SlideShare a Scribd company logo

ISACA_Bringing out the hidden security Ninjas

L
Lilminow

cybersecurity talent

Technology
1 of 34
Download to read offline
© 2017 ISACA. All Rights Reserved BRINGING OUT THE HIDDEN SECURITY NINJAS Daksha Bhasker, Senior Network Security Architect, Bell Canada 18 May 2017
WELCOME • Have a question for the speaker? Text it in using the Ask A Question button! • Audio is streamed over your computer • Technical issues? Click the ? button • Use the Feedback button to share your feedback about today’s event • Questions or suggestions? Visit https://support.isaca.org Use the Attachments Button to find the following: • PDF Copy of today’s presentation • Link to the Event Home Page where ISACA members can find the CPE Quiz • Upcoming ISACA Events • More assets from today’s webcast © 2017 ISACA. All Rights Reserved 2
TODAY’S SPEAKER © 2017 ISACA. All Rights Reserved 3 Daksha Bhasker Senior Network Security Architect Disclaimer: Speaker’s Note: Opinions expressed in this talk are the speaker’s and not necessarily those of her employer. Author of ISACA journal article: Balancing the Cyber-security battlefield & ISACA podcast Balanceando el campo de batalla de la seguridad cibernética Blog post: Reducing the gender disparity in cyber security
AGENDA © 2017 ISACA. All Rights Reserved The Cyber-Security Battlefield The Ninja Quest Skills Shortage & Unrecognized Ninjas The “Whys” Finding and retaining the Hidden Security Ninjas Summary 4
© 2017 ISACA. All Rights Reserved “ZANSHIN” 5
© 2017 ISACA. All Rights Reserved CYBER SECURITY BATTLE-FIELD 6 USERs of Technology ATTACKERS Security Professionals •Resourceful •Nation States to Script kiddies • Diverse •Target Group: Everyone • Men, Women, Children • Global, Diverse • Business & Consumers • Generally Homogenous • Male •SKILLS SHORTAGE!!! •Not representative of “target” group profile
© 2017 ISACA. All Rights Reserved SKILLS SHORTAGE 7 “Executive management and boards of directors are now recognizing that cyber security is not just a tech problem, it’s a business problem.” Cyber-security that used to be primarily owned by IT departments of technology companies is now pervasive across most industries Cisco studies reveal there is currently a deficit of 1 million security practitioners. This will increase to 1.5 million by 2019. Globally, 35% of organizations are facing security expertise shortages with security jobs growing at 12 times the rate of the overall job market. As Technology proliferates: https://www.forbes.com/sites/stevemorgan/2016/01/02/one-million-cybersecurity-job-openings-in-2016/#5b73ed327ea2
© 2017 ISACA. All Rights Reserved The Result: Cannot find skills Cannot afford the ninja Poor retention rates Continued focus on male candidates** In the meantime  Pools of talent is being neglected •Women •Non STEM disciplines •Foreign trained candidates  What minimum training can resolve remains untapped SECURITY JOBS TARGET… (THE NINJA QUEST) 8 A Ninja? A geek? A detective? A super hero? A spy cat? ** 65 to 75% of Infosec professionals identify as Caucasian https://iamcybersafe.org/research_millennials/ https://hbr.org/2016/11/how-ceos-can-put-gender-balance-on-the-agenda-at-their-companies
© 2017 ISACA. All Rights Reserved IN THE MEANTIME…THE HIDDEN NINJAS 9 Women comprise ~50% of the global population Women drive 70-80% of all consumer purchasing, The global incomes of women are predicted to reach a staggering $18 trillion by 2018. $12 trillion could be added to global GDP by 2025 by advancing women’s equality. Groups are collectively more intelligent than individuals – The collective intelligence increases as the percentage of women in the group increases. [US Military Studies] Women provide vital contribution to the critical and creative thinking and decision making in the national security apparatus Active Technology Users Economic benefits Intelligence & Defence http://www.mckinsey.com/global-themes/employment-and-growth/how-advancing-womens-equality-can-add-12-trillion-to-global-growth http://ssi.armywarcollege.edu/pubs/parameters/issues/summer_2013/3_haring_article.pdf http://www.ey.com/Publication/vwLUAssets/Women_the_next_emerging_market/$FILE/WomenTheNextEmergingMarket.pdf https://www.forbes.com/sites/bridgetbrennan/2015/01/21/top-10-things-everyone-should-know-about-women-consumers/
© 2017 ISACA. All Rights Reserved 10 People who think differently because of their gender, culture, race or training, attack and defend themselves differently and bring unique value to cyber security teams.  Global diverse attackers and attack tactics need diverse defence tactics
© 2017 ISACA. All Rights Reserved Women are approximately 50% of the global population yet only 11% are represented in the cyber-security profession. 2013 to-date: Percentage stagnates at 11% 56% of the women leave the field midcareer (the reasons are not what you may think) This is double the turnover rate for men. Concentration of women in information security in GRC SO WHAT'S GOING ON? 11 https://iamcybersafe.org/wp-content/uploads/2017/03/WomensReport.pdf http://www.techrepublic.com/article/the-state-of-women-in-technology-15-data-points-you-should-know/
