It seems that every security event I attend, I hear the stats - females occupy only 11% of the cyber security jobs in the US. There's a whole lot of talk about bridging this gap, and there are also some pretty smart folks who are trying to make a difference. Let's keep talking about this, and let's fortify the talk by taking some action to "move that needle"! How do we get more school girls interested in cyber security? How do we help more mid-career IT gals transition to cyber security career? I'd love to hear your thoughts!
Lisa Vaughan, CISSP, PMP
A lot of ladies would consider a career in information security if they get mentored. One young lady I spoke to mentioned that, it is something she thought about, but she was not sure how it would work for her. Those of us already in the career can offer to help these interested ones. We also need to make them understand that information security is nothing more than any other field of study like Medicine or Engineering.
Very insightful post! I am a member of Charlotte Region SIM (Society for Information Management) and I am really proud of the work our chapter does to support local STEM programs and some programs and scholarships that specifically work to bring more young females into technology fields. I think this is a major component in achieving more diversity in our profession that will also help to strengthen the talent pool. It helps that there are starting to be more strong female technology leaders in top positions like Gini Rometty and I expect that will help a great deal also.
I think there's something to be said for making the various meet up groups and professional organizations with a security (and IT) bend be more friendly to women as well, so that once a non-male person makes it past all the other hurdles to find their way to the group they don't get turned off by the atmosphere. The last infosec group meeting I went to (not ISC2), the during-meeting discussion was fine, but the mingling afterwards was dominated by several men going on and on about how technologically incompetent their wives were (and haha wives hate tech haha), along with a bunch of other commentary mildly degrading women. One or two guys chimed in with slight dissent when the topics got bad, but overall it was enough that I never bothered to make time in my schedule to fit in another meeting with that group.
Thank you. Agree that using gender-neutral language is very important - and not well-understood.
Over the years, I've experienced some staff and manager expressing opinions that gender-neutral language as a trivial, media-driven subject of no consequence in the workplace. Other staff have just been confused about what is best to use/avoid, with little guidance from their organisations.
It isn't obvious to everyone that gender-specific terms can be potentially exclusive through ambiguity or unintentional bias ("The guys are ....") or overtly patronising ("Gentlemen - and, of course, the ladies ..."). Most times, the use of "guys" is intended to be neutral and inclusive but not always.
There are also expressions such as 'Don't get your panties in a twist', 'prima donna' and 'queen bee', which can be used passive aggressively in a workplace context.
As well as high-level statements, organisations can include specific examples of what they consider to be verbal/written good practice, in the training and guidance to accompany Codes of Conduct, Anti-Discriminatory Policies, Comms strategies and e-mail etiquette guides. Routinely using gender-neutral terms such as "Staff members must ...." in policies or "everyone/folks" in general conversation is inclusive and can avoid inadvertently communicating the wrong message.
It's good that this is also an area where anyone can take individual responsibility to stay aware of the terms and expressions they're using and the impact words can have, in the workplace and elsewhere.
Another thing to consider is not to just force women (or any group for that matter) into a career "just to get more of them in there!". I have seen many people, of both sexes, who went into InfoSec because of the belief "that's where the money is..." only to find themselves hating to go to work because they don't like what they do. They only put in a half-hearted effort to keep abreast of the changes and do marginal work. Forcing people into a field they don't like just reinforces the stereotype that group X shouldn't be in InfoSec because they are incompetent. The key is to watch for a spark, and when you see it, nurture it and help it grow. If you see a girl/woman showing some interest, help them by engaging them in the field and see if they like it. If they like it, sell the idea of how exciting it can be as technology changes rapidly and there are always new things to learn. I keep gently nudging my daughters toward it but they are not interested. I have one that is on the fence, but she is undecided but leaning towards the medical field. I may yet win her over to our side. The other 2 have their minds set on becoming doctors so I don't think I will be able to nudge them into the field.
If you are in this field, please take time to mentor and help others. Look for a spark of interest and when you find it see if you can fan it into a flame.
Re-entry programs -- to recapture those who've been out of work for a period of time. Taking time off to take care of family (children, sick or elderly family members) usually falls on the woman. Re-entry programs are big in other tech areas, but I don't know of any in the info security field.