Why Aren't Women Entering the Cybersecurity and Risk Management Arena En Masse?
The economy and the country at large are missing out on a great well of talent.
Last month, for the second time in four years, I attended the Executive Women’s Forum (EWF) in Scottsdale, Arizona. I must admit, I typically do not frequent all-female groups or events. I always have believed that to succeed, women must be mainstreamed into all professions, companies and organizations. After all, I had entered the U.S. Navy and naval intelligence in 1979, at a time when only a handful of women were in this field. Many of the legal and policy tenets already were already in place to ensure I was given the same opportunity as my male officer counterparts. Of course, there were workplace behavioral challenges—but the framework was in place regarding equal pay, promotion and leadership opportunity for all under the law. So while there were “women in the military” organizations, I never joined them or participated in them. I was going to make it by teaming with my counterparts, fully engaging with my team and excelling under the leadership of my bosses and peers. And, for the most part, this worked for me both professionally and personally.
So why did I come to EWF, and why am I recommending it to others? The EWF is the largest member organization serving emerging leaders as well as the most prominent and influential female executives in the information security, risk management and privacy industries.
Its core mission is to attract, retain and advance women in the information security, information technology risk management and privacy industries through education, leadership development and the creation of trusted relationships. The community is composed of a global network of intelligent, powerful and influential women who have "been there and done that" and are willing to share their challenges and successes to empower other members to achieve excellence in their careers and their organizations.
These are some of the fastest-growing careers globally, and they demand a diversity of backgrounds, intellect, perspective and skill sets for us to succeed—as an economy and a nation. To date, the technically deep have dominated, but the fact is that we need a breadth and depth of skill sets and experience to analyze, understand and solve risk management challenges in the digital age. And the percentage of women in these fields has dropped over the past two years from a high of 12 percent to today’s level of 10 percent.
In a majority of work environments, few to no women can mentor, guide and enable the next generation of information security and risk management professionals. Where are the successful role models and leaders for others to follow?
The EWF brings together those successful and aspirational professionals, shares their workplace challenges and best practices and links them to mentors they may not have in their own agency or company. I have been awed by the amazing openness, teamwork and encouragement from industry and government information technology security/risk management professionals in their 20s, 30s and 40s. Maybe this exists because on occasion we come together, learn about and enable each other—something I have not done with female professional counterparts who I do not already know.
While I am not running out to join predominantly female organizations, a light has come on in my head: When we have chosen a male-dominated career field, sometimes we need to connect with one or two successful and driven career protégés outside our immediate sphere to get ourselves to the next level of achievement or understanding.
Terry Roberts, a former director of Naval intelligence, is the founder and president of WhiteHawk.
Share Your Thoughts:
Terry: I loved how you stated in paragraph 1 that equality (legal & policy tenets) for women had already been a part of the military by the time you found yourself in a "male dominated" career. [I was also in a male-dominated field in college (Geology) and then in the Army; I left in 1977.] You have clearly done really really well without requiring a gaggle (sp?) of cheerleaders, so why advocate for them now? Why would you ask, "Where are the successful (female-) role models and (female-) leaders for (female-) others to follow?" when you know the answer is, "Who cares?" They are unneccesary. If YOU could do it without a Skirt-wearing Mentor so can the young women of today. A mentor is a mentor is a mentor. One ought to be chosen for their admirable accomplishments & skills+ability to enthusiastically share those. If you could help younger women to accept that Men Are Different (i.e. are wired to see them as Women first, then as their Job-Title second) you could do all of us a favor by ridding the workaday world of the NEED for these Girls-Only Clubs. Men seeing women co-workers as Women is a good thing, at least that's the way I always looked at it. But I'm old, rather than feeling oppressed by men and the so-called Male-Gaze I found it "invigorating." Imagine the outrage at a Mens-Only Mentoring Society...
I personally think women are too smart to jump in now. They first wait until we men have made such an incredible mess that we got ourselves into an inexcusable, horrible and unforgivable tangle that the IT-Sec industry eventually will need to cry for help. Reasoning:
1. Most breaches in even the largest organizations in the world have been caused by leaving years old, basic vulnerabilities open. Nothing to do with highly intelligent hackers or APTers, just caused by deplorable, messy, irresponsible housekeeping by IT staff not interested in the boring disciplined fixing of existing holes, but mainly in exciting new development. I hear them all complaining - but that is too haaaarrdd, that is waaaay too difficult. No, not true!!! It is a totally inexcusable neglect of duty!! Caused by ego, total lack of discipline and laziness, not by the overriding urge to responsibly do what they need to do to keep the organization safe.
2. Where those organizations then all try to fix this hole by hiring the best wonderwand type of IT Security experts, who will make sure all hackers attempting to breach the organizations are stopped by these Asterix and Obelix type of miracle workers. As if they believe in fairytales. Because it is an uneven battle - one or two against 45 million, where most of those hackers easily outsmart the legally employed -would like to be- hackers. Because really good IT-Secs are nowadays impossible to come by. Much easier to come ones that SAY htey are good, with some vage story about having been a (sort of) hacker themselves years ago. Advice: do NOT trust them!!!
3. The IT-Security Industry hungry for more profit as always has found a new perfect method of generating extra income. Because IT Management propose to the board the deployment of million dollar costing SIEMS and Threat Management systems, with multiple million dollar costing implementation teams, resulting in 99% of all cases in totally non- functioning, total waste of money systems. Resulting in firing the incumbent CIO and hiring the next one, kick-starting the exact same initiative, burning even more millions in the process. Just in case, all those largest organizations in the world that got breached ALL had a SIEM!!! All spent millions on, as they found out, ineffective IT security measures.
4. The organization gets breached anyway, With many more millions in direct and indirect costs. Too late to grab the problem by the roots, and give all IT-staff a major kick in the butt, for not have the discipline to keep all systems fully patched at all times.
5. Because preventing breaches can be simple. You do not need to outrun the bear, you need to outrun the other organizations. The one that get hit are those that got spotted with some open BASIC vulnerability dating from 2012, 2013 or 2014. Unbeknown to IT, CIO, Sr Management and Board. Until they get caught and are set to shame publicly.
Because Women are better at keeping things clean, and not satisfying their egos the way men do. And they are smartt, waiting for men to burn themselves to ashes. Giving it a little bit more time to make sure they burn well. They are working on outrunning the bears right now.
Share Your Thoughts: