The Daily Swig Web security digest

Women in cybersecurity: Mind the gender gap

Jessica Haworth | 08 March 2018 at 16:30

This International Women’s Day, we spoke to influential women across the industry to discuss what can be done to nurture female talent.

From Ada Lovelace, history’s first female computer programmer, to the Bletchley Park codebreakers, women have been making waves in science and technology for decades.

Yet within cybersecurity, women are still highly unrepresented.

According to research published in March 2017, females make up only 11% of the web security workforce.

The study also found that while women had higher education levels, they were less likely to hold senior positions and were paid less than their male colleagues.

With March 8 marking International Women’s Day, The Daily Swig spoke to some of the most groundbreaking female security experts to find out what needs to be done to redress the gender imbalance.

Some also shared anecdotes of their experiences and gave advice to women hoping to break into the industry.

Katie Moussouris

Katie started her career at Symantec and moved to Microsoft in 2007 where she created the company’s first bug bounty program.

In 2016, Katie sued the tech giant over allegations of gender bias in the workplace.

Katie told The Daily Swig that the cybersecurity industry needs to do more to support women who are already in the workplace.

She said: “Women don’t need more encouragement to begin working in cybersecurity, as much as they need material support to stay and advance in it. Like most of the global workforce, women in security are paid less and promoted less than men.

“It’s great to feed the pipeline, but not if it leads to another glass ceiling in pay and promotions.

“Correction for gender equity, like the transparent, straightforward way Salesforce has voluntarily corrected salary gender discrepancies, is the serious work all industries must do to retain & promote the best people for the job.”

Keren Elazari

Security expert Keren is an analyst and senior researcher at the Tel Aviv University Interdisciplinary Cyber Research Centre.

In 2014 she became the first Israeli woman to host a TED Talk and has authored books on web security.

Keren shared her advice to girls and women wanting to break into the industry.

She told The Daily Swig: “My number one advice to women starting their path in the infosec space is – don’t be shy!

“Step out of your comfort zone and go to meet with people in person, especially at hacker and security community events.

“Or I would suggest volunteering and participating in a more active way – participating at a local hacker event in Tel Aviv in 2000 as a volunteer was a huge help for me, as it helped me turn my enthusiasm into knowledge.”

Lisa Jiggetts

Former pen tester Lisa is now the CEO of the Women’s Society of Cyberjutsu, a non-profit dedicated to the education and mentoring of young female cyber enthusiasts.

As a US Air Force veteran and security analyst, Lisa uses her knowledge and experience to teach and encourage women in the industry.

She told The Daily Swig: “There are a myriad of barriers that women may face when either looking to enter the field or already working in it.

“Facing unconscious bias, sexism, and pay gaps for example, become unattractive and may leave women feeling less motivated to pursue this field. Studies are showing that over time, women in the field are leaving altogether – that’s not good.

“Having ambassadors or sponsors that support and advocate for diversity in cybersecurity is crucial. Men can play a bigger part by championing support for women in cyber and influencing alternative perspectives.

She added: “Increasing the awareness of the different areas of cyber and what a professional actually does on the job, would help showcase the variety. This concept weighs more in influencing children. Early exposure to cybersecurity concepts will prove worthwhile.”

Dr Sarah Morris

Dr Morris is course director within the digital forensics unit at Cranfield University, which recently launched its Women as Cyber Leaders scholarship.

A former IT teacher, she completed her PhD at the university’s center for forensic computing and last year won the Outstanding Teaching Award.

She told The Daily Swig: “Current initiatives like computing at school, part of the BCS (British Computer Society), are going a long way to promoting cybersecurity as a career option for women.

“In general I feel it’s about ensuring marketing and recruitment campaigns highlight the available career options and also have inclusive wording.

“Often people fear technical roles as they can appear from the outside to be like viewing ‘The Matrix’ but taster sessions, more online challenges and showcasing more gender balanced roles in TV and movies would demystify the process.”

Parisa Tabriz

She’s currently the engineering director at Google Chrome in charge of a team of white-hat hackers in Silicon Valley.

But self-titled ‘security princess’ Parisa has also consulted for the US government and in 2012, was named as one of Forbes’ 30 Under 30 in tech.

Parisa is a champion for women in the industry and dedicates some of her time to mentoring teens interested in cybersecurity.

She told iNews: “I don’t know how many women I have in my teams overall, which is maybe a good thing if I’ve lost track.

“We definitely have a lot more women on the security team than when we joined, although that was because there were none.”

Wendy Nather

Wendy is the CISO of Duo Security and former research director at the Retail Cyber Intelligence Sharing Center (R-CISC).

With more than 30 years’ experience in the industry, Wendy has also volunteered for Girlstart, an organization that encourages young girls to explore a career in STEM.

She told em360: “It’s okay not to know what you want to be when you grow up. I would never have guessed that I’d be doing all the different jobs that I’ve had, and if I’d tried to aim my career in those directions on purpose, it probably wouldn’t have worked.”

She also spoke of the women she admires within the security community.

Wendy said: “Allison Miller at Google and Katie Moussouris of Luta Security have broken the trail in critical areas of security, economics and risk, and they have so much energy and integrity.”

Joanna Rutkowska

Joanna is known for her extensive work on low-level security and stealth malware, and is the founder of Invisible Things Lab and Qubes OS.

She has spoken out about being invited to speak at events because she is a woman, rather than an expert, and advocates for more women within science and technology.

Joanna wrote on her blog: “I wish there were more women in science and technology. I also wish more women had more self-confidence. At the same time I’m concerned about superficial promotion of females just because they are females…”

She added on Twitter: “Every time I’m asked to speak at a con b/c I’m a women (who also knows some tech), instead of: b/c I’m a damn expert, I feel this is wrong.”

Eva Chen

Eva Chen co-founded cyber defense company Trend Micro with her sister and brother-in-law in 1998.

But in the late 90s, Eva said she struggled to be taken seriously as the head of the company, due to a lack of female bosses in Asia.

So she took matters into her own hands.

Eva told Management Today: “Every time I walked into a boardroom, everyone assumed I was there to make the tea and coffee.

“So that’s what I did: I made everyone tea and coffee, and then I’d walk over to the white board and start the meeting.

“Everyone was so shocked when I started talking about technology that they just agreed with everything I said! I was unexpected – and I used that to my advantage.”