Cybersecurity Ventures predict that there will be around 3.5 million jobs by 2021 in the cybersecurity industry, whereas, women represent only 20% of the global cybersecurity workforce in 2019. 
- Is there any initiative to bring women workforce into cybersecurity?
- By encouraging women to join cybersecurity, will we be able to contribute to reducing the cybersecurity talent-gap?
- What common challenges do women face to get into the cybersecurity industry?
- Would their demand be specific to location, or will they be able to occupy space globally?
To receive viable answers to these questions and to quench everyone’s curiosity of the scope of women in cybersecurity, we have turned to Abeer Khadr, a leading example of being a successful female leader in cybersecurity. She is currently associated as Information Security Director at National Bank of Egypt and is one of the founding members of Women in Cybersecurity Middle East.
About Abeer Khadr:
Abeer Khadr with 18+ years of extensive experience in information security and IT consulting-led numerous projects in various industry like banking, telecom, and more. She is an expert in the areas of information security strategy design, information security management systems’ implementation, policy design and implementation, security risk management, and standards compliance. Abeer has work experience on domains related to design, and delivery of security awareness, as well as security assessments and IT, audits. She is involved in the implementation of ISMS (information security management systems) in line with ISO 27001:2013; supported three organizations (banking – telecom industries) towards certification.
She has acquired various cybersecurity certifications, and few of the recognized credentials in the list of her achievements are Certified Chief Information Security Officer (C|CISO), Information Security Manager (CISM), Information Systems Auditor (CISA), certification exam for project management. She is also Certified in Risk and Controls (CRISC) and Governance of Enterprise IT (CGEIT) as well as ISO 27001:2013. She has been recognized among the Top Cybersecurity Executives in the Middle East at the Middle East security awards conference (MESA 2018); also awarded “Women Security Leader” at the MESA conference 2016. She has been Awarded “CISO of the year” at the Cairo Security Camp, 2016.
EC-Council, being a contributor of knowledge in the cybersecurity industry, has personally reached out to Abeer Khadr to learn the significance of female talent in cybersecurity.
Q1. How was ‘Women in Cybersecurity Middle East’ formed?
Abeer: In April 2018, and as part of attending MESA (Middle East Security Awards Conference), we were encouraged by CISO Council founder, Ahmed Baig, to meet and brainstorm what could be done to encourage women to pursue cybersecurity careers, provide them with support and eventually build on this diversity in the field, bridge the existing skill gap in cybersecurity. Nine ladies from four countries in the region (UAE, Egypt, Kuwait, Saudi Arabia) held their first co-founder’s meeting and put an initial plan of forming this initiative. Our co-founders are, Abeer Khedr (Egypt), Dr. Reem AlShammari (Kuwait), Basma Hmaidouch (Saudi Arabia), and UAE-based: Dr. Nedaa Al Barghuthi, Heide Young, Priyanka Chatterjee, Irene Corpuz, and Amal Al Hajeri.
We first started with creating a group on LinkedIn and Whatsapp, and we invited ladies working in or passionate about cybersecurity from the region to join our group. Throughout the first year, the group has grown from nine to over 430 members today. Our members are CISOs, consultants, security analysts, SOC specialists, and students. Also, we have members now from many other countries in the region, such as Oman and Jordan. We have expanded our channels of communication to include twitter and our own Youtube channel. We have also designed our logo to symbolize women’s contribution to cybersecurity, and we will launch our website soon.
Q2. What was your drive behind forming this event?
Abeer: The first gathering and networking event for Women in Cybersecurity Middle East group (WiCSME) that took place on May 1st in Dubai on the second day of the Middle East Security Awards Conference, and which also marks the first anniversary of the group, was planned to network with our existing members in the UAE and meet with new members who would like to learn of/support our activities and join our group whether they were attendees of the conference or who have flown in especially from other countries in the region. We have held country-level gatherings throughout the last year, but this was the first at the regional level.
The event was perceived as an excellent opportunity to interact face to face with our members, discuss our activities and plans and also listen to ideas from our new ladies of how we can promote cybersecurity careers to school & university girls, how to clarify their expectations of different career paths options in cybersecurity and even write a book on cybersecurity women of the Middle East, which were all very creative and inspiring ideas. We felt the enthusiasm and passion for collaboration from all attendees, and we will build on this going forward.
Q3. What have been your major success stories?
Abeer: The passion for knowledge sharing and supporting one another is the main characteristic of our members. This enabled us to have many success stories in the main streams of activities that we do in the group. We have organized several knowledge sharing sessions for our members discussing topics like cloud security, DNS security, and penetration testing tools and techniques. We also have a very active and rich threat intelligence & technical contribution stream which allows the sharing of threat information across the region which is very value-adding for our members because it takes you from your organization/country level perspective of threats to a regional one.
It is worth mentioning here that we are seeing tremendous support from women cybersecurity influencers who have generously taken the time to conduct talks with our ladies in the middle east, shared their career advice with them as well as their expertise in advanced security topics. We were honored to host Mary-Jo de Leeuw, who is global cybersecurity influencer and among top 50 influencers in the Netherlands. We also hosted Magda Chelly, another well-known cybersecurity influencer who talked to us about blockchain security and provided some great insights. An open discussion was encouraged during these talks, that we organize virtually to accommodate attendees from all the region, and members perceived the talks to be very useful and inspiring.
