One of the key tenets of this year’s International Women’s Day is improving equality for women in tech, including cybersecurity. The official campaign highlights the importance of visible diverse role models in inspiring women and girls to study and pursue a career in the sector, noting that “girls who only interact with male STEM educators reinforce their negative stereotype that they don’t belong in STEM.”
It is the need for the spotlight to be shone on inspiring female role models that Infosecurity spoke to Kathleen Hyde, chair, cybersecurity programs/assistant professor at Champlain College in Burlington, Vermont, ahead of this year’s campaign. Hyde gave insights into her experiences working in cybersecurity over the past two decades consulting for small to mid-sized businesses, and discussed trends she is seeing around women and girls in the talent pipeline from her position in the higher education sector.
Infosecurity Magazine: What inspired you to pursue a career in cybersecurity? Was a lack of female role models and representation in the field a challenge for you while studying to enter the sector?
Kathleen Hyde: My adventure in cybersecurity – and yes, that's what it's been – happened by chance. I started in IT and it became a necessity, as threats and attacks became more prevalent, for me to move into a cybersecurity role, providing security solutions directly to clients and supporting organizations with their security initiatives and projects. I actively began to pursue a career in cybersecurity when I realized I could use my knowledge of information systems and varied skill sets in new, different and exciting ways that challenged me.
While many cybersecurity positions are specialized, when I started my career, it wasn't uncommon to be reviewing log files in the morning, designing security architecture in the afternoon, and authoring policies in the evening. As much as I loved the work, when I entered the field a lack of female role models was an issue.
In the first conference that I attended in person there were few women in the conference sessions, although it was apparent by the participation levels on the panels at the conference that the effort to make the cybersecurity industry more diverse was underway. For me, this lack of role models and mentors probably wasn't as problematic as it could have been had I not experienced the same issue when I began my career in IT. There have been many times that I've been the only female in the room.
IM: Do you feel that you experienced any additional barriers while navigating your career in the industry due to your gender? If so, how did you adapt/react to these challenges?
KH: I'd love to be able to say that my gender has never been a factor in my ability to advance in my career, but I can't. In a way, it's been a blessing and a curse. What I have found is that with the desire for the industry to become more diverse, doors have been opened for me that likely wouldn't have been otherwise.
On the other hand, because organizations want to be viewed as embracing diversity, there's a desire to include women in initiatives simply for the sake of including those who are female-identifying. It's difficult to navigate when you think that an opportunity is an open door and instead you find out that you've been invited to the table because diversity is good for business. It's also disheartening when your voice is not heard or you don't receive an invitation and you're ‘the’ person – because of your unique experiences – who can speak to a particular topic or issue.
Staying the course can be difficult. It's absolutely necessary to develop a thick skin and have a strong support network. I've had to do both. For me, the thick skin acts as insulation so the challenges posed by being a woman in cybersecurity don't become distractions from your work, your career goals, or both. Having a strong support network, inside and outside industry, is also essential. There will be times when you need to ask questions or check your perceptions, solicit advice or vent after a bad day at the office. Having allies and champions can go a long way!
IM: How have the experiences for women working in cybersecurity changed since you started working in the industry?
KH: They have changed dramatically. First, there are many more women working in senior level roles in industry today than there were when I first started my career in cyber. What does that mean? There are more role models – there weren't many when I started this journey – for me and the young women who aspire to be cybersecurity professionals. Second, there are more women in general in cybersecurity, which means women applying for positions in the sector may find it a little easier to break into the field.
"It's absolutely necessary to develop a thick skin and have a strong support network"
A career in cybersecurity is no longer something that is novel. Third, there are more communities where women can learn, collaborate and network. Organizations, like WiCyS for example, bring together women from all over the world to share their experiences and knowledge. On a personal level, I typically no longer attend meetings where I am the only woman and I am now recognized for my achievements and industry experience more than my gender.
IM: In your role educating students in cybersecurity at Champlain College, what trends are you observing regarding female interest in working in cybersecurity?
KH: I have to say that I get very excited when I start thinking about how much has changed when it comes to cybersecurity education in the higher ed space. When I started teaching at Champlain College, the number of female-identifying students taking the cybersecurity courses was not at all what I would have expected.
Today, there are many young women and non-traditional learners who are deciding to study cybersecurity because they aspire to careers as security analysts, penetration testers and CISOs. What I find really interesting is that the number of women who are looking to cyber as a second career is growing. They've already been successful in one career. They typically become interested in cybersecurity because they have been one of the millions involved in a data breach, or maybe they know someone – or they have experienced it personally – who has been the victim of identity theft or ransomware. They see the media reports about the skills gap. Then, after deciding a career in cybersecurity looks interesting, they do their homework. By the time I am having a conversation with them, or they are taking a class with me, they are committed to cyber.
IM: What approaches/initiatives are you involved in which see to encourage more females to train in cybersecurity following high school?
KH: Currently, I am a member of the Champlain College Women in Cybersecurity Leadership Council that is working to help Champlain be the best college in the world for women in cybersecurity. This initiative, launched by President Alex Hernandez and co-chaired by alumnae Brianna Blanchard '11, G '16, and Jess Turner '22, will support female-identifying students and underrepresented groups in STEAM (science, technology, engineering, arts and mathematics) fields.
I am also personally involved in the creation of a program that will support high school students diagnosed with severe behavioral and/or developmental disabilities to increase their cybersecurity awareness, and in the future allow neurodivergent students to engage in cybersecurity/STEM career exploration.
IM: What advice do you have for women interested in pursuing a career in the sector?
KH: Be a sponge: Learn all that you can about the field of cybersecurity before making a decision about what you want your career in the field to look like. Many women I provide career counseling to don't realize the reach of cybersecurity. There are many different roles and responsibilities that involve cybersecurity. They may not be high visibility and yet an organization can't function without highly skilled professionals in those positions.
Network: So much of what happens in cybersecurity comes from interaction with others in the industry. Network so that when it's time to find a position in cyber, you have a team that can assist you. Word of mouth is still one of the best ways to learn about positions that will be opening up or are available now!
Take advantage of free resources: Women interested in pursuing careers in cybersecurity should try to never pass on opportunities to learn from others, whether it's listening to another woman in cyber speak, attending a free training or webinar or attending a free virtual conference. There's a wealth of information and knowledge that is free – available from the comfort of one's home. Many of these free resources are excellent. They provide insight into the field of cybersecurity, but also valuable knowledge about specific cybersecurity threats, vulnerabilities, attacks and strategies.