Eleven percent isn’t nothing — you wouldn’t brush off an 11% risk of injury or cyberincident — but when it comes to representation in the workplace, being in the 11% can be daunting. And 11% is women’s representation in the world of cybersecurity.
Considering that cybersecurity faces an alarming shortage of talented workers, you might think the solution is simple: help get girls interested in tech. As it turns out, reality is a lot more complex. For starters, getting girls interested isn’t a problem. Complex problems appeal to us at Kaspersky Lab, though, and so we continued our exploration with a daylong conference called CyberStarts.
The downsides affect the women in question in some obvious ways, and they are also to the detriment of the industry; and the world it serves.
As in cybersecurity, identifying a problem is followed by poking at potential solutions to figure out what has and hasn’t worked in the past, what’s working now, and what else to try next.
Good morning: The first step is admitting you have a problem
It’s a terrible and sad fact that every woman on the planet has war stories covering the gamut from having ideas and family needs discounted at work to sexual assault in the workplace or at industry conferences. We are still in an era in which those stories must be spoken out loud, for reasons every bit as broad as the stories themselves. To begin with, when the men in the boardroom think they’ve helped by making a directive to consider woman applicants equally, actual hiring processes may not bear that out, and women may surprise them by pointing out the continuing need for inclusive codes of conduct and other policies. More on that in the next section.
From the morning keynote — by the Electronic Frontier Foundation’s director of cybersecurity, Eva Galperin — the conference segued into a panel discussion featuring Kasha Gauthier, from the Advanced Cyber Security Center, Sara Munzinger of Carbon Black and Lesbians Who Tech, and Pam Stenson, from Alta Associates and the Executive Women’s Forum. Both sessions circled around themes of girls and women becoming interested in tech, overcoming discouragement to enter the field, and persevering.
To sum up the apparently universal problems:
- Women new to cybersecurity jobs find themselves in the minority
- New women in tech — also known as former teenage girls — are exceptionally vulnerable and likely carry strong memories of having little control over their technological lives and simultaneously being attacked technologically (e.g., hacked or phished) and/or socially through their tech usage (e.g., cyberbullying)
- They may be overlooked (sometimes literally) in meetings and at industry conferences
- They may be subject to sexual harassment or assault in the workplace or at industry conferences
- Like their male counterparts, they would benefit and feel more like productive contributors with mentor–mentee relationships, but with so little female representation, mentors are hard to come by
How diversity benefits us all
Is it actually a problem that the industry is full of men? If girls were more interested in cybertech, or better suited to it, they’d be in cybertech, wouldn’t they?
Well, no. Certainly not according to the CyberStarts morning crew, who pointed out that women tend to be well-suited to high-tech jobs (our research agrees). On the panel, Munzinger and Stenson briefly described how cybertech’s rich field of opportunity attracted them from other and adjacent fields. And Gauthier added some of the ways in which she sees women as naturally suited to the field: “Women are natural problem-solvers; we’re natural collaborators; we’re natural question-askers and envelope-pushers in many ways….Infosec really needs those skills.”
The broad challenge, as they see it, is less that of attracting women to the field (i.e., having a pipeline) and more that of retaining them (i.e., fixing the leaky pipeline).
And why should the industry care? That’s an easy one – the more voices, the better the results. A bunch of people with similar experiences, outlooks, and incomes tend to create projects and products that address their own needs, not necessarily the needs of everyone — and each person’s experiences and ideas reinforce those of the others, creating an echo chamber.
A group of men might not anticipate the needs of many mothers to feed their families at the end of the workday, for example, or why products for women’s health would have any appeal. A group of middle-class folks might unthinkingly locate an office in a spot not served by public transportation or some well-meaning men, thinking hard, might create a pen for women and pat themselves on the back. Ask the inventors of various connected technologies about their motivations and expectations, and almost to a man, they didn’t realize their creations might be used to do harm. Sit with that last one for a second.
Good afternoon: Moving the industry forward
Although it can be gratifying to share information and gripes about what’s not yet right in our industry, at some point we are compelled to look toward the future — you know, the part where we save the world.
To that end, our afternoon keynote, from BrainBabe founder and founder and CEO of CyberSN Deidre Diamond, directly addressed the pipeline: hiring and retaining diverse talent in cybersecurity.
Although the personal and interpersonal elements of a workplace don’t appear in standard budget worksheets, studies have shown that EQ (the emotion quotient) is in fact tied positively to revenue, Diamond pointed out. Her mission, therefore, is to help make healthy matches between talented people on both sides of the hiring desk. She looks at a range from the “cyberobvious,” such as in IT, to the really not obvious, such as in noncyber c-tier roles, and plenty in-between.
An ongoing, iterative process
Diamond, as well as the afternoon panel — on female leadership in the workforce — talked about methods of evening the hiring field, including blanking out the names atop résumés. They, too, spoke of the need to retain, not simply hire, a diverse field of workers. Fifty percent of women who enter tech jobs leave within three years.
To begin, they broadly agreed that “everyone hates [the concept of] the work–life balance.” Essentially, they pointed out, when women entered the workplace, they didn’t leave their life responsibilities behind, and those responsibilities don’t begin and end at 9 and 5 (or 8 and 6). Therefore, an inclusive workplace may need to reckon with flexible schedules, remote work, and needs a previously male-dominated space didn’t anticipate, from the feeding a family at the end of the day to crafting respectful communications policies and codes of conduct.
- To respect religious (or nonreligious) diversity, use floating holidays
- Instead of requiring workers to enforce their own boundaries, craft work with boundaries
- Watch the results, not the clock
SafetyPIN founder and CEO Jenny Thompson, part of the afternoon panel, noted as well that women in particular may need a path back to the workplace.
Threatpost’s Lindsey O’Donnell moderated the afternoon panel, representing female leadership in the workforce, with Thompson, Prompt Inc. founder Hazel Butters, Alena Reva, Kaspersky Lab’s vice president of Human Resources, and Addie Swartz, founder and CEO of reacHIRE.
In addition to the abovementioned, somewhat general points about women successfully entering and navigating today’s workplaces, they also spoke directly about cybertech work and careers. Rising and thriving in an admittedly male-dominated industry does have certain challenges, such as proving oneself in areas where women’s competence is still very specifically questioned.
Before closing the conference, the leadership panel offered some cybertech-savvy tidbits:
- Especially when you’re the only woman, or in a tiny minority: Pick your battles
- Watch and learn from women who are making it, sticking with cybertech jobs against the odds
- Be mentally prepared to be in the minority in cybertech, and don’t be afraid not to fit in
- Get advice from HR when you need it, and remember that you’re in demand
- Relish being unique
- Be inclusive, and don’t reject the ideas and knowledge of established players — diversity includes everyone
- You’re going to have to be better. You just are. But the good news is, we are.