Friday, August 23, 2013

Women in Information Security

TL;DR

Many changes and improvements have occurred in the last 10 years which has enabled the Information Security profession to be a more welcoming place for women.  It continues to make improvements every day to further this welcoming atmosphere.

Op-Ed: Women are succeeding in InfoSec

In the Information Security profession, diversity comes second only to having the requisite technical skill set.  It has to.  Diverse viewpoints enable security professionals to see a problem before a hacker does, and fix it before it can be exploited.  This need for diversity makes the current landscape of the Information Security Industry – also known as White Hats, Black Hats, Hackers, Security Researchers, among others – a hotbed of opportunity for career minded people of both genders.

Unfortunately, this diversity is not always evident in Information Security.  Security Conferences, where security professionals gather; are where the lack of diversity is often most visible. A majority of speakers and panelists are male. Globally, only 9% of speakers/panelists are female. At the same time, the majority of conference attendees are also male.

Where many argue that drastic changes are needed, I believe many of these desired changes are already underway. Thirteen years ago, the first conference I participated in was an almost exclusively male gathering. The women present were accompanying a male attendee. Today, the number of woman attending conferences is increasing year over year and they are active participants. The average age for attendees is increasing too.  I believe that the community that, not long ago, was known as an immature bunch of boys is growing into a more balanced and self-regulated community. Recent initiatives at these types of conferences include entire sections dedicated to working with kids, and throwing M80 dynamite in hotel pools isn't as common as it used to be. While many women testify that the community improves itself continuously, their attendance - often on their own budget - is a testament to the lessons we as a community have learned.
At the same time the number of women in security jobs is increasing.  I have witnessed this myself during my tenure at a Fortune 500 company in Silicon Valley.  While working on their internal security team, made up of 60 people across the globe, 40% of the staff was female (well above industry averages).  This was especially noticeable in the Audit & Compliance division, where women actually outnumbered men.  In fact, the present Chief Information Security Officer at that company is female, as was her predecessor.  Investing in diversity grew dividends for the business.  My personal growth and understanding of Information Security, business and risk management, would not have occurred if not for the consistent feedback from everyone, women and men alike.  In turn, I have shared my knowledge without discrimination. It is how we as a community work and how we collectively get better. Better at what we do and better at who we are.

Change is happening in education as well.  Women are now outpacing men in college degrees issued in Science, Technology, Engineering and Math (STEM), although not in Computer Science. Not just yet.  STEM degrees are the core of the Information Security industry.  In response, many professional security organizations like (ISC)2 have started offering scholarships to encourage women to enter the Information Security industry. This helps in bridging the gap, and I can only hope to see more influx of such initiatives. 

It pays to be in Information Security.  The average salary for junior level positions sits at $60 - $90k USD year, with senior positions topping out at $250k.  According to research by Dice.com – a technology job driven careers sites – the pay gap between women and men in IT has virtually disappeared.  This means that not only are there careers waiting for anyone who wants them – with year over year demand increasing by 27% for the last 10 years – but while staying intellectually challenged, one won't go hungry either.

Recently, we have seen attacks on the information security community. Pointing out fundamental and structural flaws is one thing. Gutting a community that, over more than a decade, has made great strides forward is of a completely different and questionable level to say the least. With the growing importance of information security in the world comes great responsibility. A responsibility I am sure our community and industry will take up and honor. 

As we keep focusing on a healthy, diverse and cooperative future while learning from our past, I am confident that a positive and inclusive industry is the common goal that keeps us together.

References:

Information Security Job Growth Part 1
Villanova University

When Geeks Attack
Marie Claire

Spotlight on Women in Tech
Dice.com

Information Security Scholarships for Women
(ISC)2

No comments:

Post a Comment