FILE/WomenTheNextEmergingMarket.pdf https://www.forbes.com/sites/bridgetbrennan/2015/01/21/top-10-things-everyone-should-know-about-women-consumers/
10.
© 2017 ISACA.
All Rights Reserved 10 People who think differently because of their gender, culture, race or training, attack and defend themselves differently and bring unique value to cyber security teams. Global diverse attackers and attack tactics need diverse defence tactics
11.
© 2017 ISACA.
All Rights Reserved Women are approximately 50% of the global population yet only 11% are represented in the cyber-security profession. 2013 to-date: Percentage stagnates at 11% 56% of the women leave the field midcareer (the reasons are not what you may think) This is double the turnover rate for men. Concentration of women in information security in GRC SO WHAT'S GOING ON? 11 https://iamcybersafe.org/wp-content/uploads/2017/03/WomensReport.pdf http://www.techrepublic.com/article/the-state-of-women-in-technology-15-data-points-you-should-know/
12.
© 2017 ISACA.
All Rights Reserved In your organisation, do women participate in developing your security posture and security solutions? YES NO Don’t Know POLL 12
13.
© 2017 ISACA.
All Rights Reserved POLL 13 To your knowledge what areas of Cyber-security do women participate in, in your organisation: Marketing/Strategy/ HR/Education & Training Security Policy/ Risk Management Security Engineering/IT Security/Architecture Security Threat Analysts/SoC CISO/CTO/CIO/Director No Women in cyber security Other
14.
© 2017 ISACA.
All Rights Reserved WHY? 14 ..There are many broad socio-cultural issues that pervade our societies and economies across different parts of the world and I will try to keep focused on cyber-security
15.
© 2017 ISACA.
All Rights Reserved IMAGE OF CYBER SECURITY INDUSTRY 15 Common Internet Meme…. https://www.slideshare.net/issantx/ntxissacsc3-collin-colleges-security-management-practices-capstone-course-by-rick-brunner
16.
© 2017 ISACA.
All Rights Reserved Security is often about Confidentiality Culture of Secrets A secret by definition precludes common knowledge Principles of “Need to know” and “Least Privilege” Threat Intelligence Sharing in Closed circles Security can be seen as adversarial to Functionality and Operational priorities NATURE OF THE SECURITY BUSINESS 16 This makes it difficult for all new-entrants to the field including women
17.
© 2017 ISACA.
All Rights Reserved Paula's Principle: Most Women Work Below their Level of Competence LEAKY PIPE IN CYBER SECURITY 17 Source: https://www.youtube.com/watch?v=GVvUNdEPFZI -> http://www.paulaprinciple.com/ https://www.wct-fct.com/images/content-documents/Reports/English/WCT_Needs_Summarized_Needs_Assessment_FINAL__MARCH25_2017.pdf Women’s Confidence Putting themselves forward Negotiating Promotions Negotiating Salaries Vertical Networking Choose not to go up Highly educated women populations not reflected in the workplace
18.
© 2017 ISACA.
All Rights Reserved Madam Curie Effect Women Have a tendency to over compensate for being in a male dominated field. Women believe they must become more qualified and develop exceptional ability to compete with men in male-dominated science. PROVE YOURSELF 18 Natural Sciences and Engineering Research Council of Canada, “Women in Science and Engineering in Canada,” November 2010, http://publications.gc.ca/collections/collection_2012/rsgc-serc/NS3-46-2010-eng.pdf https://hbr.org/2014/10/hacking-techs-diversity-problem; https://www.wired.com/2013/11/silicon-valley-isnt-a-meritocracy-and-the-cult-of-the-entrepreneur-holds-people-back/ Prove-it-again! Women often have to provide more evidence of competence than men do to be seen as equally capable, a problem documented in scores of studies on double standards Meritocracy a theory that suggests that the harder you work the farther you go
19.
© 2017 ISACA.
