By Selena Templeton, Column Editor, IT Security Planet
Despite the fact that:
- we’re seeing more security breaches by sophisticated hackers (70% of companies were successfully cyber-attacked in 2014),
- the cost of these data breaches is on the rise (the average cost rose 23% from 2013 to 2015),
- and InfoSec budgets are increasing each year (global spending is set to top $75B in 2016 – see slide 5)
…the one place where we continually lack improvement is in gender roles.
To this day, women make up a mere 10% of the InfoSec workforce.
One of the sessions at the ISSA-LA Summit that people seemed to be most looking forward to (and was one of the most-packed) was the Women In Security panel, featuring five women from a diverse selection of backgrounds:
- Pamela Fusco started in nursing school but left because she didn’t have the personality for caretaking, joined the U.S. Navy, and eventually made her way into cyber security.
- Cheryl Santor began her career working helpdesks and customer service, embracing a variety of end-user skills that led to a successful career as an Information Security Manager.
- Stephanie Douglas spent 24 years on the cyber risk side of security at the Federal Bureau of Investigation (FBI).
- A love of computers and gaming as a child led to Andrea Hoy’s creating the first CISO Bootcamp and then founding her own InfoSec company.
- And Chenxi Wang’s lifelong interest in technology earned her a Ph.D. in Computer Science.
Dr. Wang shared a story that sounded like it took place 30 or 40 years in the past but, sadly, was just two years ago: after attending the RSA Conference in 2014, she was compelled to start a dialogue—and a Facebook group—about doing away with the notorious “booth babes” that are so prevalent at tech conferences. These are scantily-clad women who strut around advertising tech products and services they know nothing about, only serving to undermine the idea of professional and competent women in the technology, computer or security fields.
Wang, and the rest of the panelists, were part of this ISSA-LA Summit panel to make a difference.
Because balance is required between the demands for business innovation and the necessity to achieve a high level of cyber security, this panel of experts shared their perceptions of how the industry has changed in the last two decades and what, specifically, the tipping point was for each of them.
For Stephanie, the tipping point of the technological industry was when she saw our complete and compliant dependency on devices that are all connected to the Internet—from your coffee maker to your personal banking. With this advancement comes, of course, risk, but we’re so happy to be able to have a device run our lives that we aren’t necessarily paying attention to the risk involved.
Cheryl, who used to have to request security access and then wait 15 minutes (an eternity for today’s generation!), the tipping point for her has been the fact that now customers can do things faster than her company (and certainly many companies), which means that they’re the ones who have to try to keep up rather than blazing the path.
Andrea pointed out that while Google Alerts (“You must leave your currently location now if you are to arrive at the airport on time for your 4:30 flight.”) are convenient, it certainly raises the question of security versus privacy.
Chenxi added to this with her own example that emphasizes the risk/benefit trade off. She and her husband were forced to make an on-the-spot decision that required signing a 17-page mortgage document via the embedded computer in their Internet-connected car—deciding that the benefit for them was greater than the risk.
The final thought that all women left with the audience is that the most helpful thing you can do when entering this industry as a female is to make sure you have a good network of professional and personal women that you can turn to for support—and It is equally important to take the time to mentor younger women who are just entering the field.
Pamela pointed out that when you love the work you do, you often feel alone, and no where is that more apparent than a woman working in the InfoSec field. On the brighter side, Andrea added with a laugh, the lines for the women’s bathrooms at tech conferences are still non-existent.
Here are a few additional groups/associations recommended by these women:
- Women In Security Special Interest Group WIS SIG (ISSA)
- Association for Women in Technology (AWT)
- Grace Hopper Conference
- Equal Respect Facebook Group
- ASIS Women in Security Council
Learn more about the 5 Women In Security panelists here:
- Pamela Fusco, Founding Partner, Gid Grid
- Stephanie Douglas, Senior Advisor, Safety and Security, RANE (Risk Assistance Network and Exchange)
- Andrea Hoy, President/Founder & Virtual CISO/CRO, A.Hoy & Associates
- Cheryl Santor, Information Security Manager, Metropolitan Water District of So. CA
- Chenxi Wang, Chief Strategy Officer, Twistlock
Are you a woman in tech? Which networking groups or associations do you belong to? Let us know using our contact form.
Cover Photo By: Adrien Delstanche
Selena Templeton is the Column Editor for the Women in Security column on IT Security Planet. A freelance writer whose work has appeared in The Hollywood Reporter,JenningsWire and IT Security Planet, Selena also writes and edits for a variety of clients, both solopreneurs and companies, from the entertainment industry to the digital marketing industry.