Women in security: Is the tide turning?
The lack of women in information security is a constant topic of conversation and debate but, as Doug Drinkwater reports, changes are afoot
Is the tide turning?
While there are conflicting views on what should be done to improve the number of women in security, there is consensus on the root cause – too few women take computer courses.
Late last year, SC analysis of UCAS undergraduate acceptances revealed that just one in every 10,000 women in the UK undertakes computer-science degrees, with professors suggesting that this figure drops further as students switch courses in their second and third years. There's a perception too that students of both genders would rather build the next Facebook than a next-gen firewall.
In 2013 Frost & Sullivan found women represented 11 percent of the information security industry - while recruitment agency BeecherMadden put the figure at 14 percent in 2015.
Closing the gap
There are several support groups, including the (ISC)² Women in Security, the Women's Security Society, the Fraud Women's Network and Executive Women's Forum (in the US), as well as one-day events organised by Cyber Security Challenge. Some large companies, including KPMG and EY, have implemented their own networking groups, while Google has given grants for female ethical hackers to attend security conferences.
More generally on the skills gap, we've seen the proposed new computer science GCSE (with cyber-security a key element) and the introduction of GCHQ-certified post-graduate degrees. Cyber-security is moving mainstream in education – and that must help young women, too.
TOP TIPS FOR WOMEN IN SECURITY:
“Brave social media –
“Build a good network of
“Don't limit yourself,”
“Be yourself and be
“If you are not getting
Where's the problem?
Despite this, some say that, if women are to be enticed into this industry - fixes are needed in education, and in society. “To get to the root of the problem, we have to engage kids in school,” says Barbara Nelson, general manager and vice president at Imation Mobile Security, in a blog post.
“My love of maths led to great jobs in security; I was very lucky that early on I was shown how I might apply my passion in many different industries. That's where we are missing a trick. Rather than trying to get kids excited about maths, we need to paint a picture of what maths, and related sciences, make possible.”
Angela Knox, director of engineering at Cloudmark, believes more can be done at school level: “I'd like to see computer science, including IT security, added to the school curriculum for both secondary and primary school children. This is the best way to introduce this awesome career opportunity to a diverse group of both male and female children as well children from lower socio-economic backgrounds.”
Many women fall into security by chance. Cyber-security consultant Dr Jessica Barker, says that a lot of young women view security as a “male subject”. “If I hadn't been approached for a job, I probably wouldn't have thought about it,” she admits.
This, according to Dr Christopher Richardson, head of the cyber-security unit at Bournemouth University, is proof that the problem lies with society:
“It's not a STEM problem, it's a social problem…we've lost them before they even get to university. They don't realise about [cyber-security], there's a perception that it is geeky and for boys.”
He says that some of his finest students have been women, graduating with first-class honours degrees and going on to jobs like penetration testing or in consultancy. But he questions whether this societal issue also relates to how these courses are taught at a young age.
Dr Olga Angelopoulou is senior lecturer of digital forensics at the University of Derby, and she believes that female students often don't trust their own abilities. Citing her university's findings, that female digital forensics students often drop out in the second year to pursue psychology, criminality or other computing courses, she says: “In the second years, a lot of them give up. I guess the competition, especially in an area where boys are very passionate, can be stressful for the girls, who may feel that they can't compete…Boys see it as a hobby which becomes a profession.” She adds that those who did persevere would usually end up with “very good marks”.
Jennifer Steffens, CEO of security firm IOActive, has been in the industry for more than 15 years, and suggests this cultural problem could take time to fix: “I think that culturally we don't encourage girls to get involved with technology at a young age. Security is a very demanding and often critical industry so it can be difficult to break into later in life, regardless of gender. Breaking down the gender biases for kids will have a long term positive impact for the field.”
Knox agrees: “The low percentage of women working in security is a reflection of the same issue within the field of computer science. The main cause is marketing and messaging about what the job involves and who can do it. The graphs for computer science are evidence of this: the percentage of women studying computer science started falling when computers were marketed to consumers. Male children were chosen as the target market, which resulted in male children having more access to computers than female children. As they grew older, at university level, men had more experience with programming than women.