The 10 Most Influential People in Cyber Security, 2023.pdf
Women in security_ Is the tide turning_ - Print Article - SC Magazine UK
1. Women in security: Is the tide turning? - Print Article - SC Magazine UK
http://www.scmagazineuk.com/women-in-security-is-the-tide-turning/printarticle/422238/[01/07/2015 23:00:19]
Doug Drinkwater, Senior Reporter
July 01, 2015
Features
Women in security: Is the tide turning?
Share this article:
facebook
twitter
linkedin
google
Comments
Email
Print
The lack of women in information security is a constant topic of conversation and debate but, as Doug Drinkwater
reports, changes are afoot
Is the tide turning?
While there are conflicting views on what should be done to improve the number of women in security, there is
consensus on the root cause – too few women take computer courses.
Late last year, SC analysis of UCAS undergraduate acceptances revealed that just one in every 10,000 women in the UK
undertakes computer-science degrees, with professors suggesting that this figure drops further as students switch
courses in their second and third years. There's a perception too that students of both genders would rather build the
next Facebook than a next-gen firewall.
In 2013 Frost & Sullivan found women represented 11 percent of the information security industry - while recruitment
agency BeecherMadden put the figure at 14 percent in 2015.
Closing the gap
There are several support groups, including the (ISC)² Women in Security, the Women's Security Society, the Fraud
Women's Network and Executive Women's Forum (in the US), as well as one-day events organised by Cyber Security
Challenge. Some large companies, including KPMG and EY, have implemented their own networking groups, while
Google has given grants for female ethical hackers to attend security conferences.
More generally on the skills gap, we've seen the proposed new computer science GCSE (with cyber-security a key
element) and the introduction of GCHQ-certified post-graduate degrees. Cyber-security is moving mainstream in
education – and that must help young women, too.
Where's the problem?
2. Women in security: Is the tide turning? - Print Article - SC Magazine UK
http://www.scmagazineuk.com/women-in-security-is-the-tide-turning/printarticle/422238/[01/07/2015 23:00:19]
TOP TIPS FOR WOMEN
IN SECURITY:
“Brave social media –
the infosec community online
is incredibly supportive,”
says Clarke.
“Build a good network of
fellow infosec professionals of all
genders that you can learn and
seek mutual support from,”
says Fielding. “Also, keep up
with soft skills like influencing,
negotiating and management
as much as technical
knowledge.”
“Don't limit yourself,”
says Barker. “You might not
think you tick every box on
a job application or know
enough to speak at a
conference, but if you don't
put yourself forward and have
faith in yourself,
who will?”
“Be yourself and be
positive about your own
capability,” says Richardson.
“Believe in yourself,” concurs
Angelopoulou.
“If you are not getting
promoted where you are,
move jobs. It's OK to move
every 18 months to three years,”
says Jobling.
Despite this, some say that, if women are to be enticed into this industry -
fixes are needed in education, and in society. “To get to the root of the
problem, we have to engage kids in school,” says Barbara Nelson, general
manager and vice president at Imation Mobile Security, in a blog post.
“My love of maths led to great jobs in security; I was very lucky that early
on I was shown how I might apply my passion in many different industries.
That's where we are missing a trick. Rather than trying to get kids excited
about maths, we need to paint a picture of what maths, and related sciences,
make possible.”
Angela Knox, director of engineering at Cloudmark, believes more can be
done at school level: “I'd like to see computer science, including IT
security, added to the school curriculum for both secondary and primary
school children. This is the best way to introduce this awesome career
opportunity to a diverse group of both male and female children as well
children from lower socio-economic backgrounds.”
Many women fall into security by chance. Cyber-security consultant Dr
Jessica Barker, says that a lot of young women view security as a “male
subject” which is “quite complicated”. “If I hadn't been approached for a
job, I probably wouldn't have thought about it,” she admits.
This, according to Dr Christopher Richardson, head of the cyber-security
unit at Bournemouth University, is proof that the problem lies with
society:
“It's not a STEM problem, it's a social problem…we've lost them before
they even get to university. They don't realise about [cyber-security],
there's a perception that it is geeky and for boys.”
He says that some of his finest students have been women, graduating with
first-class honours degrees and going on to jobs like penetration testing or
in consultancy. But he questions whether this societal issue also relates to
how these courses are taught at a young age.
Dr Olga Angelopoulou is senior lecturer of digital forensics at the
University of Derby, and she believes that female students often don't trust
their own abilities. Citing her university's findings, that female digital
forensics students often drop out in the second year to pursue psychology,
criminality or other computing courses, she says: “In the second years, a lot
of them give up. I guess the competition, especially in an area where boys
are very passionate, can be stressful for the girls, who may feel that they
can't compete…Boys see it as a hobby which becomes a profession.” She
adds that those who did persevere would usually end up with “very good
marks”.
Jennifer Steffens, CEO of security firm IOActive, has been in the industry
for more than 15 years, and suggests this cultural problem could take time
to fix: “I think that culturally we don't encourage girls to get involved with
technology at a young age. Security is a very demanding and often critical industry so it can be difficult to break into
later in life, regardless of gender. Breaking down the gender biases for kids will have a long term positive impact for
the field.”
