Growing ransomware attacks aren’t the only issue concerning the cybersecurity industry today, according to experts on this episode of The Insuring Cyber Podcast. Another concern within the cybersecurity workforce is the gender gap.
“I do believe that whatever we have done until today to encourage more women into the cybersecurity field, it is still not enough,” said Dr. Magda Chelly, a cybersecurity professional, former chief information security officer, public speaker and entrepreneur. She describes herself on Twitter as a cyberfeminist and also founded Women on Cyber Singapore, an organization that offers training, mentorships, events and scholarships in cybersecurity, as well as career advancement for female professionals aiming to start or continue a cybersecurity career.
“I feel like cybersecurity really, truly requires a general shakeup,” added Theresa Payton, CEO and chief advisor for cybersecurity consulting firm Fortalice Solutions and author, with her latest book titled Manipulated: Inside the Cyberwar to Hijack Elections and Distort the Truth. Payton also previously starred in the former CBS TV series, Hunted, a reality show in which teams competed to stay off grid and disappear in today’s digital world.
These two women joined the latest episode of The Insuring Cyber Podcast to discuss the lack of gender diversity within cybersecurity and how the field can work to become more inclusive when attracting talent. This is something Payton knows all too well after making history as the first female to serve as white house chief information officer overseeing IT operations for George W. Bush and his administration from 2006 to 2008.
“At the time, it was interesting, because as I was walking around my first day and getting introduced to the team,” she said, “I kept having different people once in a while say – I’m paraphrasing – but something to the effect of, ‘Oh, you’re not what I expected.'”
Indeed, Washington D.C.-based thinktank New America reported that although the number of women in the cybersecurity field is increasing, it’s still an overwhelmingly male dominated industry.
A recent (ISC)2 cybersecurity workforce report found that according to survey results, women currently account for about one quarter of the overall cybersecurity workforce.
The New America report cited a 2017 Global Information Security Workforce Study on Women in Cybersecurity from the Center for Cyber Safety and Education, (ISC)2, Alta Associates, and Frost and Sullivan, which found that women at nearly every level of cybersecurity are paid less than their male counterparts, and more than half of women in cybersecurity report that they have experienced discrimination, compared with only 15 percent of men.
Payton said she believes the lack of gender diversity is partially because the cybersecurity field has a branding problem.
“What image flashes in your mind when you hear the word cyber crime? Is that image a room filled with happy, diverse, productive people making a difference? Or is it a guy hunched over his computer wearing a dark hoodie?” Payton said. “If you’re a woman looking at the next 30 to 40 years of your work life, which career would you choose? One that looks ominous?”
She said that to dismantle hurdles not just for women, but for all underrepresented groups in the industry, hiring managers need to expand their criteria.
“Degrees and certifications might be an indicator of a successful hire, but it should not be the only one,” she said. “Really, the best cybersecurity professionals, and women especially, are insatiable learners. They’re highly skilled problem solvers. And they’re always thinking about designing for the user without underestimating the adversary. So I always say take a chance on a different degree or a different background and invest in cross training so that you can attract more women.”
She added that representation goes a long way, as role models and encouragement are vital for attracting underrepresented groups of professionals to the field.
“I firmly believe that although we lack D&I (diversity and inclusion) in cybersecurity, and it’s a compounding problem,” she said, “we don’t lack talented women who are out there looking for their next career opportunity.”
To those women, Dr. Chelly said it is important that as the field aims to broaden its scope when seeking talent, female cyber professionals also broaden their minds as to what their careers can look like.
“Do not assume that a career looks in a certain way, that your job will look in a certain way, and that you need to do things in a certain way. Those are all preconceptions,” she said. “Everyone has his own or her own journey. So depending on your life experience, depending on what you want, you will be able to build your career and your life as you wish.”
She added it is important to remain open to learning and evolving with specific goals in mind.
“It is really important to be sure that you understand what you want to achieve, what are your goals that you are looking towards, and that you are able to judge yourself in a very objective way,” she said.
However, she offered one additional word of advice.
“This does not mean that, for example, a female professional needs to achieve perfection,” she said. “Perfection does not exist.”
In fact, letting go of the idea of perfection serves as an important lesson for companies and individuals when thinking about their cybersecurity as well.
“There is no 100% security,” Dr. Chelly said. “No matter what every company will do, no matter what an individual will be able to do around their own cybersecurity, there is always a residual risk. And therefore, there’s always a possibility that someone, somewhere, will be hacked.”
This is where monitoring comes in as an important tool for prevention and reducing the impact of cyber events after they occur, she said, adding that another tool that is crucial for companies is cyber insurance.
“Whenever we are actually exposed to a cyber attack that is successful, we might actually have or incur really big financial losses. And therefore, those financial losses might actually have a negative impact on our business, on our cashflow,” she said. “What can help is cyber insurance.”
It’s no question that as attacks continue to evolve in both frequency and severity, the cybersecurity field will need a broad array of professionals who can provide education and services for companies and individuals in need of protection.
“In order to address this shortage of diverse talent and women in cybersecurity, we really need to focus on the fact that there are lots of talented and strong women in the workforce,” Payton said. “We just need to attract them and give them the mentors so that they’ll come on over and fight cyber crime with the rest of us.”
Check out the rest of this episode to find out what else Magda and Theresa had to say, and be sure to check back for new episodes of The Insuring Cyber Podcast publishing every other Wednesday along with the Insuring Cyber newsletter. Thanks for listening.
Was this article valuable?
Here are more articles you may enjoy.