Women in IT security: 'It is a lopsided team in the field'

Women account for less than 11 percent of info security jobs, and still more than half of them are expected to leave IT altogether because of hostile work environments, according to analyst findings.
Written by Rachel King, Contributor

SAN FRANCISCO---The tech world has found itself under increasing scrutiny as one report after another demonstrates an almost unfathomable lack of diversity at some of Silicon Valley's biggest corporations.

The recent legal battle between venture capital stalwart Kleiner Perkins and former partner Ellen Pao brought the gender gap debate mainstream, but there is much more room for worry beneath the surface and beyond the boardroom.

Women account for less than 11 percent of info security jobs, and more than 50 percent of women now working in science, engineering and technology jobs are expected to depart the industry altogether because of hostile work environments, according to Harvard Business Review.

"That number is appalling. We should all be shocked by that," reflected Michelle Cobb, vice president of Skybox Security, during a panel discussion amid the opening of the annual RSA security conference on Monday.

Looking closer at the culture causing this, researchers at The Athena Factor project found 84 percent of women in technical roles said they do not have adequate mentors or feedback, while the National Science Foundation found 46 percent believed gender bias influences performance evaluations.

"It's a lopsided team in the field," summarized Fahmida Rashid, information security journalist and editor-in-chief for the RSA Conference.

The IT security field is growing and changing rapidly, Rashid continued, demanding new skill sets, insights and experiences.

But there is a general lack of IT skilled workers in the United States regardless, Rashid noted, positing that even after every male IT professional finds placement, there are still plenty of mission critical jobs going unfilled.

Penny Leavy, chief operating officer of Outlier Security, recalled that when she started out early in her career in control data as a sales rep, she was just one of five women in the organization.

"When I'd start to speak about a product, the men would look at each other and ask if I was correct," Leavy said. "I don't see that bias anymore. There are a lot of women given credibility in the business."

Nevertheless, Leavy argued there still aren't enough.

"It's going from being an oddity to normal, but we're still scarce," Cobb concurred, adding she is waiting for that trend to progress from the standard norm to "expected."

Rashid questioned whether or not women struggle in the IT industry simply by trying to please and getting others to like them rather than coming off in a negative light from being assertive.

"Personally I've tried to handle that by thinking if you stay within the merit of your position, you stay focused on your end goals, that helps overcome the perception of challenges about being in a male-dominated industry," responded Melinda Rogers, chief information security officer at the U.S. Department of Justice.

Women tend to be "consensus makers" trying to get everyone on the same page, Leavy observed.

"It's very uncomfortable sometimes if someone doesn't like you. It's something you have to work at to overcome, actively," Leavy lamented.

These problems often compound the smaller a company gets. Noting the tech startup scene is difficult enough to begin with, Leavy cited the first few employees at these businesses are usually male engineers, reflecting both the gender gap in STEM jobs and the lack of outreach in education at an early age.

"Some people in the venture community tend to speak to my business partner rather than me even though I'm the one with the numbers," Leavy said.

Looking at the bigger picture of the connected world brought on by the Internet of Things movement, Cloudmark engineering director Angela Knox suggested the gender gap in the workforce starts with changing the image of the security field for mass audiences.

"If we see security as just for hackers and people in dark rooms figuring out what the bad guys are doing, the world we're moving into where everything is connected, you're not communicating," Knox argued. "There is a messaging issue to make security a normal part of what everyone does."

"As we become more diverse and make room for everyone, it will help with changing the image problem," Knox concluded.

The question then becomes, according to Rogers, how to sell the interesting elements of cybersecurity to women and encourage more candidates to consider IT security an opportune field.

"This change is not going to happen by itself," Cobb pointed out, outlining some of the broader initial steps from encouraging outreach for career guidance and mentorship programs.

Unconscious bias will continue to exist, Cobb admitted, warning that when we see it, we need to call attention to it.

Editorial standards