Knox agrees: “The low percentage of women working in security is a reflection of the same issue within the field of
3. Women in security: Is the tide turning? - Print Article - SC Magazine UK
http://www.scmagazineuk.com/women-in-security-is-the-tide-turning/printarticle/422238/[01/07/2015 23:00:19]
computer science. The main cause is marketing and messaging about what the job involves and who can do it. The
graphs for computer science are evidence of this: the percentage of women studying computer science started falling
when computers were marketed to consumers. Male children were chosen as the target market, which resulted in male
children having more access to computers than female children. As they grew older, at university level, men had more
experience with programming than women.
Less sexism, better pay
Speakers acknowledge they've suffered from sexism in the past, but are not sure that it happens much now. KPMG's
Caroline Rivett has worked in security in two career stints, currently residing in the Information Protection and
Business Resilience (IPBR) team. “I see a lot less discrimination – I think people are more aware of their biases, either
consciously or subconsciously,” she says.
Sarah Clarke, managing director of consultancy Infospectives, has worked in the security industry for 14 years, and she
believes that the tide is turning away from male ‘elitism'. “These days, in bigger firms, managers need the right kind of
analytical and logical mind to quickly grasp technical concepts, but political, strategic and risk sense are far more vital
to get security to the place it needs to be in businesses and keep it there. [This is] a far less daunting career prospect for
highly effective female staff coming up through other areas in the business.”
Rowenna Fielding, information governance manager for the Alzheimer's Society and committee member for the Data
Protection Forum, agrees that the view of what an IT security manager should look like is changing: “I think that as
essential elements of psychology, communications skills and business-savvy are becoming more widely recognised as
critical to information security. The traditional view of the security pro as a scruffy male hacker is changing to a more
professional and gender-neutral role within the business environment.
“With the realisation that there is more to infosec than writing clever exploit code has also come the understanding that
the role of the infosec professional benefits from diversity in skills, abilities and focus - as well as gender. This is now
levelling the playing-field for women who no longer have to compete with the outdated perceptions about suitability for
the role.”
KPMG director Caroline Rivett and cyber-security manager Janina Herrmann are part of the consultancy's 100-strong
‘Women in security' group, focusing on retaining female members in the IPBR team, through networking, awareness
4. Women in security: Is the tide turning? - Print Article - SC Magazine UK
http://www.scmagazineuk.com/women-in-security-is-the-tide-turning/printarticle/422238/[01/07/2015 23:00:19]
sessions, mentoring and speaking. The firm advocates transferable skills rather than having to “fit a certain mould”,
even if Herrmann admits there remains a challenge with diversity at senior level.
“We need to get far better at analysing what makes a successful security specialist,” adds Clarke, who urges firms to
visit schools and universities.
Steffens, though, sees traction in the boardroom. “I certainly see improvements throughout the industry. I know more
women in CISO/CSO roles today. I also see far more women engaged in the industry – attending conferences, giving
talks, being active. Discussions on how to engage young girls in STEM programmes early on are happening and ideas
are being implemented.”
Surprisingly BeecherMadden's report found that women are now getting paid up to 30 percent more than men in cyber-
security, whereas nationally women earn 19.7 percent less than men. Speaking at InfoSecurity Europe, COO Karla
Jobling cited one example of a woman with a year's less experience than a man being paid £10,000 more.
“Women are being paid more than men because they are coming into cyber-security with skills that enable them to
communicate to the business,” said Jobling. “Typically, women come from a non-IT background and bring skills in
sales, PR, communication and project management.”
“Two years ago, cyber was dominated by technical roles, now there are more roles in strategy and policy. The CEO
knows about cyber now and that makes cyber more exciting for everyone, but especially women who are maybe not as
interested in the tech.”
Jobling added that the number of women in the sector has grown almost 50 percent in the last year, and suggested we
might talk often of women CISOs in the future “rather than pinpointing the few.”
Meanwhile Barker believes it should also be easier to cross over. “How do you suddenly specialise in cyber-security?
What I'd like to see is more opening up, more jumping across industries. In that way, we don't make it easy for people,
it's hard to find a way in”. Bournemouth University's Richardson advocates mid-career apprenticeships, to ease women
into new careers.
And Steffens says: “I believe it's important for women to be themselves and not try to conform to a ‘man's way'. The
industry as a whole benefits from having all points of view included.”
Encouragingly Rivett believes that discrimination and paternity leave issues are a thing of the past.
So what more can be done? “Continue focusing on providing opportunities for women in the field,” says Steffens.
“Highlight the ever-growing number of women who continue to raise the bar in our industry so we create more role
models for young girls and women looking to enter the field. Show them it's not scary – it is the best job in the world.”
From the July 2015 Issue of SCMagazine UK »
This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your
use of this website constitutes acceptance of Haymarket Media's Privacy Policy and Terms & Conditions