Equal Respect: Removing Roadblocks to Diversity in Infosec

In intelligence analysis, you have to be aware of your biases so you don’t assume things about a person. And we assume many things about women or minorities.
— Rebekah Brown

Kelly Jackson Higgins (moderator) – Executive Editor at Dark Reading

 
Jamesha Fisher – Security Operations Engineer at GitHub

Jamesha Fisher – Security Operations Engineer at GitHub

Dr. Chenxi Wang – Chief Strategy Officer at Twistlock, co-founder of the Equal Respect Column

Dr. Chenxi Wang – Chief Strategy Officer at Twistlock, co-founder of the Equal Respect Column

Rebekah Brown – Threat Intelligence Lead at Rapid7

Rebekah Brown – Threat Intelligence Lead at Rapid7

Angie Leifson – Security Operations Center (SOC) Analyst at Insight Enterprises

Angie Leifson – Security Operations Center (SOC) Analyst at Insight Enterprises


Women make up just 10% of the infosec workforce and of those, 3% are African-American women and 1% are Latina women. In this WISP and Equal Respect panel about the continued lack of diversity in the infosec and technology space, these five women discussed their own experiences and offered insight about attracting more women to this field.

Although there’s been a big push for decades to bring in more diverse candidates among those who qualify, the women on this panel illustrated how their industries are still inadvertently putting up a roadblock to diversity right from the initial recruiting and hiring stage. And women and minorities are being excluded – from job descriptions to informal company events – by people who aren’t necessarily aware that they are subscribing to some form of -ism (racism, sexism, heterosexism).

For example, Chenxi Wang said, “I see a lot of inherent bias in job descriptions. Hiring managers have an actual person in mind when writing the description.” If, for example, you need to replace Phil who worked in IT security, had a ponytail, worked late hours because he’s single, and played Nerf basketball with the boys, many job recruiters will unconsciously describe the same guy. “Computer science needs better human behavior skills,” added Wang. “The way we communicate about infosec or tech is one-sided and hard for females to relate.”

Several of the women on the panel agreed that when job descriptions exclude women and minorities in the language, most women will not even apply. In fact, women tend not to apply for jobs when their experience only matches, say, 75% of what the company is looking for while in contrast, men tend to apply for positions even when their experience only matches 25%. Fisher stated that “we don’t give the opportunity of potential to women and minorities in the industry that we do to white men.”

Angie Leifson advised that women “apply anyway, even if you don’t match word for word the job description. Maybe you can wow them in the interview. Many women are shy to do this, but if you stay persistent you always have a chance, not matter how small. But if you give up, you have no chance.”

All women were asked what they look for when hiring.

Someone who is curious, likes to take things apart, and enjoys working with a team.
— Jamesha Fisher
A curious mind, resourcefulness, someone who asks questions.
— Chenxi Wang
Someone who asks questions, is okay admitting they don’t know something, is happy to give back (as a mentor or in other ways).
— Rebekah Brown
Mild temperament but willing to get aggressive, team playing. I will also ask ‘How many times do you ask why? in a day?
— Angie Leifson

What does diversity bring to the job or the organization? Diversity means more points of view, which benefits any company. According to the National Center for Women and Information Technology (note: opens a PDF in a new window), “An investigation of 500 U.S. businesses found that companies with more race and gender diverse teams had higher sales revenue, more customers, greater market share, and greater profits than did less diverse companies”

But diversity alone won’t cut it – inclusion is also important for retention. It’s no good hiring a woman at an all-male company or department if they exclude her from discussions or casual lunches, never mind promotions. For Fisher, diversity means not having to worry about proving herself so she can do her job much better. And as Leifson reminded the audience, “A company can’t be diversified if its people aren’t diversified.”

The effects of this push for diversity haven’t quite reached the core of most businesses. In other words, many companies are talking the talk, but are they walking the walk? Wang was at a recent Microsoft gaming event where scantily-clad girls were dancing on the tables. Much like the notorious “booth babes” present at many trade shows, this tradition continues even when those same companies are talking “diversity.”

As Wang said, “Diversity should be in every aspect of your company: language, salary, how you present yourself—whether you’re being Tweeted about or not.”

Here are a few additional groups/associations recommended by these women:

Are you a woman in tech? Which networking groups or associations do you belong to? Let us know on Twitter at @ITSPMagazine or by using the button below.