© 2017 ISACA. All Rights Reserved In your organisation, do women participate in developing your security posture and security solutions?  YES  NO  Don’t Know POLL 12
© 2017 ISACA. All Rights Reserved POLL 13 To your knowledge what areas of Cyber-security do women participate in, in your organisation:  Marketing/Strategy/ HR/Education & Training  Security Policy/ Risk Management  Security Engineering/IT Security/Architecture  Security Threat Analysts/SoC  CISO/CTO/CIO/Director  No Women in cyber security  Other
© 2017 ISACA. All Rights Reserved WHY? 14 ..There are many broad socio-cultural issues that pervade our societies and economies across different parts of the world and I will try to keep focused on cyber-security
© 2017 ISACA. All Rights Reserved IMAGE OF CYBER SECURITY INDUSTRY 15 Common Internet Meme…. https://www.slideshare.net/issantx/ntxissacsc3-collin-colleges-security-management-practices-capstone-course-by-rick-brunner
© 2017 ISACA. All Rights Reserved Security is often about Confidentiality Culture of Secrets A secret by definition precludes common knowledge Principles of “Need to know” and “Least Privilege” Threat Intelligence Sharing in Closed circles Security can be seen as adversarial to Functionality and Operational priorities NATURE OF THE SECURITY BUSINESS 16 This makes it difficult for all new-entrants to the field including women
© 2017 ISACA. All Rights Reserved Paula's Principle: Most Women Work Below their Level of Competence LEAKY PIPE IN CYBER SECURITY 17 Source: https://www.youtube.com/watch?v=GVvUNdEPFZI -> http://www.paulaprinciple.com/ https://www.wct-fct.com/images/content-documents/Reports/English/WCT_Needs_Summarized_Needs_Assessment_FINAL__MARCH25_2017.pdf Women’s Confidence  Putting themselves forward  Negotiating Promotions  Negotiating Salaries  Vertical Networking  Choose not to go up  Highly educated women populations not reflected in the workplace
© 2017 ISACA. All Rights Reserved Madam Curie Effect Women Have a tendency to over compensate for being in a male dominated field. Women believe they must become more qualified and develop exceptional ability to compete with men in male-dominated science. PROVE YOURSELF 18 Natural Sciences and Engineering Research Council of Canada, “Women in Science and Engineering in Canada,” November 2010, http://publications.gc.ca/collections/collection_2012/rsgc-serc/NS3-46-2010-eng.pdf https://hbr.org/2014/10/hacking-techs-diversity-problem; https://www.wired.com/2013/11/silicon-valley-isnt-a-meritocracy-and-the-cult-of-the-entrepreneur-holds-people-back/ Prove-it-again! Women often have to provide more evidence of competence than men do to be seen as equally capable, a problem documented in scores of studies on double standards Meritocracy a theory that suggests that the harder you work the farther you go
© 2017 ISACA. All Rights Reserved UNCONSCIOUS BIAS 19 UB Impacts could result in:  Women’s (technical) talents being overlooked  Women not being hired into security roles  Women not being promoted  Fewer leadership & training opportunities  Women being paid less  Biased Performance evaluations •What is Unconscious Bias (UB)? Unconscious bias refers to a bias that we are unaware of, and which happens outside of our control What is Unconscious Bias: https://www.youtube.com/watch?v=dVp9Z5k0dEE Take the Harvard Implicit Association tests to measure your UB
© 2017 ISACA. All Rights Reserved WHAT CAN YOU DO 20
© 2017 ISACA. All Rights Reserved KNOW THE NINJA SKILLS YOU SEEK 21 • NINJAS didn’t go to NINJA School • Most NINJAS do not have formal security education. • Ninja legends are made of self taught skills & experience • Cyber security education programs spawning • Range of Security Certifications •Security spans “People, Process and Technology” •Security requires wide range of domains expertise Types of Undergraduate Degrees held by women in Cybersecurity in Director level or higher positions globally https://iamcybersafe.org/wp-content/uploads/2017/03/WomensReport.pdf
© 2017 ISACA. All Rights Reserved 22 WHAT IS A NINJA CAREER? • Define the security role • Define clear career paths • Be clear about the domain expertise for the Role •Know what skills are teachable •Be flexible on the pre-qualifications •From IT departments to all Industries •Be wary of falling into seeking stereotypes There are numerous domains in security that offer distinct career paths requiring different skills Examples: • Risk Analysis and Management • Cyber threat Analyst • Information Security Auditor • Network Security Architecture • IT systems security engineering • Pen Testers • Personnel Security • Regulatory & Compliance • Many others….
© 2017 ISACA. All Rights Reserved THE WORKPLACE 23 • Establish Business Etiquette in the Workplace • Dismantle “old boys clubs” • No to “Bro-Culture” , hoodies, sweats, flip flops etc. • Zero tolerance for disrespect of women colleagues •Professional Management of Classified Information  Governance of “Need to know” practices  Zero tolerance for information hoarding and exclusion  Corporate Governance for Security departments (Enforce policies for diversity, code of business conduct) http://www.itworldcanada.com/article/fighting-the-boys-club-mentality-in-cyber-security/392477 http://www.itworldcanada.com/article/rsa-2016-women-speak-out-on-the-trials-and-joys-of-infosec-careers/381246
