I explained trojans and DDoS and phishing and pharming, and they looked at me like all this happened a galaxy far far away," said Chi Onwurah, the member of parliament for Newcastle upon Tyne Central and shadow minister for industrial strategy, science and innovation. She was recalling her experience of describing cyber-attacks to an audience of lawmakers not so long ago.
The chartered engineer and passionate cyber-security and diversity advocate — possibly the first Minister for Cyber, a post she revealed would be established were Labour to be elected next month — was delivering the keynote speech at SC Media UK’s 50 Most Influential Women in Cyber-security 2019.
During this gathering in the revolving gallery atop the BT Tower, this celebration of successful women in cyber security focussed on diversity. And Onwurah noted how it is necessary in technology because we make the products that meet our needs, and diverse needs are met only when the makers are diverse. She cited the instance of the Health app in iPhones, which came with a glaring oversight — it never addressed the menstrual cycle of women. Why? Its makers, all male, never gave periods a thought!
The issue was addressed in iOS 9, much later after the app’s initial launch, but the incident was hardly a surprise. News reports state that only 30 percent of Apple employees are female. The representation is only 20 percent when it comes to engineering positions in the company.
Each of the panelists addressed an area of concern before going into general discussion.
"Women are being over-mentored and under-sponsored," said Jane Frankland, founder of Cyber Security Capital and the INSecurity Movement. Mentoring is most successful when it is informal, she pointed out at a panel discussion moderated by SC Magazine UK editor-in-chief Tony Morbin.
Some of the upcoming programmes that she is involved in look at factors such as learning, networking, and accountability rather than the formal, descriptive and limited scope of formal mentoring, she said.
While role models were generally acknowledged as a good thing, sometimes the use of a high achieving role-model can limit the perception of the role, noted Bridget Kenyon global CISO at Thales eSecurity.
Bridget Kenyon (right)
"When we talk about joining the Royal Air Force, the immediate reaction is: ‘Oh, you’re going to be a pilot! That’s the same problem we have in cyber. Niche tiny roles meant for one in ten thousand are being held up as the goal for everyone to achieve," she said, pointing out that while not everyone can be a CISO, there are lots of other rewarding roles within cyber security.
The scope of roles should not be limited to technical ones, said Julie McGourty, technical solutions architect at Cisco who has performed both technical and commercial roles.
Julie McGourty (centre)
"Speaking from my experience, there are more women in cyber-sales roles than there are in the technical roles," she said. "Often in meetings with a techie and a sales person, and its a male and a female, the male is always assumed to be the technical person and the female tech person presumed to be the sales person."
Lynn Studd, director, BT Security, explained how she was the first female executive to lead the cyber-security domain in BT. She reported how interns and trainees in cyber-security tell her that the wordings in most of the job descriptions in the sector are "very male-oriented". Most of them are about leadership, which turns off many female candidates who assume that they might not be able to meet the expectations.
Lynn Studd (centre)
Instead, the job descriptions should be more about "changing society, changing people’s lives, and what cyber can do," she suggested.
We have to change the way we advertise opportunities in cyber-security, agreed Troels Oerting, chairman of the Global Centre for Cybersecurity (C4C) at the World Economic Forum.
Speaking as the only male on the six-person panel, he cited his experience as a parent of two boys and two girls to highlight the entry barriers in cyber-security.
"My sons will apply for anything that they have 60 percent of the qualifications for. My daughters will only do so if they have 120 percent," he said, as most of the women nodded in approval.
Formal technical qualifications are important not mandatory to enter the cyber-security sector, said Deshini Newman, managing director EMEA at (ISC)2. Coming from a background in global education strategy, Newman acknowledged that there are important jobs in this sector that does not necessarily need technical skills.
"It’s about highlighting all the different jobs that exst in cyber-security and the fact that we can use transferable skills to get into this industry."
Discussion ranged over the various obstacles that women might face, with comments that it was often too late to change perceptions at 16, and even 10, as they were created very young, hence the earlier that girls are engaged, the more will pursue STEM subjects later. Salary inequity, recruitment processes, and trolling of women were also tackled, with Newman noting how, as a woman from an ethnic minority she had faced emails suggesting she had been appointed for reasons other than her ability to do the job - despite having been through a six stage selection process. All panelists agreed that the best person for the job should get the post, however Oerting and Frankland concurred that should there be two candidates, a man and a woman of the same ability, then given the current imbalance, the woman should get the job.
The panel primarily served to whet the appetite of this highly qualified audience who continued to debate the points discussed as part of a high level networking event where 50 women cyber-security leaders exchanged ideas for speeding the rate of change.
Event Picture Gallery: