Why Are So Few Women In Cybersecurity?

Ellison Anne Williams has a PhD in mathematics, vast experience at the den of wizards known as the National Security Agency, and entrepreneurial chops. She’s accomplished and smart.  So what happened to her at a recent business meeting left her dismayed, although it is far from uncommon for women in cybersecurity.

“I was in the room and the fellow walked in. He stopped dead in his tracks and the first words out of his mouth were, ‘You’re a girl.’ And I said, ‘Yes, what were you expecting?’” said Williams, founder and chief executive of Enveil, a Matyland data security company.

Males hold three out of four jobs in the tech world, but it is in cybersecurity where the lack of participation of women is most acute. By one reckoning, only 14 percent of the US workforce in cybersecurity is female. 

Those women that do break into the industry talk of glass ceilings, insensitivity in the workplace, a lack of mentors and popular culture that reinforces the image of male tech workers.

The gender imbalance has potential consequences for the nation’s security. The United States, already suffers a shortage of cyber-security workers, even as global hacking threats grow more acute. The labor shortage is forecast to worsen. A study last year by Frost & Sullivan, a consulting firm, found that North America will face a shortage of 265,000 cybersecurity workers by 2022.

Prod just about any woman at a cyber-security firm and anecdotes pour forth.

“Everyone has a story where you’re the only woman in the room, and being asked to take notes,” said Priscilla Moriuchi, director of strategic threat development at Recorded Future, a Boston-area cyber threat intelligence firm. The cybersecurity industry writ large has yet to take the gender imbalance seriously, she said, even as some firms take big steps.

“Women are not getting promoted at the same rate as men are, and women are not getting salary increases at the same rate as men are even though they are asking for and applying at the same rate,” Moriuchi said. 

A number of nonprofit groups and private companies actively promote training to get younger girls involved in information security. They include goodgirlswritecode.org and girlswhocode.com. The Girl Scouts organisation says that later this year it will add merits badge in cybersecurity.

Several executives said girls winnow out of tech and cyber-security career paths at a young age.

Electronic games and movies reinforce stereotypes that tech and cyber-security are for males, said Kim Tremblay, founder of Arctic Wolf Networks, a California security firm. Search online for images of cybersecurity researchers, Tremblay said, and “you’re going to get an image of a guy in a hoodie.” Females see such images and feel alienation. “They don’t see themselves as these people with the hoodies on.”

In middle and high schools, girls interested in computer science and coding clubs commonly feel little social support, several executives said. Moriuchi recalled her own experience: “They weren’t unfriendly to girls but there weren’t many girls there, and as a result that lessens the appeal.” 

Ashley Podhradsky, a professor of computer forensics at Dakota State University, is among experts trying to change this. In 2015, Podhradsky founded a residential cybersecurity summer camp for girls under a trademarked name: CybHER Security. It’s bursting at the seams. Last year, the camp attracted 130 students from 16 states.

The weeklong camp is free for participants, and the costs are partly funded by the National Security Agency and a series of private corporations, like AT&T and Citigroup, she said. At the camp, girls learn things like how to find deleted messages on a phone and how to analyze photos to see where they were taken and by what device.

“I’ve heard so many times that girls aren’t interested. That’s just not true,” added Podhradsky, who is an associate professor of information security at the university. Once out in the workplace, women in cybersecurity often find themselves in a common situation, being the only woman in a room.

“It’s a very male dominated culture,” Williams said. “It can be, a little more, crass and a little bit more rough, and maybe some … females don’t like that, and it is off-putting.”

Even getting a foot in the door can be hard.

“There’s a lot of unconscious bias in hiring,” said Lisa Jiggetts, founder and chief executive of Women’s Society of Cyberjutsu, a support community for women in the field. “There’s conscious bias, too. For whatever reason, women aren’t viewed as capable and skillful in the field.”

