cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Lisav821
Newcomer I

Bridging the Gender Gap

It seems that every security event I attend, I hear the stats - females occupy only 11% of the cyber security jobs in the US.  There's a whole lot of talk about bridging this gap, and there are also some pretty smart folks who are trying to make a difference.  Let's keep talking about this, and let's fortify the talk by taking some action to "move that needle"!  How do we get more school girls interested in cyber security?  How do we help more mid-career IT gals transition to cyber security career?  I'd love to hear your thoughts!

 

Lisa Vaughan, CISSP, PMP

Jackson, Mississippi

18 Replies
Lisav821
Newcomer I

So true! We have to work on making cyber security more appealing to girls.
dhouser
Newcomer III

SeaCISSP -

Good list.  I would add a review of job descriptions / postings for gender-neutral phrasing.  It's pretty well-documented that InfoSec postings tend to be off-putting for women and are largely written by men with terms that men will find compelling.

-ddh
-ddh__________
Dan Houser, CISSP-ISSAP-ISSMP CSSLP CCSP
#20889
agbenaza
Viewer II

A lot of ladies would consider a career in information security if they get mentored. One young lady I spoke to mentioned that, it is something she thought about, but she was not sure how it would work for her. Those of us already in the career can offer to help these interested ones. We also need to make them understand that information security is nothing more than any other field of study like Medicine or Engineering.

EIAKPKP452
Newcomer II

Very insightful post! I am a member of Charlotte Region SIM (Society for Information Management) and I am really proud of the work our chapter does to support local STEM programs and some programs and scholarships that specifically work to bring more young females into technology fields. I think this is a major component in achieving more diversity in our profession that will also help to strengthen the talent pool. It helps that there are starting to be more strong female technology leaders in top positions like Gini Rometty and I expect that will help a great deal also.

 

Adam

Kate
Reader I

I think there's something to be said for making the various meet up groups and professional organizations with a security (and IT) bend be more friendly to women as well, so that once a non-male person makes it past all the other hurdles to find their way to the group they don't get turned off by the atmosphere.  The last infosec group meeting I went to (not ISC2), the during-meeting discussion was fine, but the mingling afterwards was dominated by several men going on and on about how technologically incompetent their wives were (and haha wives hate tech haha), along with a bunch of other commentary mildly degrading women.  One or two guys chimed in with slight dissent when the topics got bad, but overall it was enough that I never bothered to make time in my schedule to fit in another meeting with that group. 

 

 

 

 

EIAKPKP452
Newcomer II

Yikes Kate! Good call getting away from that crowd. Hopefully there are better options out there for you to network and share information. You make a good point in the responsibility of everyone to speak up when people disparage others in a group setting. Absolutely necessary to maintain the quality and integrity of the organization. One thought is that you might consider becoming part of the leadership of the infosec group you mentioned to help it improve?

Adam
SeaCISSP
Newcomer II

 

Dhouser,

 

Thank you. Agree that using gender-neutral language is very important - and not well-understood.

 

Over the years, I've experienced some staff and manager expressing opinions that gender-neutral language as a trivial, media-driven subject of no consequence in the workplace. Other staff have just been confused about what is best to use/avoid, with little guidance from their organisations.

 

It isn't obvious to everyone  that gender-specific terms can be potentially exclusive through ambiguity or unintentional bias ("The guys are ....") or overtly patronising ("Gentlemen - and, of course, the ladies ..."). Most times, the use of "guys" is intended to be neutral and inclusive but not always.

 

There are also expressions such as 'Don't get your panties in a twist', 'prima donna' and 'queen bee', which can be used passive aggressively in a workplace context.

 

As well as high-level statements, organisations can include specific examples of what they consider to be verbal/written good practice, in the training and guidance to accompany Codes of Conduct, Anti-Discriminatory Policies, Comms strategies and e-mail etiquette guides. Routinely using gender-neutral terms such as "Staff members must ...." in policies or "everyone/folks" in general conversation is inclusive and can avoid inadvertently communicating the wrong message.

 

It's good that this is also an area where anyone can take individual responsibility to stay aware of the terms and expressions they're using and the impact words can have, in the workplace and elsewhere. 

CISOScott
Community Champion

Another thing to consider is not to just force women (or any group for that matter) into a career "just to get more of them in there!". I have seen many people, of both sexes, who went into InfoSec because of the belief "that's where the money is..." only to find themselves hating to go to work because they don't like what they do. They only put in  a half-hearted effort to keep abreast of the changes and do marginal work. Forcing people into a field they don't like just reinforces the stereotype that group X shouldn't be in InfoSec because they are incompetent. The key is to watch for a spark, and when you see it, nurture it and help it grow. If you see a girl/woman showing some interest, help them by engaging them in the field and see if they like it. If they like it, sell the idea of how exciting it can be as technology changes rapidly and there are always new things to learn. I keep gently nudging my daughters toward it but they are not interested. I have one that is on the fence, but she is undecided but leaning towards the medical field. I may yet win her over to our side. The other 2 have their minds set on becoming doctors so I don't think I will be able to nudge them into the field.

 

If you are in this field, please take time to mentor and help others. Look for a spark of interest and when you find it see if you can fan it into a flame.

lincramp10
Newcomer I

Re-entry programs -- to recapture those who've been out of work for a period of time.   Taking time off to take care of family (children, sick or elderly family members) usually falls on the woman.  Re-entry programs are big in other tech areas, but I don't know of any in the info security field.