Why Are So Few Women In Cybersecurity?

Ellison Anne Williams has a PhD in mathematics, vast experience at the den of wizards known as the National Security Agency, and entrepreneurial chops. She’s accomplished and smart.  So what happened to her at a recent business meeting left her dismayed, although it is far from uncommon for women in cybersecurity.

“I was in the room and the fellow walked in. He stopped dead in his tracks and the first words out of his mouth were, ‘You’re a girl.’ And I said, ‘Yes, what were you expecting?’” said Williams, founder and chief executive of Enveil, a Matyland data security company.

Males hold three out of four jobs in the tech world, but it is in cybersecurity where the lack of participation of women is most acute. By one reckoning, only 14 percent of the US workforce in cybersecurity is female. 

Those women that do break into the industry talk of glass ceilings, insensitivity in the workplace, a lack of mentors and popular culture that reinforces the image of male tech workers.

The gender imbalance has potential consequences for the nation’s security. The United States, already suffers a shortage of cyber-security workers, even as global hacking threats grow more acute. The labor shortage is forecast to worsen. A study last year by Frost & Sullivan, a consulting firm, found that North America will face a shortage of 265,000 cybersecurity workers by 2022.

Prod just about any woman at a cyber-security firm and anecdotes pour forth.

“Everyone has a story where you’re the only woman in the room, and being asked to take notes,” said Priscilla Moriuchi, director of strategic threat development at Recorded Future, a Boston-area cyber threat intelligence firm. The cybersecurity industry writ large has yet to take the gender imbalance seriously, she said, even as some firms take big steps.

“Women are not getting promoted at the same rate as men are, and women are not getting salary increases at the same rate as men are even though they are asking for and applying at the same rate,” Moriuchi said. 

A number of nonprofit groups and private companies actively promote training to get younger girls involved in information security. They include goodgirlswritecode.org and girlswhocode.com. The Girl Scouts organisation says that later this year it will add merits badge in cybersecurity.

Several executives said girls winnow out of tech and cyber-security career paths at a young age.

Electronic games and movies reinforce stereotypes that tech and cyber-security are for males, said Kim Tremblay, founder of Arctic Wolf Networks, a California security firm. Search online for images of cybersecurity researchers, Tremblay said, and “you’re going to get an image of a guy in a hoodie.” Females see such images and feel alienation. “They don’t see themselves as these people with the hoodies on.”

In middle and high schools, girls interested in computer science and coding clubs commonly feel little social support, several executives said. Moriuchi recalled her own experience: “They weren’t unfriendly to girls but there weren’t many girls there, and as a result that lessens the appeal.” 

Ashley Podhradsky, a professor of computer forensics at Dakota State University, is among experts trying to change this. In 2015, Podhradsky founded a residential cybersecurity summer camp for girls under a trademarked name: CybHER Security. It’s bursting at the seams. Last year, the camp attracted 130 students from 16 states.

The weeklong camp is free for participants, and the costs are partly funded by the National Security Agency and a series of private corporations, like AT&T and Citigroup, she said. At the camp, girls learn things like how to find deleted messages on a phone and how to analyze photos to see where they were taken and by what device.

“I’ve heard so many times that girls aren’t interested. That’s just not true,” added Podhradsky, who is an associate professor of information security at the university. Once out in the workplace, women in cybersecurity often find themselves in a common situation, being the only woman in a room.

“It’s a very male dominated culture,” Williams said. “It can be, a little more, crass and a little bit more rough, and maybe some … females don’t like that, and it is off-putting.”

Even getting a foot in the door can be hard.

“There’s a lot of unconscious bias in hiring,” said Lisa Jiggetts, founder and chief executive of Women’s Society of Cyberjutsu, a support community for women in the field. “There’s conscious bias, too. For whatever reason, women aren’t viewed as capable and skillful in the field.”

As a rule, women wait until they accrue required skills before applying for cybersecurity jobs, said Tremblay, of Arctic Wolf, while men routinely bluff their way through.

“The men may have none of (the skills) and will still apply,” Tremblay said. Some positive stories are out there. Williams spent 12 years working at the National Security Agency, the top-secret government branch that deals in signals intelligence, hacking and defending against cyber-attack. As she rose in the ranks, helped by male mentors, she said she was able to help make inroads on the gender issue.

“One of the things that NSA has gotten really right is that they’ve done a really great job of building a cadre of excellent female mathematicians,” she said.

But for every positive story, there are also negative ones.
Leah Figueroa, lead data engineer at Gravwell, a data analytics company out of Coeur D’Alene, Idaho, is a frequent speaker on cybersecurity issues at industry conferences.

“Yesterday, I was walking around and I had on my speaker’s badge. Someone asked me who’s speaker badge I was borrowing. I was like, ‘This is mine,’” Figueroa said on the sidelines of the Shmoocon hacker conference in Washington earlier this month.

Figueroa said she has professional colleagues who face diminishment at client meetings.

“They have clients who won’t speak directly to them,” she said. “It’s the assumption that the woman is not the lead on the project. They just default to speaking to the men.”

McClatchyDC

You Might Also Read: 

Very Few Women Are CISOs:

Women Write Better Computer Code Than Men:
 

 

« Blockchain Is Transforming The Investment Business
Getting The Most From Investing In AI »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Telos

Telos

Telos offers cybersecurity solutions and services that empower and protect the world’s most security-conscious enterprises.

Kore Telematics

Kore Telematics

Kore is a leading managed service provider for IoT and M2M applications.

BCS Financial

BCS Financial

BCS Financial delivers financial and insurance solutions. Specialty risk products include Cyber and Privacy Liability insurance.

Auth0

Auth0

Auth0 is a cloud service that provides a set of unified APIs and tools that instantly enables single sign-on and user management for any application, API or IoT device.

Plurilock Security Solutions

Plurilock Security Solutions

Plurilock is a real-time cybersecurity solution that uses artificial intelligence to identify, prevent, and eliminate insider threats.

CSIRT-CY

CSIRT-CY

CSIRT-CY is the National Computer Security Incident Response Team for Cyprus.

A3Sec

A3Sec

A3Sec provides professional solutions in the areas of Cybersecurity, Device Monitoring, Business Intelligence and Big Data.

spiderSilk

spiderSilk

spiderSilk is a Dubai-based cybersecurity firm, specializing in simulating the most advanced cyber offenses on your technology so you can build your best security defenses.

Clone Systems

Clone Systems

Clone Systems is an award winning global cloud based managed security as a service provider.

CyberEdBoard

CyberEdBoard

CyberEdBoard is a private, peer-to-peer education and networking community focused on cybersecurity, technology, business processes and risk management.

Dashlane

Dashlane

Dashlane puts all your passwords, payments, and personal info in one place that only you control. So you can use them instantly. Securely. Exactly when you need them.

FirstWave Cloud Technology

FirstWave Cloud Technology

FirstWave Cloud Technology is a global cyber security company which has been delivering Cybersecurity-as-a-service solutions to the market since 2004.

Financial Services Information Sharing and Analysis Center (FS-ISAC)

Financial Services Information Sharing and Analysis Center (FS-ISAC)

The Financial Services Information Sharing and Analysis Center is the only global cyber intelligence sharing community solely focused on financial services.

Evanssion

Evanssion

Evanssion is a value added distributor specialized in Cloud Native & Cyber Security across Middle East & Africa.

Digital Silence

Digital Silence

Digital Silence is a world-class provider of information security research and consulting services.

rSolutions

rSolutions

rSolutions delivers managed cybersecurity services to clients in many industry sectors including financial services, telecommunications, energy, government and retail.