Friday, October 30, 2020

Cybersecurity needs more women, now and in the future (Cybersecurity Awareness Month, Day 30)

A woman with a laptop next to a server, making the point that IT needs more women. Cybersecurity needs more women. Shoutout to Christina @ for the image on UnSplashsocial or copy the text below to attribute.

Hopefully, you have seen many images like the one above during Cybersecurity Awareness Month 2020, which is now drawing to a close. This messaging emphasizes our individual and collective responsibility for taking whatever steps we can to protect digital devices and data from being abused for selfish purposes. To me, this particular image is a reminder that cybersecurity is not only a shared obligation, but also a field of endeavor that offers a lot of job opportunities for women. And that is the subject of today's blog post. 

If you have been reading along on this blog this month you will know that there is post for each day of the month. I hope you have found these helpful and, if so, that you will share them with friends and colleagues through the coming months and into next year. You don't need to read many of these posts to realize that, while I fully support raising awareness of cybersecurity, I also think a lot more than awareness needs to be raised if humans are ever going to get ahead of the cybersecurity problem. One of the things that needs raising is the percentage of women working in technology.

Today we look at the need for more women in technology generally, and in cybersecurity specifically. But before I go any further with this, I need to give a shoutout to Christina at for the great photo that makes up the right half of the image at the top of this article. Women of Color in Tech are creators of the WOCinTech stock photo collection, full of great images that are easy to find on UnSplash.

More women in cybersecurity

As I outlined in the article for October 28, there is a huge cybersecurity skills gap, despite the fact that the pay for some cybersecurity roles can be very good.* We're talking half a million open positions in North America this year, and most countries are faced with large shortfalls in qualified applicants for cybersecurity roles. 

Note that these are funded jobs, waiting for the right applicants; and there is no reason that all those applicants need to be men. Indeed, I would argue that the cybersecurity workforce would benefit from becoming far more gender diverse, and just more diverse in general. When a field of endeavor embraces greater diversity that means a larger pool of talent from which to recruit, plus the potential to benefit from a wider range of perspectives.

Clearly, there are multiple ways in which it makes sense to encourage women to consider a job in cybersecurity, starting with the number of openings and the levels of pay available. Industry organizations—like CompTIA, (ISC)2, and ISSA—recognize this and have done a lot to encourage recruitment of women and minorities into tech in general, and cybersecurity specifically. Here's just a sample of web pages and articles that have more information about this: 

Of course, getting into the field may require some knowledge and training that you don't have yet, but these can be acquired, often through self-paced learning, on the job or in your own time, combined with security certifications. There are also community college course and apprenticeship programs. In other words, getting into a career in cybersecurity and progressing to the point where you're earning a six figure salary does not require a university degree (there are still some employers who don't believe this, but they are wrong, and there are a lot of people, like me, working at convincing them of this).

Cybersecurity can be a great fit for women returning to the workforce, or entering it "late" (as defined by social convention). In my experience, women can acquire the necessary knowledge and training for cybersecurity work just as fast as men, if not faster. In yesterday's article I looked at reasons why some people might be more aware of technology risks than others, and I believe that lot of those more aware people are female.

Here are a couple of examples that show women being particularly adept in one particular aspect of cybersecurity: raising awareness of how easily our digital devices and data can be compromised. To be clear, both women are making a good living advising organizations on how to avoid becoming victims of the kind of "vishing" attacks that they so effectively demonstrate.  

This second example offers more detail, some colorful language, and live video of a fairly serious theft of information, plus airline points. It also works as a great cybersecurity awareness video. Use it when you need to show someone how all that online authentication stuff we talked about on days 19, 20, and 21, can be bypassed if you shift communications to the phone and the target is not vishing-aware). 

Of course, the cybersecurity realm is much, much wider than this, and women are making valuable contributions across the board. From the very human side, seen in these videos, to the most cerebral, like Artificial Intelligence, a topic I will get back to in tomorrow's blog post). 

One thing I find particularly encouraging about the state of play for women entering cybersecurity today, is the amount of encouragement that is on offer, not just upon entering the field, but throughout career development. One of my favorite encouragers is Keirsten Brager. Consider the approach she took when investigating the recurring career question of "what should I be paid?" (When I heard Keirsten speaking at The Diana Initiative as few years ago, I learned several career strategies that were new to me, and cybersecurity has been my career for more than three decades.)

Women on cybersecurity

Getting more women to enter the field of cybersecurity is only part of what needs to happen. I would like to see, and the world would benefit from, more non-male influencers in the field. For example, several of my cybersecurity awareness blog posts this month recommended websites and newsletters that are good for keeping up with the latest security news, incidents, breaches, vulnerabilities, research findings, etc. 

You might have noticed that these cybersecurity resources tend to be helmed by men, guys who have developed a reputation for providing, useful and un-gated information about, and analysis of, cybersecurity trends and issues. I wanted to include more non-male sources in my posts, but I encountered a very interesting phenomenon: women charging for their take on cybersecurity. This makes sense given the way that the field has evolved; guys who rose to prominence in the field early on have developed followings that can be monetized with ads and paid speaking engagements, and so on. 

But what if you have achieved expertise and a perspective worth sharing, but no prominence (circumstances with which many women may be familiar)? Why not build the following your work merits while also monetizing it: pay as you grow as it were. That is what some women in cybersecurity are now doing, charging for their cybersecurity content on a pay-as-you-go basis. Here are two of the paid sources that I have signed up for: Infosec Sherpa and Cybersecurity Roundup

If you know of others, please ping me on Twitter and I will check them out. In the meantime, here is a very helpful list of top cybersecurity and website blogs to follow, curated by a woman. And here is an impressive list of 50 Women In Cybersecurity Associations And Groups To Follow. Also check out Lisa Forte's Rebooting channel on YouTube.


* When I say there is a huge cybersecurity skills gap "despite the fact that the pay for some cybersecurity roles can be very good" I mean yes, you can earn good money, but not all the jobs pay well. Furthermore, very sadly and all too predictably, the sector currently pays women 21% less than men according to a recent study. Clearly, this is wrong and needs to change. 

No comments: