By Jennie Kam
Last week, Tucson hosted the Women in Cybersecurity (WiCyS) Conference, an NSF-funded initiative that Dr. Ambareen Siraj began in 2013 to combat the gender diversity gap in the information security workforce and pipeline.
Even as the attendance has grown from 350 to 850 over the last four years, the organizers continue to ensure that 50% of registrations are always dedicated to university students (with security professionals and educators making up the other half), because at the WiCyS conference, everyone has an opportunity to learn.
WiCyS relocates to a new city each year and one day prior to each conference, local high school students are invited to a 1-day GenCyber camp. GenCyber, an NSF/NSA joint-funded program for K-12 students and educators, aims to spark the next generation’s interest in a cybersecurity career.
This year, 75 high school girls and boys learned about drone surveillance, good password habits, cryptographic ciphers, and lock picking. They were also treated to a motivating talk from DEFCON Kids (now r00tz Asylum) co-founder, teenage hacker CyFi – a pseudonym required by her parents.
University students benefitted from specific career guidance sessions such as a resume clinic and a career fair where government, corporate and academia tracks were represented. A speed mentoring hour also had several early career options where students learned more about different paths to aspire towards, such as ethical hacking, digital forensics, data science and technical program management.
There were also many mid- and late-career mentors to assist professionals with navigating stalled or diverging paths. A number of executives, including Lisa LaFleur (CISO, Raytheon Integrated Defense Systems) and Susan Whittemore (VP of IT Risk Management, Fidelity), participated to guide and encourage more women into leadership positions.
Most of the workshops, panels, posters and presentations were technical in nature:
Students from Carnegie Mellon University hosted a workshop to prepare beginners with the resources and skills to compete in Capture the Flag cybersecurity competitions.
Malware researchers from Endgame and Applied Physics Laboratory covered the basics of reverse engineering and enabled the participants to practice tools and techniques.
Workshops by Raytheon and Cisco focused on practical advice for securing one’s identity, including how to ensure that mobile applications aren’t leaking personal information.
The Army Cyber Institute presented “Jack Voltaic,” a cybersecurity exercise involving multiple New York City industry sectors and first responders.
A Google security researcher discussed typical paths of least resistance that criminals take to obtain your data, as well as her own encounter with a bad actor in Las Vegas.
Metropolitan State University faculty demonstrated best practices for a secure development lifecycle such that security can be integrated throughout the design process. After all, security is everyone’s responsibility.
A few noteworthy panels centered on relevant professional development topics such as “imposter syndrome,” which everyone at the conference seemed to have suffered from at some point in her career. Advice on making one’s voice heard was well received since being talked over or interrupted was another common experience amongst female conference goers. An industry expert from Harris Corporation helped women of all career stages strategize for their next step.
And I found the Facebook panel, filled with women who refused to conform to the “tough guy, hacker, bro-culture,” particularly bold and refreshing, considering the rampant judgment and prejudice within the industry.
Finally, the distinguished women who gave keynote speeches during each provided meal were an inspiration to all:
Kicking off the conference was Michelle Dennedy of Cisco, who reminded us in this male-dominated field that “we need to happen to things, not let them happen to us.”
Over lunch we were introduced to retired Brigadier General Linda Medler, who challenged norms throughout her 30 year military career. Medler, now with Raytheon Missile Systems, encouraged us to constantly change and adapt as “a good plan only survives the first encounter with the enemy, and you will be your own worst enemy.”
Diane Miller of Northrop Grumman makes a global impact as she not only directs the CyberPatriot youth education program, but extends it to the U.K., Saudi Arabia, Australia, South Korea and Japan.
Annie Anton of Georgia Tech told her story via memorable quotes and memes over dinner.
Wendy Whitmore of IBM had the whole room nodding in agreement as she recalled a time that she was dismissed as “too pretty to be smart.”
Last but not least, Mari DeGrazia stressed the influence that blogging and presenting had on her career since “speaking at conferences is like free marketing for yourself!”
The 2017 Global Information Security Workforce Study concluded that women only comprise 11% of the industry. Diversity conferences such as WiCyS make our community stronger and give underrepresented people of similar backgrounds a safe place to share experiences and learn from each other.
I’ve attended the past three WiCyS conferences with the goal to find both mentors and mentees. If everyone walks away with at least one of each, I think we have a good chance of moving the needle on gender diversity.
About Jennie Kam
Jennie Kam is an embedded systems security researcher at Cisco, which allows her to evaluate the security posture of Cisco products from both a hardware and software perspective. She earned her bachelor’s in electrical engineering from the University of Texas and her master’s in computer engineering from the Georgia Institute of Technology.