In part one of this column post, I looked at how a lack of diversity in the information technology and security industries affects all of our lives. Here in part two, I address what we can do about these challenges.
One way to have a big impact in the technology and infosec fields is to change not only the dialogue, but to make concerted efforts to diversify the pipeline of talent. The following is a list of ways that we can make it more appealing for women to join – and stay in – the information security space.
- Learn from other fields that have had success in attracting women – In the 1970s, only 11% of medical students were women. In 2015, women comprised over 47% of medical school graduates! (note: opens a PDF in a new window) The book The Changing Face of Medicine explores various studies by social scientists who tracked occupations in which women made inroads in traditionally male-dominated occupations. We can learn from and build on the experiences in different industries.
- Make information security and computer science a part of K-12 curriculums – We can’t hire more women if they aren’t trained in the field. I am not naïve enough to believe that curriculum changes are easy, but we must build awareness in order to influence the pipeline of future information security experts. Just like software and cybersecurity are a part of our everyday lives, we need to teach children that cybersecurity is a part of the subjects that they’re already studying, from medicine to law to mechanics to sports to art.
- Safety (and success) in numbers – I am a true Pittsburgh sports fan, and during a post Stanley Cup victory interview, the Penguins’ GM Jim Rutherford was asked why he thought he was successful with so many rookies on the team during the second half of the season. Though he previously believed that it was better to integrate rookies into the system on at a time, this year he learned that bringing up a group of rookies encouraged camaraderie and gave them an immediate sense of team that translated from the locker room to the ice. This should apply to women in information security, too: hire in multiples or establish sponsorships and teamwork opportunities so that women don’t feel isolated. Internships or co-ops that include groups of women would go a long way in making women feel like a part of a team.
- Evolve the “tech bro” culture – There are many other blogs and articles detailing why women are turned off by the up-all-night, caffeine-driven, uber-competitive atmosphere of industry events like hackathons (participants sleeping on couches, women’s restrooms being turned co-ed, and a constant barrage of “you’re just a girl” comments are a few reasons). Hosting alternative events and highlighting the team work aspect might be more appealing to women (and men) who seek some life balance!
- Acknowledge both the need for cultural changes and potential shortcomings – I recently spoke at a high tech company about diversity and inclusivity where employees noted that there are very few women in leadership roles in their company and that the interview process probably had something to do with that. While pondering this, I came across this article noting that women underperform in gender-masked technical interviews. There are multiple things to address here: Are the interviews themselves flawed? Were these primarily male interviewers? Do we need to put some effort into training women to perform better in interviews? My guess is that we need to approach this from both angles – updating/improving interview techniques and content AND training women to succeed in them.
- National and organizational policy changes – While I don’t want to get political in this post, it is going to take policy changes to make the workforce more conducive for women to enter and succeed. The International Monetary Fund has a 2012 report (note: opens a PDF in a new window) detailing policies that will support an increase of women in the workforce. Two that are notable: access to affordable childcare and government policies on parental leave. These changes are not always easy solutions to implement, but we got a man on the moon in 1969, so I’m positive that we can get more women on computers in 2016 if we really put our minds to it!
Chenxi noted that the Equal Respect grassroots effort is not a charity cause nor a pet project. I am using my voice inside my organization, throughout Pittsburgh, and hopefully internationally via this column to build awareness and institute the changes required to get more women involved in information security.
I’d love to get feedback on my ideas and hear yours!
Summer Fowler is the Technical Director of the CERT Cybersecurity Risk & Resilience Directorate in the CERT Program at Carnegie Mellon University’s (CMU) Software Engineering Institute (SEI). Summer is responsible for executing the strategic plan for a research portfolio focused on improving the security and resilience of organizational assets, including people, information, technology, facilities, and infrastructures.