A lack of gender diversity remains a major issue in a number of industries, and cybersecurity certainly falls into that category. As well as reducing barriers to entry, cultivating an environment where women feel comfortable and want to work in the sector over the long-term is a crucial aspect of addressing the significant imbalance that currently exists between genders. This will enable more women to reach high level, influential roles in the industry, encouraging others to follow in their footsteps.
Sadly, evidence shows that women are leaving technical security roles at a far higher rate than men do, with culture of the industry often cited as a major factor in this. To discuss this issue, including her own experiences as a high profile woman in the industry, Infosecurity recently spoke to Lisa Ventura, founder and CEO, UK Cyber Security Association.
In what ways have you seen the impact and role women have in cybersecurity change since you first started working in the industry?
When I entered the cybersecurity industry in 2009 women were an even bigger minority than they are today. Many are still put off by stereotypical images of men in hoodies huddled over computers and by thinking they need to come from a technical background to enter the industry. Much more still needs to be done to encourage women to enter the cybersecurity industry, especially as 22% of companies recently reported a significant shortage of dedicated cybersecurity staff since the global pandemic hit. Involving women from a younger age in cyber is seen as a great way forward, especially with the launch of the UK Government’s CyberFirst Girls Competition in 2017.
In a recent article you penned for Infosecurity, you cited data showing that women leave cybersecurity careers at around double the rate of men, which suggests there remains significant cultural barriers. What are the types of cultural problems women regularly encounter in the industry?
Cybersecurity and tech has a perception problem; women don’t often see security or tech as a viable career path because they are still often considered to be masculine professions. This perception is often ingrained in women at a young age – they are taught that men are good at STEM and women are not. A lack of gender diversity is still apparent in cybersecurity, with many women still citing that they are one of only a couple of women in the room at their organizations. This is also true when it comes to events such as Black Hat, Infosecurity Europe or RSA; men make up the vast majority of attendees. As a result, work culture can get stuck in a cycle of unconscious bias, and women often feel they must push harder for recognition, promotion and opportunities. These cultural problems must be addressed for them to move forward in cybersecurity. Women should not feel intimidated, but they often sadly do feel that way.
“Women should not feel intimidated, but they often sadly do feel that way”
Have you had personal experiences of sexism in the cybersecurity industry that you’re happy to share with us?
I often get emails and post addressed to my husband as the CEO and founder of the UK Cyber Security Association. When I point out that I am in fact the CEO and founder, I often find that those who assumed that my husband must be the CEO and founder are taken by surprise. I have also been at expos where I am never approached when walking around the exhibitor booths. I am often completely ignored, but the salespeople on the booths will approach all the men walking past their stands and offer them a beer if it is ‘happy hour’ time. I call this beer bias.
What more can men working in the industry do to make it a more welcoming environment for women?
Quite simply, be supportive. I consider myself to be very lucky indeed because I have had nothing but support and encouragement from men in cybersecurity for what I do, nor have I had any unwanted attention from them – although that could change in an instant. It makes all the difference to be supported by men in the industry and to be considered an equal. Ironically, I cannot say the same about other women in cybersecurity who haven’t been as welcoming to me, as helpful or as supportive – but of course, there are a few who have. Overall though, my experience is that women are far less supportive of me and what I do, than men.
What particular skills and knowledge do women tend to bring to security teams?
Women bring a variety of skills and knowledge to security teams. They are often great problem solvers, actors, analysts and leaders. While we need people who can code, we also need people who can think like a hacker does. They don’t just try one way of breaching an organization; they try many ways, and women are often creative thinkers who can come up with those ways so their organization can work on addressing those weaknesses. Women often have a risk management mindset and think differently about tasks. As a result, they are often able to sort through the noise to identify threats.
Finally, how optimistic are you that we are moving in the right direction in regard to greater gender diversity in the information security industry?
Despite the ongoing pandemic and the cyber-skills gap that is still prevalent today, there is much to be encouraged by. Strong teams are thriving in the face of crisis, and more women are considering making the move into cybersecurity as one of the biggest growth industries in the UK. Building more robust cybersecurity teams is imperative for 2021 and beyond, and building diverse teams is a priority for many organizations. I am hopeful that the industry will change to be more welcoming to women.