All Rights Reserved UNCONSCIOUS BIAS 19 UB Impacts could result in: Women’s (technical) talents being overlooked Women not being hired into security roles Women not being promoted Fewer leadership & training opportunities Women being paid less Biased Performance evaluations •What is Unconscious Bias (UB)? Unconscious bias refers to a bias that we are unaware of, and which happens outside of our control What is Unconscious Bias: https://www.youtube.com/watch?v=dVp9Z5k0dEE Take the Harvard Implicit Association tests to measure your UB
20.
© 2017 ISACA.
All Rights Reserved WHAT CAN YOU DO 20
21.
© 2017 ISACA.
All Rights Reserved KNOW THE NINJA SKILLS YOU SEEK 21 • NINJAS didn’t go to NINJA School • Most NINJAS do not have formal security education. • Ninja legends are made of self taught skills & experience • Cyber security education programs spawning • Range of Security Certifications •Security spans “People, Process and Technology” •Security requires wide range of domains expertise Types of Undergraduate Degrees held by women in Cybersecurity in Director level or higher positions globally https://iamcybersafe.org/wp-content/uploads/2017/03/WomensReport.pdf
22.
© 2017 ISACA.
All Rights Reserved 22 WHAT IS A NINJA CAREER? • Define the security role • Define clear career paths • Be clear about the domain expertise for the Role •Know what skills are teachable •Be flexible on the pre-qualifications •From IT departments to all Industries •Be wary of falling into seeking stereotypes There are numerous domains in security that offer distinct career paths requiring different skills Examples: • Risk Analysis and Management • Cyber threat Analyst • Information Security Auditor • Network Security Architecture • IT systems security engineering • Pen Testers • Personnel Security • Regulatory & Compliance • Many others….
23.
© 2017 ISACA.
All Rights Reserved THE WORKPLACE 23 • Establish Business Etiquette in the Workplace • Dismantle “old boys clubs” • No to “Bro-Culture” , hoodies, sweats, flip flops etc. • Zero tolerance for disrespect of women colleagues •Professional Management of Classified Information Governance of “Need to know” practices Zero tolerance for information hoarding and exclusion Corporate Governance for Security departments (Enforce policies for diversity, code of business conduct) http://www.itworldcanada.com/article/fighting-the-boys-club-mentality-in-cyber-security/392477 http://www.itworldcanada.com/article/rsa-2016-women-speak-out-on-the-trials-and-joys-of-infosec-careers/381246
24.
© 2017 ISACA.
All Rights Reserved • BE Accountable, HOLD people managers accountable • Maintain statistics, scorecards and metrics on • Distribution of women and diversity in cybersecurity roles • Retention and advancement rates of women over a period of time • Know the skill sets of your talent pool •Incent & Reward • Women to pursue careers in security • Offer opportunities for training & advancement • Reward women with financial remuneration for milestones achieved •Establish exit interviews for women leaving to understand the drivers THE WORKPLACE – NINJA RETENTION 24
25.
© 2017 ISACA.
All Rights Reserved Thirty by Thirty – Engineers Canada ADAPTING OTHER PROGRAMS FOR SECURITY 25 Source: https://engineerscanada.ca/sites/default/files/30by30-en.pdf Do similar for CYBER SECURITY
26.
© 2017 ISACA.
All Rights Reserved UNCONSCIOUS BIAS 26 Everybody had unconscious bias We cannot cure unconscious bias Can be addressed by self-awareness When hiring for Cyber Security Talent… What is Unconscious Bias: https://www.youtube.com/watch?v=dVp9Z5k0dEE PANEL MEMBERS ARE ENCOURAGED TO:
27.
© 2017 ISACA.
All Rights Reserved • Approx 90% of the Security industry are men • Men hold the positions of Rank and Power • Majority of the hiring decisions are made by men • Guidance on succeeding here lies with men • An industry established mentor can • Can help break barriers for the protégé • Create acceptance (even if reluctant) amongst his peer groups. • Can help challenge the prevailing “bro-culture” in the industry • Has a vested interest in the success of his protégé MENTORING 27
28.
© 2017 ISACA.
