RSA: Women breaking the glass firewall

News by Tony Morbin

"10 percent (of information security staff being women) is appalling and we should be shocked at that," delegates were told at RSA, with suggestions made as to how the imbalance might be fixed.

Information security is a team sport, but it's a very one-sided team with women accounting for just 10 percent of the workforce in this sector, journalist Fahmida Rashid, moderator told delegates at Monday's San Francisco RSA session: 'Breaking the Glass Firewall: The changing role of women in IT security'. She emphasised the need to increase the hiring pool by noting that some 600,000 to 900,000 posts remain unfilled yet 56 percent of women leave the sector mid-career.

While all the panellists agreed that things were changing, and that women in IT security do now have more credibility and are more respected by their co-workers, some unconscious bias remains, including the male in mixed sex presentations often being assumed to be the lead.  So what are the barriers, and what can be done?

As women remain an oddity, the often lone female voice in an organisation feels a responsibility to be beyond reproach, ‘knowing their stuff', wearing their armour, and sometimes not tapping in to all aspects of their personality needed for leadership suggested Michelle Cobb, vice president, Skybox Security Inc.

Angela Knox, engineering director, Cloudmark, agreed, saying that women also often need to be more confident in their abilities to take the next step, taking on jobs they'd not done before, compared to men with no more ability who were more likely to say, “I'll figure it out.” Whereas women do have good problem solving abilities.

Yet it was clear that women also often had different skill-sets to bring to the sector – with Rashid noting how diversified teams achieve better performances and additional insights, and Cobb citing women's collaborative approach, team working, as well as big picture and long term perspectives. Penny Leavy, chief operating officer at Outlier Security, agreed adding that women are more likely to seek consensus, and sharing of information in the sector is a valuable benefit to all, but not something widely pursued.  In addition, Melinda Rogers, CISO, Department of Justice, noted how marketing and communications skills provided by women helped round out this nascent sector, which needs a broader range of skill sets to provide a more robust offering.

So,what can be done? On marketing, Knox says the image of the industry is in need of an overhaul, away from the lone hacker view, to that of one benefitting the community, with security as a normal part of whatever they do, from fashion to food.  Rogers added that the industry needs to better market the opportunity as a viable option for women, and reach out to colleges and universities to encourage more female applicants, and make them aware of this career path. And for women in existing teams, they should be asked if they are supported, and given career guidance and confidence to take the next step – or if already senior, act as a role model.

Cobb commented: “10 percent is appalling and we should be shocked at that.  We need to reach out to others and connect with them.” Networking and mentoring were seen as key routes to improving prospects. Women delegates were advised by Leavy, “Ask for mentoring. Be assertive, bounce ideas off others to get new ideas – and offer if an interest is expressed to you.” Rogers concurred, saying: “If you feel you could use a mentor, reach out to someone you respect- they're usually flattered.” And it was acknowledged the mentor could be female or male, if they were a good manager.  Cobb suggested that this could include looking outside your organisation, such as former bosses, people met when networking, or say leadership groups outside technology. But it was also emphasised, that you own your own career and have to take responsibility for it.

Asked for their single most important piece of advice to women to further their career, Knox said: “Have an elevator pitch of a task they are working on right now that they could tell the CEO if asked.” Cobb suggested: “Set a challenge for yourself, or other groups, e.g to reach a certain number of (female) hires etc,” (having emphasised appointment on merit).  Rogers advised, “Put yourself out there – take a risk. Some will say no – that's ok.” Leavy suggested: “Networking and try to hone your pitch – and raise awareness with others.” 

It was noted that 46 percent of women in the sector saw gender bias in appraisals and delegates were advised to draw attention to bias when you see as it may be unconscious or people may not notice. You call it out, and if it continues, at some point you leave and they lose talent.

In Q&A delegates asked about the impact of work/life balance for working mothers. All the panellists are mothers and each explained how they coped, with comments including: “My daughter fits into my life – its quality time rather than quantity;” “It's not just a women's issue, it's a family friendly policy issue;” “You have to carve out time for children; 6 to 10 is my family time and I am not available (for work);” “There's no magic answer, there's guilt at time spent away but you try to achieve a balance.” But all felt that their career was a positive benefit in both their own eyes and that of their children.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews