Celebrating Women In Cybersecurity
Female underrepresentation in Cybersecurity is a complex issue with many factors. I believe it is related to common stereotypes about what women and men are good at and what careers are “appropriate” for each gender. Cybersecurity is not the only field where this disparity is large and obvious. I think about professional conductors, where only 10% of orchestras are led by women. There is no shortage of musical talent for women who want to be conductors, but there is a barrier to success in becoming one professionally.
Young girls have broad interests. As they grow older, societal norms, peer pressure, and stereotypes start to narrow their interests. When they start thinking about careers, children and teenagers obtain cues from what they see. Advertising, television shows, movies, and social media are where a lot of these cues originate. Representation throughout all these channels sends important messages about what women can achieve.
Many years ago at a conference, I attended a Women in Information Technology event. As we were chatting after the session, we started talking about this issue. Why were we in computing and so many others weren’t? We discovered two common themes: 1) we had fathers who worked in computing, or 2) we went to women’s colleges. What we saw growing up was a natural ease with technology that led to possessing the same comfort. When we attended women’s colleges, we were empowered every day to be successful in whatever endeavor we chose.
Comfort with technology and empowerment to succeed are what we need to show girls and teens every day. It cannot be limited to just those who have positive experiences in their homes and education. Societal messaging needs to change the narrative.
2. What are some of the things that got you interested in cybersecurity and were there any resources that helped you as a woman that could potentially make more women want to pursue the same career path?
I enjoy solving complex problems and implementing creative solutions. Cybersecurity is custom-built for problem-solving. Every day, even as a senior leader, I am faced with issues that need solutions. We need to accommodate our users and clients and ensure that they are successful in their daily work and our overall mission. But how do we facilitate that work and still keep our people and our institution secure? There is never one, easy solution to that problem.
Every time I think I have solved something, an exception arises where I have to pivot my thinking and solve it again. Cybersecurity is a field where the work is never done. The criminals who relentlessly try to steal money, steal data, or disrupt our operations are never going to stop thinking of new and creative ways to achieve their goals. In Cybersecurity we have to constantly adjust and change our own tactics to safeguard our information. Every day is a challenge, and I thrive by meeting those challenges and helping to solve them.
We need women to know that Cybersecurity is fun. We need to promote and emphasize the aspects of the role that are not normally discussed. We need to change the public perception of what it means to be a Cybersecurity, Information Security, or Data Privacy professional. We should be asking girls and women what they want in their own careers to be satisfied and successful, and then tell them what roles in Cybersecurity meet those goals. This is how we flip the conversation.
3. What can you say about your experience climbing the corporate ladder to where you are now?
My career path has not been a straight line from an entry-level position into successive roles with increasing responsibilities. When I started my first computing role, I did not want a career in Information Technology and had no concrete advancement goals. I was a good worker and a good learner, and my talents and skills grew along with the positions I held. I quickly found what I enjoyed and settled into a successful career in Network Engineering.
I had periods of unemployment and underemployment, and when I was able to return to my field I was humbled by my previous experiences. I worked harder and smarter, and re-launched my career on a path towards strategic leadership.
I never relied on my current employer to give me the next opportunity. I did not come into any position assuming that I would be promoted. I paid attention to the people, the culture, and the experiences of others, and identified when and how it was appropriate to seek out another employer for advancement.
I pivoted to Cybersecurity when I identified institutional and cultural issues that I was no longer comfortable with. I knew there was a need for a dedicated Information Security role, and I proposed to my CIO that I was capable and willing to be the first. This enabled me to move out of a position where I no longer felt successful and into a new specialty where my existing skills were wholly applicable. I was scared I would fail and terrified of disappointing my supervisor and my institution. But I broke through these self-imposed barriers and found success. If I had not taken that bold step, I would not be where I am today. Taking risks does not always produce positive results. However, if I had shied away from risky decisions, I wouldn’t have moved forward in my career.
It is important to remember that advancement does not always include a title change or clear promotion. I applied to my current position because the institution was significantly larger. My current role gives me the opportunity to lead complex initiatives, manage a bigger team, and act as a change agent for a larger, more diverse community. Moving upwards sometimes includes moving sideways. There are many opportunities to broaden and strengthen one’s skillsets and they don’t always fit into the standard path of climbing the corporate ladder.
4. What goals, in terms of diversity in cybersecurity, would you like to see companies striving toward? What concrete measures could be implemented?
