Why Are So Few Women In Cybersecurity?

Uploaded on 2018-05-16 in NEWS-Cybersecurity News, JOBS-Careers, FREE TO VIEW

Ellison Anne Williams has a PhD in mathematics, vast experience at the den of wizards known as the National Security Agency, and entrepreneurial chops. She’s accomplished and smart.  So what happened to her at a recent business meeting left her dismayed, although it is far from uncommon for women in cybersecurity.

“I was in the room and the fellow walked in. He stopped dead in his tracks and the first words out of his mouth were, ‘You’re a girl.’ And I said, ‘Yes, what were you expecting?’” said Williams, founder and chief executive of Enveil, a Matyland data security company.

Males hold three out of four jobs in the tech world, but it is in cybersecurity where the lack of participation of women is most acute. By one reckoning, only 14 percent of the US workforce in cybersecurity is female. 

Those women that do break into the industry talk of glass ceilings, insensitivity in the workplace, a lack of mentors and popular culture that reinforces the image of male tech workers.

The gender imbalance has potential consequences for the nation’s security. The United States, already suffers a shortage of cyber-security workers, even as global hacking threats grow more acute. The labor shortage is forecast to worsen. A study last year by Frost & Sullivan, a consulting firm, found that North America will face a shortage of 265,000 cybersecurity workers by 2022.

Prod just about any woman at a cyber-security firm and anecdotes pour forth.

“Everyone has a story where you’re the only woman in the room, and being asked to take notes,” said Priscilla Moriuchi, director of strategic threat development at Recorded Future, a Boston-area cyber threat intelligence firm. The cybersecurity industry writ large has yet to take the gender imbalance seriously, she said, even as some firms take big steps.

“Women are not getting promoted at the same rate as men are, and women are not getting salary increases at the same rate as men are even though they are asking for and applying at the same rate,” Moriuchi said. 

A number of nonprofit groups and private companies actively promote training to get younger girls involved in information security. They include goodgirlswritecode.org and girlswhocode.com. The Girl Scouts organisation says that later this year it will add merits badge in cybersecurity.

Several executives said girls winnow out of tech and cyber-security career paths at a young age.

Electronic games and movies reinforce stereotypes that tech and cyber-security are for males, said Kim Tremblay, founder of Arctic Wolf Networks, a California security firm. Search online for images of cybersecurity researchers, Tremblay said, and “you’re going to get an image of a guy in a hoodie.” Females see such images and feel alienation. “They don’t see themselves as these people with the hoodies on.”

In middle and high schools, girls interested in computer science and coding clubs commonly feel little social support, several executives said. Moriuchi recalled her own experience: “They weren’t unfriendly to girls but there weren’t many girls there, and as a result that lessens the appeal.” 

Ashley Podhradsky, a professor of computer forensics at Dakota State University, is among experts trying to change this. In 2015, Podhradsky founded a residential cybersecurity summer camp for girls under a trademarked name: CybHER Security. It’s bursting at the seams. Last year, the camp attracted 130 students from 16 states.

The weeklong camp is free for participants, and the costs are partly funded by the National Security Agency and a series of private corporations, like AT&T and Citigroup, she said. At the camp, girls learn things like how to find deleted messages on a phone and how to analyze photos to see where they were taken and by what device.

“I’ve heard so many times that girls aren’t interested. That’s just not true,” added Podhradsky, who is an associate professor of information security at the university. Once out in the workplace, women in cybersecurity often find themselves in a common situation, being the only woman in a room.

“It’s a very male dominated culture,” Williams said. “It can be, a little more, crass and a little bit more rough, and maybe some … females don’t like that, and it is off-putting.”

Even getting a foot in the door can be hard.

“There’s a lot of unconscious bias in hiring,” said Lisa Jiggetts, founder and chief executive of Women’s Society of Cyberjutsu, a support community for women in the field. “There’s conscious bias, too. For whatever reason, women aren’t viewed as capable and skillful in the field.”

As a rule, women wait until they accrue required skills before applying for cybersecurity jobs, said Tremblay, of Arctic Wolf, while men routinely bluff their way through.

“The men may have none of (the skills) and will still apply,” Tremblay said. Some positive stories are out there. Williams spent 12 years working at the National Security Agency, the top-secret government branch that deals in signals intelligence, hacking and defending against cyber-attack. As she rose in the ranks, helped by male mentors, she said she was able to help make inroads on the gender issue.

“One of the things that NSA has gotten really right is that they’ve done a really great job of building a cadre of excellent female mathematicians,” she said.

But for every positive story, there are also negative ones.
Leah Figueroa, lead data engineer at Gravwell, a data analytics company out of Coeur D’Alene, Idaho, is a frequent speaker on cybersecurity issues at industry conferences.

“Yesterday, I was walking around and I had on my speaker’s badge. Someone asked me who’s speaker badge I was borrowing. I was like, ‘This is mine,’” Figueroa said on the sidelines of the Shmoocon hacker conference in Washington earlier this month.

Figueroa said she has professional colleagues who face diminishment at client meetings.

“They have clients who won’t speak directly to them,” she said. “It’s the assumption that the woman is not the lead on the project. They just default to speaking to the men.”

McClatchyDC

You Might Also Read: 

Very Few Women Are CISOs:

Women Write Better Computer Code Than Men:
 

 

« Blockchain Is Transforming The Investment Business
Getting The Most From Investing In AI »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ClearedJobs.Net

ClearedJobs.Net

ClearedJobs.Net is a career site and job fair company for professionals seeking careers in the defense, intelligence and cyber security communities.

RU-CERT

RU-CERT

RU-CERT is the CSIRT / CERT team of the Russian Federation.

CloudCheckr

CloudCheckr

CloudCheckr is a next-gen cloud management platform that unifies Security & Compliance, Inventory & Utilization and Cost Management.

Egerie

Egerie

EGERIE's RiskManager solution provides a Global, Centralized, and Updated view of risk maps and security measures for your company.

CipherMail

CipherMail

CipherMail provides email security products which allow organizations world wide to automatically protect their email against unauthorized access both in transit and at rest.

WISeKey

WISeKey

WISeKey is a leading cybersecurity company currently deploying large scale digital identity ecosystems for people and objects using Blockchain, AI and IoT.

Sequoia Capital

Sequoia Capital

Sequoia Capital is a venture capital firm focused mainly on technology. We partner both with young companies finding their stride and established ones looking for growth.

OmniCyber Security

OmniCyber Security

Omni is a cyber security firm specialising in Penetration Testing, Managed Security and Compliance.

Moviri

Moviri

Moviri combines security technology engineering, intelligence expertise and our data science DNA to help companies manage digital risk end-to-end.

Intrepid Solutions and Services

Intrepid Solutions and Services

Intrepid Solutions and Services provides technology solutions and professional services to key components of the intelligence and national security communities.

Cybolt

Cybolt

Cybolt helps companies, organizations, and governments manage digital risks and live in an environment of confidence and certainty.

Cyber Security Services

Cyber Security Services

Cyber Security Services is a cyber security consulting firm and security operations center (SOC).

InfoSec4TC

InfoSec4TC

InfoSec4tc is an online Information Security Courses, Training, and Consultancy provider.

Globesecure Technologies

Globesecure Technologies

Globesecure Technologies is a networks and cyber security company. We are here to resolve business security challenges and secure the digital transformation journey of our clients.

Cranium

Cranium

AI is being implemented into every business process, but nobody knows whether their AI is secure. Our mission is to deliver security and trust to the AI revolution.

Synergy ECP

Synergy ECP

Synergy ECP has a talented, dedicated staff to provide a broad range of services to the defense and intelligence industries.