Our WiCSME group has also supported the first MENA region women capture the flag competition that took place in Egypt on December 2018 and had close to 50 participants. The competition was also supported by global women in Appsec who generously provided a remote session training to the girls before the competition. The winning team was flown to Amsterdam to enjoy a free ticket to HiTB conference as well as a few days’ vacations there. While visiting Amsterdam, the winning team from Egypt also participated in the Amsterdam women CTF.
Q4. What’s the end goal that you’re attempting to achieve with this initiative? Is there a numerical target in mind?
Abeer: There is no end goal, but rather, we aim to evolve and innovate as the technology does continuously. One of the goals is to continuously inspire and motivate women in cyber to pursue their dreams, collaborate to reduce the gender gap in cybersecurity, and share knowledge through the WiCSME platform. For those who are aspiring to be speakers, our monthly knowledge sharing can be a stepping-stone, to begin with, that desire.
Q5. What steps are being taken to ensure that women in the middle east are driven to work in the cybersecurity domain and are empowered to go forth in their career?
Abeer: While preparing for the women CTF, announcements were made to university undergraduate students who were encouraged to participate in the competition teaming up with graduate professionals. The training was provided, and they formed their study groups to prepare for the CTF. Also, as part of our monthly celebrity talks, we always encourage questions from the young ladies regarding career paths, challenges that they might face and how to overcome them. One upcoming planned activity is the “day in the life of a CISO, consultant, etc.…”. This will take the young ladies through the details of the different career paths within cybersecurity by shadowing the more experienced members during a working day. We have already some volunteers who are CISO, security product sales director, security services consultant, and we are currently organizing the schedule. We always encourage achievements of our members through recognition within the group to give them the necessary support and motivation to aim higher whether in their work or when studying to obtain cybersecurity related certifications required to excel in their careers.
Q6. Do you believe such an initiative could help in reducing the cybersecurity skill gap in the middle eastern countries?
Abeer: Definitely; our group aims to increase awareness of and draw attention to the many skilled women caliber in cybersecurity and the many more who have studied computer science and are interested in/passionately studying penetration testing techniques or fascinated with bug hunting and waiting for the right direction to pursue the cyber career further. If employers support this pool of resources in the making and draw from it, it will bridge the skill gap and contribute to creating diverse collaborative teams that benefit the companies and the different industries that need cybersecurity qualified caliber.
Q7. Is there a quantitative measure to assess the current and future achievements of this group?
Abeer: As previously highlighted we have defined nine streams of work activities in our group with leads defined for each stream; each lead will define the KPIs necessary to measure the performance of the stream and results will be shared with all group members in an annual report that will be prepared and shared by the cofounders.
In terms of metrics just like in any organization, during our first year gathering, the leadership brainstormed on metrics that will determine our targets to enable the measure of our success. These metrics include # of Knowledge Sharing Session (target is at least once per month); Number of Celebrity talks (target is at least once per quarter), Number of Affiliates meet up (Once per quarter); Number of publications in magazines (at least twice per year), Number of mentoring/coaching activities (At least one full session per quarter); “A-day-in-the-life of” publication (at least once a quarter). Mentoring sessions normally run in series. These are just some of the key KPIs that we have established.
It would be good if we can further measure the success by surveying our members to determine how many members not previously in Cybersecurity position are now in the cybersecurity field, company or industry; how many members have been promoted, and the members who receive recognition and awards. This will continue to inspire and motivate the whole WiCSME community.
Q8. What does the future look like for Women in Cybersecurity in the Middle East? What are the current major challenges faced?
Abeer: The future looks bright! In spite of many difficulties encountered, the demand for cybersecurity skilled resources will increase, and nobody can afford to miss out on women as valuable contributors that will bridge the skills shortage gap. Challenges faced by women in cybersecurity in the region are not much different from what women face globally especially around promotion to management levels in their career or finding the support necessary for them to carry on with their responsibilities outside work. However, women in the region may be quite lucky as many governments led initiatives in different countries of the region are promoting women empowerment. We are also seeing tremendous support for women by their male colleagues, especially among the new generations graduating from college. With the support of the whole community and the passion and determination of women, we strongly believe we will not witness low percentages of women in cybersecurity in the region shortly. We are confident that we will reach the desired equilibrium soon.
EC-Council expresses heartfelt gratitude towards Abeer Khadr for taking the initiative of inspiring the female workforce to be a part of the cybersecurity industry. It is a career path open to various professionals irrespective of gender, age, or background. The certifications help you gain respective domain knowledge and lead as a pro in the cybersecurity industry.
EC-Council is the world’s leading certification body and has many industry-leading certification programs on their portfolio. Certified Ethical Hacker (C|EH), the flagship program of EC-Council, is one of the most preferred credentials by leading employers worldwide. To learn more about our other certification programs, visit our website: https://www.eccouncil.org/programs/