Black Hat USA 2017 | Diverse IT | By ITSPmagazine
At this year’s Black Hat USA 2017 Career Track, the Challenges and Opportunities for Women in Cybersecurity session examined the current landscape of women’s roles in cybersecurity. This expert panel of three top-level women provided tips and resources to help the predominantly female audience go forth and conquer that industry-wide workforce gap.
I’ve been hearing the abysmal statistic that women make up a mere 11% of the global cybersecurity workforce so frequently that I have begun muttering it in my sleep. But what I want to know is: what the hell are people actually doing about it? I want actionable advice, I want to hear new, exciting numbers, and most of all I want this to be a non-issue. If we’re still repeating this number in 2020 I’m moving to Mars.
The Challenges and Opportunities for Women in Cybersecurity career track was made up of three panelists who had a lot to say – and though they did start out by sharing the 11% number (plus a new one: 51% of women say that they’ve experienced some form of discrimination in the workplace), they did have some specific suggestions to share with the primarily female and young crowd.
Just before the panel got started, Joyce Brocaglia pointed out to me and a few attendees that the tall chairs provided for the panelists didn’t work when you were wearing a short or narrow skirt – a factor that a woman would’ve taken into consideration, she added with amusement.
This made me think about the importance of having a wide range of diverse talent involved in the full spectrum of any job. When male engineers and designers are the ones who are building products and services, women and minorities are not taken into consideration for the consumption of these products and services – which is just bad business. For instance, seat belts are tested on male crash test dummies, which are taller, broader and more strongly built than females, and as a result, female drivers are 47% more likely to be seriously injured in a car crash.
But I digress….
Suzanne Hall shared a story about a boss of hers who didn’t want to give her a leadership role at the company but instead wanted to recruit someone with 20 years’ experience (which she didn’t have, though her experience still made her a good candidate). She pointed out that her two male counterparts got leadership roles without this alleged 20 years’ experience requirement – and within 24 hours she got the position.
Actionable advice: Women need to speak up for themselves and point out their own qualifications. Sometimes the bias is conscious but sometimes it is unconscious, and having the confidence to defend your experience and qualifications may take care of the issue.
A high school student in the audience asked what she could do to help her female friends stay in computer science classes when they felt uncomfortable being the only girl, or one of just a few girls, in a room full of boys in which they felt unheard and unvalued.
Actionable advice: Form your own informal group of likeminded girls and meet for lunch once a week to support and share knowledge with each other. There is strength in numbers and you’ll feel less alone.
Women tend to accept the salary that they are offered, and often that number is lower than their male counterparts’. But how do you know what, exactly, the position is worth?
Actionable advice: If you use a staffing service, try to find one that is, itself, diverse, as they will tend to value equality. And even if you don’t use such a service, call a few of them and ask about the salary range for your particular job before you accept your new salary.
Other valuable resources that the panel suggested to encourage women and minorities to enter the cyber or tech fields and ensure that they find support are:
Scholarship programs – Apply for them, or if you’re an organization, offer them. For instance, the Cybersecurity Diversity Foundation and WGU are offering two full master’s degrees in cybersecurity.
Network – Whether formal or informal, meeting with like-minded folks to share resources and support is invaluable.
Leadership programs – When women and minorities are in top-level positions, organizations tend to be more inclusive. In fact, Business Insider reports that “Companies in the MSCI World Index with strong female leadership generated a Return on Equity of 10.1% per year versus 7.4% for those without.”
Pipeline – If you’re in the position of recruiting, look further afield than the traditional talent sources. Non-traditional skills, like journalism or psychology, can be hugely beneficial in the cyber industry. Case in point: none of the three panelists have technology degrees.
Metrics – Just because no one at your company is speaking up, does not necessarily mean that everyone is happy. Use metrics to measure diversity.
Though we’ve heard about the challenges that women in the cybersecurity workforce face since the inception of this industry, this panel quickly moved on to discussing the opportunities and resources available to help the women – and the men – in the audience feel more confident about taking action to enter the industry on a level playing field.
About Selena Templeton
Selena Templeton is the Column Editor for the DiverseIT column and podcast series on ITSPmagazine.