When you hear the term birds of a feather do you finish the sentence and say flock together? Do you think of like-minded people spending time together? I had written an article on the topic a while ago with the focus of hiring and retaining top talent in general. But this time I am turning the focus to cybersecurity and the female gap since it has been a hot topic in the cybersecurity field and the primary focus for researchers and organizations for the past few years.
As a woman in cybersecurity since 2005 there has definitely been a noticeable imbalance, but at least I never have to wait in line for the bathroom at a conference. But in all seriousness, this is a topic I want to address. We all know the gap is there and that filling it is important for many reasons. From a strictly pragmatic perspective without more women we will never have enough people to close the gap on the million-plus job openings predicted in this field. Not to mention that women think differently, solve problems differently, and lead differently and different is what our industry currently needs more than just warm bodies to fill open jobs.
Therefore, if birds of a feather flock together and there are not enough women in cybersecurity, then their fellow female birds (no negative connotation meant here) are not going to flock there either.
The solutions for attracting more women will not come from just one source. It has to start with girls and young women who are in school trying to decide what they want to do with their career seeing female role models in this field. It involves mentors and managers who know what great cybersecurity talent looks like and can help encourage a new generation of female workers to explore the possibilities. It also involves a change in how the industry hires and looks at experience and certifications.
I think the biggest challenge is the misconception of what people think cybersecurity is. Most people outside the field think it is for someone who is into computers and technology or that it requires a computer science degree or the ability to write code. In reality it is for all sorts of people: creative people, problem solvers, visionaries, techies, writers, communicators, and more. I have a bachelor’s degree in accounting and a master’s in computer forensics. The degree in accounting led me to be a good auditor, which is an important skill in cybersecurity and the degree in computer forensics taught me how to solve puzzles, ask questions, and think creatively. It had a small focus on computers and networks, but nothing from a security perspective.
I was fortunate to have a group of guys (yes, all guys) in 2005 look at my resume and say we need her audit background and they were willing to mentor and teach me. They started me off slow with the responsibility of physical security testing for our client. That moved quickly to being the person doing the UNIX testing and before I knew it I was testing all sorts of things. They gave me the questions to ask. I asked, took notes, went back to the office and said “what does this mean” and they told me. Then I asked “what do I ask for to validate the response?” They told me. Then I asked them to help me interpret the results, and they did. It didn’t take long before I asked less and less and knew more and more. I am incredibly grateful to that group for giving me start in a field I knew nothing about.
However, I don’t think it’s that common for people to get that kind of opportunity and I don’t know how many women would have felt comfortable jumping into the unknown without at least one other women there with them. We need to do a better job with our message and to proliferate it through speaking, writing, and educating people of all backgrounds and all ages on this. A parent can’t suggest cybersecurity to their creative artsy child if they have no idea how the field could benefit that child. A teacher or career counselor who mentors young adults needs to understand that this hot field relates outside of the stereotype of computer geeks and guys in hoodies. We need more cybersecurity professionals, especially women, to start getting out and speaking, mentoring, and flocking together to bring more women of all ages to this great industry.
Bringing more women to the field who will then bring more women to the field also requires that we hire differently. The job descriptions used to attract talent typically use terms that people outside the field won’t understand. However, your next great cybersecurity professional can come from a completely different background like I did in 2005. If you are a hiring manager or leader who can teach the security basics to the right employee, rethink how you write your job description, especially when bringing in entry-level talent.
Do they really need to have a security certification to do the job or is that something they can obtain with your help later? Do they really need to know networking, ports, and protocols or the OSI model? What is it that they must be able to do right out of the gate and what can they learn from you, on the job, or in a class?
Now it’s my turn to help others enter this field, my turn to teach and mentor and explain what we need. It’s also your turn, if you have been at this for a while, to give back and teach others. Find opportunities to speak at schools, speak to teachers, speak to counselors, speak to parents, speak to college students, and let them all know that this field is fantastic for so many people. Then be the hiring manager who looks for the diamond in the rough, the female with little to no security experience, but with a drive to learn, an ability to solve problems, a willingness to think outside the box, and great communication skills. We need more great communicators in this field.
These ideas are not the end all be all solution to the diversity gap, but with more women seeing that cybersecurity is a field for them, more women will join our ranks, and they will attract more birds like themselves. This may mean that I have to start waiting in line for the bathroom at security conferences, but that’s a small price to pay for improving our numbers and providing great careers to so many more people.
About the Author:
Sharon Smith is the founder of C-Suite Results. Since 2005 Sharon has worked globally with companies from a single location to Fortune 100 providing consulting and advisory services around their security and compliance initiatives. She is currently a CISSP and has held the CISA, CEH, CFE, and PCI-QSA certifications.
Sharon expanded her education as a professional coach and has a deep understanding of what is needed to keep a security team engaged and productive. She received her Bachelors in Accounting from Eastern Michigan University and her Masters in Forensic Science, High Technology Crimes from The George Washington University.
Disclaimer: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of EC-Council.