As a rule, women wait until they accrue required skills before applying for cybersecurity jobs, said Tremblay, of Arctic Wolf, while men routinely bluff their way through.

“The men may have none of (the skills) and will still apply,” Tremblay said. Some positive stories are out there. Williams spent 12 years working at the National Security Agency, the top-secret government branch that deals in signals intelligence, hacking and defending against cyber-attack. As she rose in the ranks, helped by male mentors, she said she was able to help make inroads on the gender issue.

“One of the things that NSA has gotten really right is that they’ve done a really great job of building a cadre of excellent female mathematicians,” she said.

But for every positive story, there are also negative ones.
Leah Figueroa, lead data engineer at Gravwell, a data analytics company out of Coeur D’Alene, Idaho, is a frequent speaker on cybersecurity issues at industry conferences.

“Yesterday, I was walking around and I had on my speaker’s badge. Someone asked me who’s speaker badge I was borrowing. I was like, ‘This is mine,’” Figueroa said on the sidelines of the Shmoocon hacker conference in Washington earlier this month.

Figueroa said she has professional colleagues who face diminishment at client meetings.

“They have clients who won’t speak directly to them,” she said. “It’s the assumption that the woman is not the lead on the project. They just default to speaking to the men.”

McClatchyDC

You Might Also Read: 

Very Few Women Are CISOs:

Women Write Better Computer Code Than Men:
 

 

« Blockchain Is Transforming The Investment Business
Getting The Most From Investing In AI »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Quttera

Quttera

Quttera provides Website Security Solutions for Small & Medium Businesses, Enterprises and Organizations.

Continuum

Continuum

Continuum is the IT management platform company that allows Managed IT Services Providers to maintain and back up on-premise and cloud-based servers, desktops, mobile devices and other endpoints

Cybertekpro

Cybertekpro

Cybertekpro is a specialist insurance broker providing Cyber Liability insurance and cyber risk assessment services.

Cyber Triage

Cyber Triage

Cyber Triage is an automated incident response software any company can use to investigate their network alerts.

MindPoint Group (MPG)

MindPoint Group (MPG)

MindPoint Group is a specialist Information Security Consulting firm.

Nullcon

Nullcon

Nullcon provides an integrated platform for exchanging information on the latest attack vectors, zero-day vulnerabilities and unknown threats.

Garrison Technology

Garrison Technology

Garrison SAVI® is a unique technology for secure remote browsing that can dramatically change the risk profile for enterprise cyber security.

Webtotem

Webtotem

Webtotem's mission is to prevent the global epidemic of website infection and provide every website owner with basic security rights.

DFI

DFI

DFI is a global leading provider of high-performance computing technology across multiple embedded industries.

EOL IT Services

EOL IT Services

EOL IT Services is the UK’s most accredited provider of IT Asset Disposal (ITAD), Lifecycle Services and Data Destruction.

SecuLetter

SecuLetter

SecuLetter is able to detect unknown attacks with hybrid approaches, static and dynamic analysis.

Upfort

Upfort

Upfort (formerly Paladin Cyber) unifies award-winning security and robust cyber insurance to deliver comprehensive cyber risk solutions.

Kaspersky Industrial CyberSecurity (KICS)

Kaspersky Industrial CyberSecurity (KICS)

Kaspersky addresses all the cybersecurity needs of industrial organizations in its Kaspersky Industrial CyberSecurity (KICS) portfolio.

DeVry University - Cyber Security Degree

DeVry University - Cyber Security Degree

Explore the dynamic world of data protection with a hybrid or online cyber security degree specialization with DeVry's IT & Networking Bachelor's Degree.

Northdoor

Northdoor

Northdoor provides a comprehensive set of services around information security and works with leading global technology vendors to deploy and manage cyber security solutions.

Cyver Core

Cyver Core

Cyver Core is a pentest management and pentest report automation platform that consolidates cybersecurity work, automates overhead, and frees cybersecurity professionals up for the work that matters.