All Rights Reserved • Good for support & information sharing. • Seeking women Role Models • Not effective for Vertical networking yet. • Be wary of driving the gender divide wedge further - Promote gender inclusivity as gender equity is NOT a woman’s issue A partnership of differences is required for strong security postures Networks with a good mix of gender and race are the most valuable ROLE OF WOMEN'S NETWORKS 28 https://hbr.org/2017/02/is-it-ok-for-a-bunch-of-men-to-lead-a-women-in-the-workforce-initiative
29.
© 2017 ISACA.
All Rights Reserved Zanshin (Japanese: 残心) is a state of Awareness, of Relaxed Alertness Awareness of the state of the cyber security battlefield Awareness of Image of the industry, the hype, the closed information circles and cliques Awareness of the hidden security ninjas Security Talent potential is Everywhere Be aware of the skills required Set clear career paths Consider women & diversity for balanced teams Raise/Train new Ninjas and Retain them Self-Awareness for Unconscious Bias SUMMARY - BRING OUT THE HIDDEN SECURITY NINJAS 29 Balancing the battlefield in cyber- security is NOT a woman’s issue In cyber security diversity benefits everyone. Achieve better: Economic results, Intelligence outcomes Overcome skills shortage Achieve stronger security postures https://hbr.org/2017/02/is-it-ok-for-a-bunch-of-men-to-lead-a-women-in-the-workforce-initiative
30.
© 2017 ISACA.
All Rights Reserved Considering the information shared today, what are you likely to do differently: Pay specific attention to support and encourage women in cyber security Recruit from various education disciplines & skills into security roles Create clear job descriptions and succinct career paths for security roles Be aware of Unconscious bias in self and others Be a mentor or Seek a mentor Other Nothing POLL 30
31.
© 2017 ISACA.
All Rights Reserved Daksha Bhasker daksha.bhasker@bell.ca bdaksha@yahoo.com SPEAKERS (NINJA) CONTACT 31 ISACA journal article: Balancing the Cyber-security battlefield Balanceando el campo de batalla de la seguridad cibernética Blog post: Reducing the gender disparity in cyber security & ISACA : podcast
32.
Questions? © 2017 ISACA.
All Rights Reserved 32
33.
THIS TRAINING CONTENT
(“CONTENT”) IS PROVIDED TO YOU WITHOUT WARRANTY, “AS IS” AND “WITH ALL FAULTS.” ISACA MAKES NO REPRESENTATIONS OR WARRANTIES EXPRESS OR IMPLIED, INCLUDING THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR PERFORMANCE, AND NON- INFRINGEMENT, ALL OF WHICH ARE HEREBY EXPRESSLY DISCLAIMED. YOU ASSUME THE ENTIRE RISK FOR USE OF THE CONTENT AND ACKNOWLEDGE THAT: ISACA HAS DESIGNED THE CONTENT PRIMARILY AS AN EDUCATIONAL RESOURCE FOR IT PROFESSIONALS AND THEREFORE THE CONTENT SHOULD NOT BE DEEMED EITHER TO SET FORTH ALL APPROPRIATE PROCEDURES, TESTS, OR CONTROLS OR TO SUGGEST THAT OTHER PROCEDURES, TESTS, OR CONTROLS THAT ARE NOT INCLUDED MAY NOT BE APPROPRIATE; ISACA DOES NOT CLAIM THAT USE OF THE CONTENT WILLASSURE A SUCCESSFUL OUTCOME AND YOU ARE RESPONSIBLE FOR APPLYING PROFESSIONAL JUDGMENT TO THE SPECIFIC CIRCUMSTANCES PRESENTED TO DETERMINING THE APPROPRIATE PROCEDURES, TESTS, OR CONTROLS. Copyright © 2017 by the Information Systems Audit and Control Association, Inc. (ISACA). All rights reserved. This webinar may not be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system, or transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise). © 2017 ISACA. All Rights Reserved 33
34.
© 2017 ISACA.
All Rights Reserved THANK YOU FOR ATTENDING THIS WEBINAR
Download now