Companies should focus on best practices around hiring that remove barriers to women and other underrepresented communities. Efforts must be taken to remove unconscious biases from hiring practices. Many companies have started implementing blind resume techniques, where application materials are carefully redacted to remove indicators of ethnicity, gender, age, geographic location, and status (for example, an ivy league education). Removing these indicators ensures that search committees only focus on the required and preferred qualifications of the candidate pool. Committees should also agree prior to interviewing candidates exactly what their objective criteria will be. By creating clear matrices and rating candidates on those criteria, decisions become less subjective.
Blind hiring techniques are proven to work. Using another example from music, orchestras had a critical shortage of female members until many of them implemented blind auditions. The impact was to increase the percent of women musicians from 6% to 21%. Devising new ways to remove bias in hiring could have a major impact on representation in Cybersecurity.
5. what would you say to women who have not considered cybersecurity due to the lack of coding/programming experience?
Cybersecurity is a broad, diverse field. The skillsets required to be successful cannot be distilled into just one area of Information Technology. Some roles require coding and programming experience. However, many roles do not. Baseline technology experience does not have to include coding.
There are many resources for those looking at Cybersecurity careers which outline the required and preferred skills. These include networking, systems, desktop, application support, training, and communication skills. There are so many skills that can contribute to the profession and we need to be vocal and visible about how these skills match to successful careers.
My degree is in Historical Musicology. My computing journey started with Desktop Support and pivoted to Network Engineering. I then picked up Systems and Telecommunications and moved into management and leadership. I recently told a class of cybersecurity students that one of the key learned skills that I apply to my job is how to analyze music. A musical composition tells a story, and deconstructing a piece informs us of the composer’s process and intent. Similarly, the investigation of a cybersecurity incident requires careful analysis and deconstruction, to uncover and realize the original intentions of an attacker and determine their success. We start with a trove of data and information and break it into its smallest pieces.
When Women in Cybersecurity are visible, perform outreach, and tell these varied stories, we can demonstrate with our own experiences how our diverse skillsets contribute meaningfully to the profession.
6. What do you think about mentorship, especially in cybersecurity?
Mentorship is an important component of any career journey. There are different kinds of mentors who can serve different roles. Mentors can be supervisors who help guide their employees into their next role. They can also be professionals in at other companies.
I am particularly fond of peer mentors, who are those at the same career level. These are people who work in similar positions and can use their own experiences in their role to provide objective feedback and support. These are structured relationships as opposed to networking opportunities. Peer mentors meet regularly and prioritize their meetings as a key part of professional development and support. They are also two-way mentor relationships, where individuals give and receive support equally.
It helps to find mentors in any of these capacities who reflect who we are and what we aspire to be. Those who are similar to us can sympathize, empathize, and relate to our experiences. However, this isn’t required, as many professionals are allies and can provide meaningful mentorship.
I believe we should choose our mentors and not have them assigned. The person being mentored needs to make sure her own needs are being fulfilled and that she is evolving as a result. It isn’t enough to have a mentor, it should be a fulfilling one.
7. Finally, if you could give advice to the cyber-enthusiast and entry-level women reading this, what would it be?
Persist. I don’t want to see women give up on their career goals because they encounter barriers that they believe they can’t overcome. If a job interview doesn’t work out, send out more resumes and try again. If a job is too uncomfortable – due to culture, pay, benefits, or unfair treatment – leave the job, but please don’t leave the profession. Understand that people are rooting for you. Whoever you are, wherever you are in your journey, there are countless women who have come before you who want to see you succeed. And if you feel like you can’t keep going, if you feel that persistence is too hard, if you feel that the barriers are too high, know that you are not alone. Reach out for support, and let us help you in your journey.
Chief Information Security Officer (CISSP, CRISC, Security+)
2yThis is amazing to see and very much needed. Also great choice highlighting Emily Harris, CISSP, I have great respect for her perspectives and insight. Congratulation Emily!
Cyber Security Staffing Specialist. Contract and Permanent
2yThis is brilliant work Fatimah. The more we talk about Women in Cyber, the more women everywhere will be encourage to join this fabulous industry. Thank you
Business Risk and Compliance specialist, helping businesses pivot and adopt successfully to the changing market.
2yThis is great - looking forward to hearing and learning more!
Business Risk and Compliance specialist, helping businesses pivot and adopt successfully to the changing market.
2yTatenda Maxine Mwenje
Cyber Security Professional | Cloud Security | Red Teamer & Incident Responder - | SANS GCIH | OSCP |
2yThis is amazing, Great Job.