The technology sector has a gender diversity problem. With traditional employee pipelines failing to produce enough STEM workers to fill open positions in a demanding workforce, gender diversity has taken center stage. In order to increase the number of available workers that companies across sectors require to work in tech, many experts point toward increasing the number of women in the field.
Nowhere is the gender diversity gap in technology more apparent than in cybersecurity. In 2015, (ISC)2 reported that for two years, the number of women globally in the cybersecurity profession remained unchanged at 10% of the workforce. A 2016 study from Women's Society of Cyberjutsu found 11% of the cybersecurity workforce are women.
Though the outlook seems grim, female leaders in the cybersecurity sector are working from within the industry to create a more diverse and inclusive work environment in both cyber and STEM.
At RSA 2017 in San Francisco, CIO Dive spoke with women leaders in cybersecurity shaping the industry through thought leadership, mentorship and a commitment to diversity. Here’s what they had to say about gender diversity in cybersecurity and across fields:
Kris Lovejoy, president of BluVector
"I think part of my reason for not [originally] getting into a technical field was my role models. I hated my math and science teachers and they were men. I couldn't talk to them, I didn't have any mentors. Whereas, I could tell you the name of every one of my English and social studies teachers that were women and I loved them …
From a hiring perspective, recognizing that, I find it when my own guys review resumes, they're looking for the unicorn. They want to see everybody has all of the various check boxes checked. I keep telling them, the best hires I've ever made are people that sometimes have more sizzle over substance on a resume. A lot of women they're going to be interviewing are going to miss a lot of those check boxes, so give them a chance."
Angela Messer, executive vice president at Booz Allen Hamilton
"When you look at it operationally, when you really are solving a company or agency cyber problem, it's not a one person deal. It's a team. Women actually contribute significantly to teams, they help build teams, and there's some softer skill sets there that they're actually better at. By the way, you need those soft skill sets in a cyber team …
Cyber is only successful if those that are trying to defend and operate are curious themselves, work well with others and use the whole team."
Jennifer S. Steffens, chief executive officer at IOActive
"I think having more women in security and having more diversity across every aspect is important. I would say that we're fighting an ever-changing adversary that doesn't care about gender or race or upbringing or anything else, and so we shouldn't either. Bringing together more perspectives, more brains are going to try to solve things in different ways is critical ...
It's good seeing women get more involved. I think it's important that the women who are in the industry try to be role models and make the industry a more welcoming place for the younger generation. As an industry, we should really be focusing a lot on the kids too, especially coming from a company where it's really really hardcore technical skill set. I'm excited about the groups, projects and toys that are coming out trying to get little girls and boys interested in coding and hacking at a young age, and not kind of shepherding them into a different avenue, so to speak."
Edna Conway, chief security officer, global value chain, at Cisco
“The ticket to success, for example, is if you have a supplier scorecard, you're already measuring quality, lead time, cost, innovation. Security should be on that scorecard. Not a separate security methodology. So it gives us an opportunity to really move security into the future. It also gives us an opportunity to bring in new talent with new vectors of thought into the security family rather than the traditional, 'here's what you need to understand.' It doesn't mean you don't need to understand IT. Of course you do. But bringing in that perspective will make us all the more stronger.
It also opens up the aperture to get more women in, because a lot of the places where you see a smaller number of women are in the traditional engineering, science, computer science arenas. When you start thinking about who can add value ... Thinking about that in that unique way gives us not only an opportunity to make security better, but also open our minds and keep our eyes open to bring others into the fold who would add diversity to the portfolio, both from gender, from background and from unique educational background."
Elizabeth Lawler, CEO and co-founder at Conjur
"It's important for us to get out. For me, public speaking was never something that I loved doing, but I do it now and I do it precisely for that reason, which is to get out and show a different kind of face. In the industry, as a woman who's building a business, as a woman who's a technical founder, it's important for people to see that and for young women to see that …
I can see it sort of shifting in the younger generation that there isn't this aversion to stepping up and saying, I'm interested in science, I'm interested in math, I want to do something in tech. It's our job to keep pushing that … It will get better but I think it's going to take an aging out."