© 2017 ISACA. All Rights Reserved • BE Accountable, HOLD people managers accountable • Maintain statistics, scorecards and metrics on • Distribution of women and diversity in cybersecurity roles • Retention and advancement rates of women over a period of time • Know the skill sets of your talent pool •Incent & Reward • Women to pursue careers in security • Offer opportunities for training & advancement • Reward women with financial remuneration for milestones achieved •Establish exit interviews for women leaving to understand the drivers THE WORKPLACE – NINJA RETENTION 24
© 2017 ISACA. All Rights Reserved Thirty by Thirty – Engineers Canada ADAPTING OTHER PROGRAMS FOR SECURITY 25 Source: https://engineerscanada.ca/sites/default/files/30by30-en.pdf Do similar for CYBER SECURITY
© 2017 ISACA. All Rights Reserved UNCONSCIOUS BIAS 26 Everybody had unconscious bias We cannot cure unconscious bias Can be addressed by self-awareness When hiring for Cyber Security Talent… What is Unconscious Bias: https://www.youtube.com/watch?v=dVp9Z5k0dEE PANEL MEMBERS ARE ENCOURAGED TO:
© 2017 ISACA. All Rights Reserved • Approx 90% of the Security industry are men • Men hold the positions of Rank and Power • Majority of the hiring decisions are made by men • Guidance on succeeding here lies with men • An industry established mentor can • Can help break barriers for the protégé • Create acceptance (even if reluctant) amongst his peer groups. • Can help challenge the prevailing “bro-culture” in the industry • Has a vested interest in the success of his protégé MENTORING 27
© 2017 ISACA. All Rights Reserved • Good for support & information sharing. • Seeking women Role Models • Not effective for Vertical networking yet. • Be wary of driving the gender divide wedge further - Promote gender inclusivity as gender equity is NOT a woman’s issue  A partnership of differences is required for strong security postures  Networks with a good mix of gender and race are the most valuable ROLE OF WOMEN'S NETWORKS 28 https://hbr.org/2017/02/is-it-ok-for-a-bunch-of-men-to-lead-a-women-in-the-workforce-initiative
© 2017 ISACA. All Rights Reserved Zanshin (Japanese: 残心) is a state of Awareness, of Relaxed Alertness  Awareness of the state of the cyber security battlefield  Awareness of Image of the industry, the hype, the closed information circles and cliques  Awareness of the hidden security ninjas Security Talent potential is Everywhere  Be aware of the skills required Set clear career paths  Consider women & diversity for balanced teams  Raise/Train new Ninjas and Retain them Self-Awareness for Unconscious Bias SUMMARY - BRING OUT THE HIDDEN SECURITY NINJAS 29 Balancing the battlefield in cyber- security is NOT a woman’s issue In cyber security diversity benefits everyone. Achieve better:  Economic results,  Intelligence outcomes  Overcome skills shortage  Achieve stronger security postures https://hbr.org/2017/02/is-it-ok-for-a-bunch-of-men-to-lead-a-women-in-the-workforce-initiative
© 2017 ISACA. All Rights Reserved Considering the information shared today, what are you likely to do differently:  Pay specific attention to support and encourage women in cyber security  Recruit from various education disciplines & skills into security roles  Create clear job descriptions and succinct career paths for security roles  Be aware of Unconscious bias in self and others  Be a mentor or Seek a mentor  Other  Nothing POLL 30
© 2017 ISACA. All Rights Reserved Daksha Bhasker daksha.bhasker@bell.ca bdaksha@yahoo.com SPEAKERS (NINJA) CONTACT 31 ISACA journal article: Balancing the Cyber-security battlefield Balanceando el campo de batalla de la seguridad cibernética Blog post: Reducing the gender disparity in cyber security & ISACA : podcast
Questions? © 2017 ISACA. All Rights Reserved 32
THIS TRAINING CONTENT (“CONTENT”) IS PROVIDED TO YOU WITHOUT WARRANTY, “AS IS” AND “WITH ALL FAULTS.” ISACA MAKES NO REPRESENTATIONS OR WARRANTIES EXPRESS OR IMPLIED, INCLUDING THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR PERFORMANCE, AND NON- INFRINGEMENT, ALL OF WHICH ARE HEREBY EXPRESSLY DISCLAIMED. YOU ASSUME THE ENTIRE RISK FOR USE OF THE CONTENT AND ACKNOWLEDGE THAT: ISACA HAS DESIGNED THE CONTENT PRIMARILY AS AN EDUCATIONAL RESOURCE FOR IT PROFESSIONALS AND THEREFORE THE CONTENT SHOULD NOT BE DEEMED EITHER TO SET FORTH ALL APPROPRIATE PROCEDURES, TESTS, OR CONTROLS OR TO SUGGEST THAT OTHER PROCEDURES, TESTS, OR CONTROLS THAT ARE NOT INCLUDED MAY NOT BE APPROPRIATE; ISACA DOES NOT CLAIM THAT USE OF THE CONTENT WILLASSURE A SUCCESSFUL OUTCOME AND YOU ARE RESPONSIBLE FOR APPLYING PROFESSIONAL JUDGMENT TO THE SPECIFIC CIRCUMSTANCES PRESENTED TO DETERMINING THE APPROPRIATE PROCEDURES, TESTS, OR CONTROLS. Copyright © 2017 by the Information Systems Audit and Control Association, Inc. (ISACA). All rights reserved. This webinar may not be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system, or transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise). © 2017 ISACA. All Rights Reserved 33
© 2017 ISACA. All Rights Reserved THANK YOU FOR ATTENDING THIS WEBINAR

Recommended

India's Leading Cyber Security Companies_compressed.pdf
India's Leading Cyber Security Companies_compressed.pdfIndia's Leading Cyber Security Companies_compressed.pdf
India's Leading Cyber Security Companies_compressed.pdfInsights success media and technology pvt ltd
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletterDominic Vogel
 
2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class OneFRSecure
 
Opening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital FutureOpening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital FutureSecurity Innovation
 
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the SilosNeil Curran MSc CISSP CRISC CGEIT CISM CISA
 
Security beyond compliance
Security beyond complianceSecurity beyond compliance
Security beyond complianceParakum Pathirana
 
Opi cyber talk for executives
Opi cyber talk for executivesOpi cyber talk for executives
Opi cyber talk for executivesExpressworks International
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazineBradford Sims
 

Recommended

India's Leading Cyber Security Companies_compressed.pdf
India's Leading Cyber Security Companies_compressed.pdfIndia's Leading Cyber Security Companies_compressed.pdf
India's Leading Cyber Security Companies_compressed.pdfInsights success media and technology pvt ltd
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletterDominic Vogel
 
2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class One2019 FRSecure CISSP Mentor Program: Class One
2019 FRSecure CISSP Mentor Program: Class OneFRSecure
 
Opening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital FutureOpening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital FutureSecurity Innovation
 
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the SilosNeil Curran MSc CISSP CRISC CGEIT CISM CISA
 
Security beyond compliance
Security beyond complianceSecurity beyond compliance
Security beyond complianceParakum Pathirana
 
Opi cyber talk for executives
Opi cyber talk for executivesOpi cyber talk for executives
Opi cyber talk for executivesExpressworks International
 
40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazine40 under 40 in cybersecurity. top cyber news magazine
40 under 40 in cybersecurity. top cyber news magazineBradford Sims
 
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINETopCyberNewsMAGAZINE
 
The Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdf
The Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdfThe Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdf
The Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdfInsightsSuccess4
 
What's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityWhat's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityRow Murray
 
10 Most Influential Leaders in Cybersecurity 2023.pdf
10 Most Influential Leaders in Cybersecurity 2023.pdf10 Most Influential Leaders in Cybersecurity 2023.pdf
10 Most Influential Leaders in Cybersecurity 2023.pdfCIO Look Magazine
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
The Most Impactful Women in Cybersecurity For 2024.pdf
The Most Impactful Women in Cybersecurity For 2024.pdfThe Most Impactful Women in Cybersecurity For 2024.pdf
The Most Impactful Women in Cybersecurity For 2024.pdfthesiliconleaders
 
Effectiveness of Cyber Security Awareness.pdf
Effectiveness of Cyber Security Awareness.pdfEffectiveness of Cyber Security Awareness.pdf
Effectiveness of Cyber Security Awareness.pdfChinatu Uzuegbu
 
Insights from 2016 Cyberthreat Defense Report
Insights from 2016 Cyberthreat Defense ReportInsights from 2016 Cyberthreat Defense Report
Insights from 2016 Cyberthreat Defense ReportStephanie Brannan
 
Cyber Diversity Framework
Cyber Diversity FrameworkCyber Diversity Framework
Cyber Diversity FrameworkKeith Chapman
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaEdureka!
 
Do You Manage Software? Understanding Your Role in Cybersecurity Defense
Do You Manage Software? Understanding Your Role in Cybersecurity DefenseDo You Manage Software? Understanding Your Role in Cybersecurity Defense
Do You Manage Software? Understanding Your Role in Cybersecurity DefenseFlexera
 
Women in security_ Is the tide turning_ - Print Article - SC Magazine UK
Women in security_ Is the tide turning_ - Print Article - SC Magazine UKWomen in security_ Is the tide turning_ - Print Article - SC Magazine UK
Women in security_ Is the tide turning_ - Print Article - SC Magazine UKCaroline Rivett
 
Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Matthew Rosenquist
 
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...NetworkCollaborators
 
GITA March 2015 Newsletter
GITA March 2015 NewsletterGITA March 2015 Newsletter
GITA March 2015 NewsletterKevin Moore MSIT, MISM
 
Cisco Connect 2018 Singapore - Changing the Security Equation
Cisco Connect 2018 Singapore - Changing the Security EquationCisco Connect 2018 Singapore - Changing the Security Equation
Cisco Connect 2018 Singapore - Changing the Security EquationNetworkCollaborators
 
Cyber security brochure(1)
Cyber security brochure(1)Cyber security brochure(1)
Cyber security brochure(1)Aegis School Of Business
 
Cybersecurity Talent : The Big Gap in Cyber Protection
Cybersecurity Talent : The Big Gap in Cyber ProtectionCybersecurity Talent : The Big Gap in Cyber Protection
Cybersecurity Talent : The Big Gap in Cyber ProtectionCapgemini
 
Influential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO LookInfluential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO LookCIO Look Magazine
 
ScotSecure 2020
ScotSecure 2020ScotSecure 2020
ScotSecure 2020Ray Bugg
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

More Related Content

Similar to ISACA_Bringing out the hidden security Ninjas

40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINETopCyberNewsMAGAZINE
 
The Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdf
The Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdfThe Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdf
The Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdfInsightsSuccess4
 
What's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityWhat's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityRow Murray
 
10 Most Influential Leaders in Cybersecurity 2023.pdf
10 Most Influential Leaders in Cybersecurity 2023.pdf10 Most Influential Leaders in Cybersecurity 2023.pdf
10 Most Influential Leaders in Cybersecurity 2023.pdfCIO Look Magazine
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsUlf Mattsson
 
The Most Impactful Women in Cybersecurity For 2024.pdf
The Most Impactful Women in Cybersecurity For 2024.pdfThe Most Impactful Women in Cybersecurity For 2024.pdf
The Most Impactful Women in Cybersecurity For 2024.pdfthesiliconleaders
 
Effectiveness of Cyber Security Awareness.pdf
Effectiveness of Cyber Security Awareness.pdfEffectiveness of Cyber Security Awareness.pdf
Effectiveness of Cyber Security Awareness.pdfChinatu Uzuegbu
 
Insights from 2016 Cyberthreat Defense Report
Insights from 2016 Cyberthreat Defense ReportInsights from 2016 Cyberthreat Defense Report
Insights from 2016 Cyberthreat Defense ReportStephanie Brannan
 
Cyber Diversity Framework
Cyber Diversity FrameworkCyber Diversity Framework
Cyber Diversity FrameworkKeith Chapman
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaEdureka!
 
Do You Manage Software? Understanding Your Role in Cybersecurity Defense
Do You Manage Software? Understanding Your Role in Cybersecurity DefenseDo You Manage Software? Understanding Your Role in Cybersecurity Defense
Do You Manage Software? Understanding Your Role in Cybersecurity DefenseFlexera
 
Women in security_ Is the tide turning_ - Print Article - SC Magazine UK
Women in security_ Is the tide turning_ - Print Article - SC Magazine UKWomen in security_ Is the tide turning_ - Print Article - SC Magazine UK
Women in security_ Is the tide turning_ - Print Article - SC Magazine UKCaroline Rivett
 
Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Matthew Rosenquist
 
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...NetworkCollaborators
 
Cisco Connect 2018 Singapore - Changing the Security Equation
Cisco Connect 2018 Singapore - Changing the Security EquationCisco Connect 2018 Singapore - Changing the Security Equation
Cisco Connect 2018 Singapore - Changing the Security EquationNetworkCollaborators
 
Cybersecurity Talent : The Big Gap in Cyber Protection
Cybersecurity Talent : The Big Gap in Cyber ProtectionCybersecurity Talent : The Big Gap in Cyber Protection
Cybersecurity Talent : The Big Gap in Cyber ProtectionCapgemini
 
Influential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO LookInfluential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO LookCIO Look Magazine
 
ScotSecure 2020
ScotSecure 2020ScotSecure 2020
ScotSecure 2020Ray Bugg
 

Similar to ISACA_Bringing out the hidden security Ninjas (20)

40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
 
The Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdf
The Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdfThe Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdf
The Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdf
 
What's Hot In IT - Cybersecurity
What's Hot In IT - CybersecurityWhat's Hot In IT - Cybersecurity
What's Hot In IT - Cybersecurity
 
10 Most Influential Leaders in Cybersecurity 2023.pdf
10 Most Influential Leaders in Cybersecurity 2023.pdf10 Most Influential Leaders in Cybersecurity 2023.pdf
10 Most Influential Leaders in Cybersecurity 2023.pdf
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 
The Most Impactful Women in Cybersecurity For 2024.pdf
The Most Impactful Women in Cybersecurity For 2024.pdfThe Most Impactful Women in Cybersecurity For 2024.pdf
The Most Impactful Women in Cybersecurity For 2024.pdf
 
Effectiveness of Cyber Security Awareness.pdf
Effectiveness of Cyber Security Awareness.pdfEffectiveness of Cyber Security Awareness.pdf
Effectiveness of Cyber Security Awareness.pdf
 
Insights from 2016 Cyberthreat Defense Report
Insights from 2016 Cyberthreat Defense ReportInsights from 2016 Cyberthreat Defense Report
Insights from 2016 Cyberthreat Defense Report
 
Cyber Diversity Framework
Cyber Diversity FrameworkCyber Diversity Framework
Cyber Diversity Framework
 
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaTop 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka
 
Do You Manage Software? Understanding Your Role in Cybersecurity Defense
Do You Manage Software? Understanding Your Role in Cybersecurity DefenseDo You Manage Software? Understanding Your Role in Cybersecurity Defense
Do You Manage Software? Understanding Your Role in Cybersecurity Defense
 
Women in security_ Is the tide turning_ - Print Article - SC Magazine UK
Women in security_ Is the tide turning_ - Print Article - SC Magazine UKWomen in security_ Is the tide turning_ - Print Article - SC Magazine UK
Women in security_ Is the tide turning_ - Print Article - SC Magazine UK
 
Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022Top Cyber News Magazine - Oct 2022
Top Cyber News Magazine - Oct 2022
 
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
Cisco Connect 2018 Thailand - Changing the security equation demetris booth_c...
 
GITA March 2015 Newsletter
GITA March 2015 NewsletterGITA March 2015 Newsletter
GITA March 2015 Newsletter
 
Cisco Connect 2018 Singapore - Changing the Security Equation
Cisco Connect 2018 Singapore - Changing the Security EquationCisco Connect 2018 Singapore - Changing the Security Equation
Cisco Connect 2018 Singapore - Changing the Security Equation
 
Cyber security brochure(1)
Cyber security brochure(1)Cyber security brochure(1)
Cyber security brochure(1)
 
Cybersecurity Talent : The Big Gap in Cyber Protection
Cybersecurity Talent : The Big Gap in Cyber ProtectionCybersecurity Talent : The Big Gap in Cyber Protection
Cybersecurity Talent : The Big Gap in Cyber Protection
 
Influential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO LookInfluential Business Leaders in Security services | CIO Look
Influential Business Leaders in Security services | CIO Look
 
ScotSecure 2020
ScotSecure 2020ScotSecure 2020
ScotSecure 2020
 

Recently uploaded

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Recently uploaded (20)

Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 

ISACA_Bringing out the hidden security Ninjas

  • 1. © 2017 ISACA. All Rights Reserved BRINGING OUT THE HIDDEN SECURITY NINJAS Daksha Bhasker, Senior Network Security Architect, Bell Canada 18 May 2017
  • 2. WELCOME • Have a question for the speaker? Text it in using the Ask A Question button! • Audio is streamed over your computer • Technical issues? Click the ? button • Use the Feedback button to share your feedback about today’s event • Questions or suggestions? Visit https://support.isaca.org Use the Attachments Button to find the following: • PDF Copy of today’s presentation • Link to the Event Home Page where ISACA members can find the CPE Quiz • Upcoming ISACA Events • More assets from today’s webcast © 2017 ISACA. All Rights Reserved 2
  • 3. TODAY’S SPEAKER © 2017 ISACA. All Rights Reserved 3 Daksha Bhasker Senior Network Security Architect Disclaimer: Speaker’s Note: Opinions expressed in this talk are the speaker’s and not necessarily those of her employer. Author of ISACA journal article: Balancing the Cyber-security battlefield & ISACA podcast Balanceando el campo de batalla de la seguridad cibernética Blog post: Reducing the gender disparity in cyber security
  • 4. AGENDA © 2017 ISACA. All Rights Reserved The Cyber-Security Battlefield The Ninja Quest Skills Shortage & Unrecognized Ninjas The “Whys” Finding and retaining the Hidden Security Ninjas Summary 4
  • 5. © 2017 ISACA. All Rights Reserved “ZANSHIN” 5
  • 6. © 2017 ISACA. All Rights Reserved CYBER SECURITY BATTLE-FIELD 6 USERs of Technology ATTACKERS Security Professionals •Resourceful •Nation States to Script kiddies • Diverse •Target Group: Everyone • Men, Women, Children • Global, Diverse • Business & Consumers • Generally Homogenous • Male •SKILLS SHORTAGE!!! •Not representative of “target” group profile
  • 7. © 2017 ISACA. All Rights Reserved SKILLS SHORTAGE 7 “Executive management and boards of directors are now recognizing that cyber security is not just a tech problem, it’s a business problem.” Cyber-security that used to be primarily owned by IT departments of technology companies is now pervasive across most industries Cisco studies reveal there is currently a deficit of 1 million security practitioners. This will increase to 1.5 million by 2019. Globally, 35% of organizations are facing security expertise shortages with security jobs growing at 12 times the rate of the overall job market. As Technology proliferates: https://www.forbes.com/sites/stevemorgan/2016/01/02/one-million-cybersecurity-job-openings-in-2016/#5b73ed327ea2
  • 8. © 2017 ISACA. All Rights Reserved The Result: Cannot find skills Cannot afford the ninja Poor retention rates Continued focus on male candidates** In the meantime  Pools of talent is being neglected •Women •Non STEM disciplines •Foreign trained candidates  What minimum training can resolve remains untapped SECURITY JOBS TARGET… (THE NINJA QUEST) 8 A Ninja? A geek? A detective? A super hero? A spy cat? ** 65 to 75% of Infosec professionals identify as Caucasian https://iamcybersafe.org/research_millennials/ https://hbr.org/2016/11/how-ceos-can-put-gender-balance-on-the-agenda-at-their-companies
  • 9. © 2017 ISACA. All Rights Reserved IN THE MEANTIME…THE HIDDEN NINJAS 9 Women comprise ~50% of the global population Women drive 70-80% of all consumer purchasing, The global incomes of women are predicted to reach a staggering $18 trillion by 2018. $12 trillion could be added to global GDP by 2025 by advancing women’s equality. Groups are collectively more intelligent than individuals – The collective intelligence increases as the percentage of women in the group increases. [US Military Studies] Women provide vital contribution to the critical and creative thinking and decision making in the national security apparatus Active Technology Users Economic benefits Intelligence & Defence http://www.mckinsey.com/global-themes/employment-and-growth/how-advancing-womens-equality-can-add-12-trillion-to-global-growth http://ssi.armywarcollege.edu/pubs/parameters/issues/summer_2013/3_haring_article.pdf http://www.ey.com/Publication/vwLUAssets/Women_the_next_emerging_market/$FILE/WomenTheNextEmergingMarket.pdf https://www.forbes.com/sites/bridgetbrennan/2015/01/21/top-10-things-everyone-should-know-about-women-consumers/
  • 10. © 2017 ISACA. All Rights Reserved 10 People who think differently because of their gender, culture, race or training, attack and defend themselves differently and bring unique value to cyber security teams.  Global diverse attackers and attack tactics need diverse defence tactics
  • 11. © 2017 ISACA. All Rights Reserved Women are approximately 50% of the global population yet only 11% are represented in the cyber-security profession. 2013 to-date: Percentage stagnates at 11% 56% of the women leave the field midcareer (the reasons are not what you may think) This is double the turnover rate for men. Concentration of women in information security in GRC SO WHAT'S GOING ON? 11 https://iamcybersafe.org/wp-content/uploads/2017/03/WomensReport.pdf http://www.techrepublic.com/article/the-state-of-women-in-technology-15-data-points-you-should-know/
  • 12. © 2017 ISACA. All Rights Reserved In your organisation, do women participate in developing your security posture and security solutions?  YES  NO  Don’t Know POLL 12
