Women in IT security: Carpe Diem
The debate about women in security isn't new, but despite vowing to address the situation we're not seeing an appreciable rise in the number of women entering the industry.
To get to the root of the problem, we have to engage kids in school. My love of maths led to great jobs in security; I was very lucky that early on I was shown how I might apply my passion in many different industries. That's where we are missing a trick. Rather than trying to get kids excited about maths, we need to paint a picture of what maths, and related sciences, make possible.
Security is an industry that novels are written about; it's digital cloak and dagger drama. What we do touches the lives of everybody around the world, whether in big cities or remote villages. Increasingly we do that not by frontal attacks or massive defences, but via pattern recognition, developing profiles based on behaviour and devising algorithms to catch the hackers at their own game. This game of cat and mouse based on an understanding of behavioural patterns plays to women's strengths. It is in our DNA to sleep with one eye open, ever vigilant for what could go wrong, and for where loopholes and back doors might lurk.
Solving complex problems is thrilling when put in the context of the wider global security industry. Being told to be good at maths when you are 13 is not so thrilling. You don't inspire a potentially great pianist by telling them they have to practice scales every day. You capture their imagination with beautiful pieces of music that propel them into another world. Then when they have a deep love for the piano, you show them how scales can help them play better by growing stronger and helping their stamina and technique. The same approach applies to maths and security. You only need to look at the momentum and popularity around coding in schools to see how focusing on the end result can reap dividends.
We also need to highlight the achievements of women within our industry. Saying that security is a male dominated industry overlooks the phenomenal achievements of people such as Renee Guttmann, chief information security officer for The Coca-Cola Company, Mary Ann Davidson, chief security officer at Oracle Corporation or Paula Chlebowski , group head of IT Security at HSBC. These women are in seriously high-powered positions, but they're hardly household names. This needs to change if women are to feel empowered and less intimidated by a perceived ‘boys club' culture. To know that there are women blazing a trail and climbing to board level positions in some of the biggest companies in the world demonstrates that there needn't be glass ceilings.
But just as there needs to be a certain onus on the industry to engage, mentor, profile and encourage women in security, so women themselves need to step up to the task. Security is now a top business priority and there are always big challenges and problems that need to be solved. Stick your neck out and solve one. A friend did that when there was a huge security breach within her company. She wasn't in IT security, but she detected a suspicious digital profile, and identified that it was someone who was in the security loop. By using behavioural analytics, she exposed the mole. Everyone thought he was a good guy, but in actual fact he was a professional hacker. She was a hero.
Obviously this was a personal risk as she may not have solved the problem. But if you want to make a name for yourself, man or woman, you need the guts to grab the big challenges. We work in an industry that has never been more exciting and the advent of mobility has only multiplied the security vulnerabilities that need to be tackled. So to women working in all aspects of security I say, Carpe Diem.
Barbara Nelson is general manager and vice president at Imation Mobile Security