The cyber solution
INDUSTRY HOPES WOMEN WILL HELP FILL 1.8 MILLION JOBS
Ina room heavy with testosterone at Regis University last weekend, the college team that outwitted volunteer hacker sat a cy ber security competition had four women and four men. The second-place team had two females and six males. Third place? All guys. Coincidence? The coach of the BYU team, which won the Rocky Mountain Regional Collegiate Cyber Defense Competition for the second year in a row, doesn’t think so.
“Our team was 50 percent female and was the same composition last year. In both years we are the only team nationwide to be gender balanced. Last year we won regionals and took number two in the national competition,” said coach Dale C. Rowe, an information technology professor at BYU. “There is a huge strength to diversity of thought in these competitions.”
The cybersecurity world is scrambling to find qualified workers to fill an expected 1.8 million positions by 2022, according to a Frost & Sullivan report. But the pool of applicants might be larger than previously believed, because there’s growing realization by cybersecurity experts that a diverse team is better prepared to identify and counteract known and unknown threats. By attracting nontraditional employees — women and people from nontechnical backgrounds — the industry hopes to fill open seats and take advantage of different perspectives.
“Different skill sets are becoming more valued in security instead of just having highly technical employees,” said Robb Reck, chief information security officer at Ping Identity in Denver. “... Anytime you can get diversity, you expand the overall perspective of a group.”
But it’s still a man’s world and one that has not been friendly to women employees, according to the 2017 Global Information Security Workforce Study, released Wednesday. The report — which was led by the Center for Cyber Safety and Education, the nonprofit (ISC)² certification group — estimates that only 11 percent of the world’s information security workers are women, a number that has been stagnant for the last couple of years.
And 51 percent of the women surveyed said they had experienced some form of discrimination at work. Only 15 percent of men said they had experienced discrimination. And the women, on average, had higher levels of education but were paid less and held fewer leadership positions compared to their male co-workers.
“It is one thing to have the suspicion that women are feeling a level of discrimination. It’s a whole other thing to see it in writing as a metric,” said Lynn Terwoerds, executive director of the Executive Women’s Forum, a partner on the report. “... It’s not a motivator to come to the profession or stay in the profession.”
Discrimination reported by the women ranged from unconscious bias (87 percent) to tokenism (22 percent). Approximately 53 percent of the women said there was an unexplained delay or denial of career advancement, while 29 percent said discrimination came in the form of an “exaggerated highlighting of a mistake or error.” And 19 percent said discrimination was outright overt.
Companies that acknowledge bias and create support and mentorship groups for women say their cybersecurity teams fare better in hiring and retaining women, said Joyce Brocaglia, CEO of cybersecurity staffing firm Alta Associates and founder of the Executive Women’s Forum.
“Interestingly enough, the corporations involved in Executive Women’s Forum and in engaging women tend to have a higher percentage of women than the norm,” Brocaglia said. “Women who are given opportunities and access to sponsorship and mentoring programs feel more satisfied with their career and job. I can make a leap of faith (and say) that if you feel more satisfied and valued, you tend to stay with a company.”
The report offered practical ways to attract and retain women: End pay inequity, identify bias in recruiting and performance evaluations, value different educational backgrounds and make the workplace more inclusive.
A diverse workforce extends beyond gender. People from different ethnic, cultural, financial and educational backgrounds and experiences bring different insight to problem solving. You don’t need a science, technology, engineering or math background to succeed in cybersecurity, Brocaglia said.
“I walked away from writing a dissertation on some Latin poet to working for 20 years at Barclay’s Bank, Microsoft and Oracle,” Terwoerds said. “... If I put my executive search hat on, when we fill jobs for a CISO (chief information security officer), they’re asking me to find someone with strong business acumen and a strong leader who can articulate concepts and issues that the board can understand. None of those things are specific to having a technology degree . ... Gone are the days that cybersecurity is some geeky person wearing a hoodie and staring at a computer.”
Change is occurring at schools, which encourage diversity in various ways among all age groups. Regis University, for example, hosts coding programs for girls, such as CoderDojo and a Cybergirlz day-long event April 1.
“If you look at the employment picture in Denver and Colorado, there are more (tech) jobs than there are people,” said Shari Plantz-Masters, academic dean of Regis’ College of Computer & Information Sciences. “The only way we can (solve) it is to inspire a passion in young people.”
Over at SecureSet Academy, a cybersecurity boot camp in Denver, a new program is meant to appeal to people who don’t have a technical background. Its new “hunt analyst” role was set up to train creative analytical types to work alongside security engineers. Eventually they will be hired to analyze IT environments and set traps for hackers. People who are good at math, social science and business and have a knack with creative solutions are encouraged to apply to the 12-week program that starts May 1 (details at securesetacademy.com).
More women are already interested, said Bret Fund, a founder of SecureSet Academy. At its cybersecurity meet-ups, about 30 percent of the people gathered are women. He expects women will make up 40 to 50 percent of the new hunt analyst program students.
“We can’t speak to all the reasons why women are underrepresented in STEM careers, but we can all agree that there aren’t enough women participating,” Fund said. “We anticipate that the unique mix of analytical and technical skills required of hunt analysts will create a big, bright doorway into the industry that more women will walk through relative to most other tech career fields.”
Rowe, BYU’s winning cyber-defense coach, said he strives to have female representation on his teams.
At the regional competition last weekend, BYU students Sarah Cunha and Haley Dennis managed the firewalls and networking, which were critical to the win. With two consecutive regional titles plus placing second nationwide last year, BYU’s diversity tactic is getting noticed.
“I know recruiters have also taken notice. Women from our program are whipped up for internships and placements with extraordinary rapidity,” Rowe said. “They are smart, highly trained, confident, and think differently to the current workforce male majority — so it makes sense. With the type and scale of cyber attacks we see on an almost daily basis, this is becoming critical.”
The guys on the team notice the difference too.
“I honestly believe that a gender balance definitely helps us and that the team feels the same way,” said Hans Farnbach, a BYU senior. “... Even if the different perspective that is offered isn’t 100 percent implemented in the end, the influence it created in the brainstorming process most likely changed the final solution for the better.
“That isn’t to say that everyone on our team isn’t incredibly talented, but the gender diversity gives us an extra leg up on the competition. Hard work and dedication will always outperform the genetic lottery of gender, but if I had to bet on a team of all men, all women, or 50-50 split, I would put my money on the gender-diverse team every time.”
“Gone are the days that cybersecurity is some geeky person wearing a hoodie and staring at a computer.” Lynn Terwoerds, executive director of the Executive Women’s Forum