  • 13. © 2017 ISACA. All Rights Reserved POLL 13 To your knowledge what areas of Cyber-security do women participate in, in your organisation:  Marketing/Strategy/ HR/Education & Training  Security Policy/ Risk Management  Security Engineering/IT Security/Architecture  Security Threat Analysts/SoC  CISO/CTO/CIO/Director  No Women in cyber security  Other
  • 14. © 2017 ISACA. All Rights Reserved WHY? 14 ..There are many broad socio-cultural issues that pervade our societies and economies across different parts of the world and I will try to keep focused on cyber-security
  • 15. © 2017 ISACA. All Rights Reserved IMAGE OF CYBER SECURITY INDUSTRY 15 Common Internet Meme…. https://www.slideshare.net/issantx/ntxissacsc3-collin-colleges-security-management-practices-capstone-course-by-rick-brunner
  • 16. © 2017 ISACA. All Rights Reserved Security is often about Confidentiality Culture of Secrets A secret by definition precludes common knowledge Principles of “Need to know” and “Least Privilege” Threat Intelligence Sharing in Closed circles Security can be seen as adversarial to Functionality and Operational priorities NATURE OF THE SECURITY BUSINESS 16 This makes it difficult for all new-entrants to the field including women
  • 17. © 2017 ISACA. All Rights Reserved Paula's Principle: Most Women Work Below their Level of Competence LEAKY PIPE IN CYBER SECURITY 17 Source: https://www.youtube.com/watch?v=GVvUNdEPFZI -> http://www.paulaprinciple.com/ https://www.wct-fct.com/images/content-documents/Reports/English/WCT_Needs_Summarized_Needs_Assessment_FINAL__MARCH25_2017.pdf Women’s Confidence  Putting themselves forward  Negotiating Promotions  Negotiating Salaries  Vertical Networking  Choose not to go up  Highly educated women populations not reflected in the workplace
  • 18. © 2017 ISACA. All Rights Reserved Madam Curie Effect Women Have a tendency to over compensate for being in a male dominated field. Women believe they must become more qualified and develop exceptional ability to compete with men in male-dominated science. PROVE YOURSELF 18 Natural Sciences and Engineering Research Council of Canada, “Women in Science and Engineering in Canada,” November 2010, http://publications.gc.ca/collections/collection_2012/rsgc-serc/NS3-46-2010-eng.pdf https://hbr.org/2014/10/hacking-techs-diversity-problem; https://www.wired.com/2013/11/silicon-valley-isnt-a-meritocracy-and-the-cult-of-the-entrepreneur-holds-people-back/ Prove-it-again! Women often have to provide more evidence of competence than men do to be seen as equally capable, a problem documented in scores of studies on double standards Meritocracy a theory that suggests that the harder you work the farther you go
  • 19. © 2017 ISACA. All Rights Reserved UNCONSCIOUS BIAS 19 UB Impacts could result in:  Women’s (technical) talents being overlooked  Women not being hired into security roles  Women not being promoted  Fewer leadership & training opportunities  Women being paid less  Biased Performance evaluations •What is Unconscious Bias (UB)? Unconscious bias refers to a bias that we are unaware of, and which happens outside of our control What is Unconscious Bias: https://www.youtube.com/watch?v=dVp9Z5k0dEE Take the Harvard Implicit Association tests to measure your UB
  • 20. © 2017 ISACA. All Rights Reserved WHAT CAN YOU DO 20
  • 21. © 2017 ISACA. All Rights Reserved KNOW THE NINJA SKILLS YOU SEEK 21 • NINJAS didn’t go to NINJA School • Most NINJAS do not have formal security education. • Ninja legends are made of self taught skills & experience • Cyber security education programs spawning • Range of Security Certifications •Security spans “People, Process and Technology” •Security requires wide range of domains expertise Types of Undergraduate Degrees held by women in Cybersecurity in Director level or higher positions globally https://iamcybersafe.org/wp-content/uploads/2017/03/WomensReport.pdf
  • 22. © 2017 ISACA. All Rights Reserved 22 WHAT IS A NINJA CAREER? • Define the security role • Define clear career paths • Be clear about the domain expertise for the Role •Know what skills are teachable •Be flexible on the pre-qualifications •From IT departments to all Industries •Be wary of falling into seeking stereotypes There are numerous domains in security that offer distinct career paths requiring different skills Examples: • Risk Analysis and Management • Cyber threat Analyst • Information Security Auditor • Network Security Architecture • IT systems security engineering • Pen Testers • Personnel Security • Regulatory & Compliance • Many others….
  • 23. © 2017 ISACA. All Rights Reserved THE WORKPLACE 23 • Establish Business Etiquette in the Workplace • Dismantle “old boys clubs” • No to “Bro-Culture” , hoodies, sweats, flip flops etc. • Zero tolerance for disrespect of women colleagues •Professional Management of Classified Information  Governance of “Need to know” practices  Zero tolerance for information hoarding and exclusion  Corporate Governance for Security departments (Enforce policies for diversity, code of business conduct) http://www.itworldcanada.com/article/fighting-the-boys-club-mentality-in-cyber-security/392477 http://www.itworldcanada.com/article/rsa-2016-women-speak-out-on-the-trials-and-joys-of-infosec-careers/381246
  • 24. © 2017 ISACA. All Rights Reserved • BE Accountable, HOLD people managers accountable • Maintain statistics, scorecards and metrics on • Distribution of women and diversity in cybersecurity roles • Retention and advancement rates of women over a period of time • Know the skill sets of your talent pool •Incent & Reward • Women to pursue careers in security • Offer opportunities for training & advancement • Reward women with financial remuneration for milestones achieved •Establish exit interviews for women leaving to understand the drivers THE WORKPLACE – NINJA RETENTION 24
  • 25. © 2017 ISACA. All Rights Reserved Thirty by Thirty – Engineers Canada ADAPTING OTHER PROGRAMS FOR SECURITY 25 Source: https://engineerscanada.ca/sites/default/files/30by30-en.pdf Do similar for CYBER SECURITY
  • 26. © 2017 ISACA. All Rights Reserved UNCONSCIOUS BIAS 26 Everybody had unconscious bias We cannot cure unconscious bias Can be addressed by self-awareness When hiring for Cyber Security Talent… What is Unconscious Bias: https://www.youtube.com/watch?v=dVp9Z5k0dEE PANEL MEMBERS ARE ENCOURAGED TO:
  • 27. © 2017 ISACA. All Rights Reserved • Approx 90% of the Security industry are men • Men hold the positions of Rank and Power • Majority of the hiring decisions are made by men • Guidance on succeeding here lies with men • An industry established mentor can • Can help break barriers for the protégé • Create acceptance (even if reluctant) amongst his peer groups. • Can help challenge the prevailing “bro-culture” in the industry • Has a vested interest in the success of his protégé MENTORING 27
  • 28. © 2017 ISACA. All Rights Reserved • Good for support & information sharing. • Seeking women Role Models • Not effective for Vertical networking yet. • Be wary of driving the gender divide wedge further - Promote gender inclusivity as gender equity is NOT a woman’s issue  A partnership of differences is required for strong security postures  Networks with a good mix of gender and race are the most valuable ROLE OF WOMEN'S NETWORKS 28 https://hbr.org/2017/02/is-it-ok-for-a-bunch-of-men-to-lead-a-women-in-the-workforce-initiative
  • 29. © 2017 ISACA. All Rights Reserved Zanshin (Japanese: 残心) is a state of Awareness, of Relaxed Alertness  Awareness of the state of the cyber security battlefield  Awareness of Image of the industry, the hype, the closed information circles and cliques  Awareness of the hidden security ninjas Security Talent potential is Everywhere  Be aware of the skills required Set clear career paths  Consider women & diversity for balanced teams  Raise/Train new Ninjas and Retain them Self-Awareness for Unconscious Bias SUMMARY - BRING OUT THE HIDDEN SECURITY NINJAS 29 Balancing the battlefield in cyber- security is NOT a woman’s issue In cyber security diversity benefits everyone. Achieve better:  Economic results,  Intelligence outcomes  Overcome skills shortage  Achieve stronger security postures https://hbr.org/2017/02/is-it-ok-for-a-bunch-of-men-to-lead-a-women-in-the-workforce-initiative
  • 30. © 2017 ISACA. All Rights Reserved Considering the information shared today, what are you likely to do differently:  Pay specific attention to support and encourage women in cyber security  Recruit from various education disciplines & skills into security roles  Create clear job descriptions and succinct career paths for security roles  Be aware of Unconscious bias in self and others  Be a mentor or Seek a mentor  Other  Nothing POLL 30
  • 31. © 2017 ISACA. All Rights Reserved Daksha Bhasker daksha.bhasker@bell.ca bdaksha@yahoo.com SPEAKERS (NINJA) CONTACT 31 ISACA journal article: Balancing the Cyber-security battlefield Balanceando el campo de batalla de la seguridad cibernética Blog post: Reducing the gender disparity in cyber security & ISACA : podcast
  • 32. Questions? © 2017 ISACA. All Rights Reserved 32
  • 33. THIS TRAINING CONTENT (“CONTENT”) IS PROVIDED TO YOU WITHOUT WARRANTY, “AS IS” AND “WITH ALL FAULTS.” ISACA MAKES NO REPRESENTATIONS OR WARRANTIES EXPRESS OR IMPLIED, INCLUDING THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR PERFORMANCE, AND NON- INFRINGEMENT, ALL OF WHICH ARE HEREBY EXPRESSLY DISCLAIMED. YOU ASSUME THE ENTIRE RISK FOR USE OF THE CONTENT AND ACKNOWLEDGE THAT: ISACA HAS DESIGNED THE CONTENT PRIMARILY AS AN EDUCATIONAL RESOURCE FOR IT PROFESSIONALS AND THEREFORE THE CONTENT SHOULD NOT BE DEEMED EITHER TO SET FORTH ALL APPROPRIATE PROCEDURES, TESTS, OR CONTROLS OR TO SUGGEST THAT OTHER PROCEDURES, TESTS, OR CONTROLS THAT ARE NOT INCLUDED MAY NOT BE APPROPRIATE; ISACA DOES NOT CLAIM THAT USE OF THE CONTENT WILLASSURE A SUCCESSFUL OUTCOME AND YOU ARE RESPONSIBLE FOR APPLYING PROFESSIONAL JUDGMENT TO THE SPECIFIC CIRCUMSTANCES PRESENTED TO DETERMINING THE APPROPRIATE PROCEDURES, TESTS, OR CONTROLS. Copyright © 2017 by the Information Systems Audit and Control Association, Inc. (ISACA). All rights reserved. This webinar may not be used, copied, reproduced, modified, distributed, displayed, stored in a retrieval system, or transmitted in any form by any means (electronic, mechanical, photocopying, recording or otherwise). © 2017 ISACA. All Rights Reserved 33
  • 34. © 2017 ISACA. All Rights Reserved THANK YOU FOR ATTENDING THIS WEBINAR