What 'glass ceiling'? Women are landing top-notch security positions.
At a major security conference a couple of years ago, three of the nation's top information security leaders convened to meet the press. All of them were women.
"We looked at each other and said, 'Well, that's odd.' Then we all smiled because, really, not that long ago we would have been the only ones in a sea of men," recalls Lisa "LJ" Johnson, the CISO for Nike, who was one of that notable trio.
As the role of the security executive has grown from that of a pure technologist to a risk strategist, so have the ranks of women in companies' infosecurity programs. Now, strong communication, program and project management skills are highly valued.
|An Executive Decision|
At the first Executive Women's Forum on Information Security, Privacy and Risk Management in 2003, women executives raised a glass, so to speak, to shattering glass ceilings.
The brainchild of Joyce Brocaglia, who is the CEO of information security recruiter Alta Associates, the EWF has since expanded its ranks and its influence by providing numerous, year-round networking opportunities.
Yet the conference remains true to its original mission to provide a unique opportunity for women to share advice and experiences that ultimately benefit not just their gender but the industry as a whole.
"With the EWF, women are aware of how other women succeed in gaining influence, building consensus, getting their point of views conveyed, and getting their voice heard both inside their own companies and externally," Brocaglia explains.w
"Those kinds of skills lend themselves naturally to women," explains Joyce Brocaglia, CEO of information security recruiting firm Alta Associates and founder of the Executive Women's Forum on Information Security, Privacy and Risk Management (see "An Executive Decision," right). "Women are attuned naturally to juggling a lot of things, and their experiences in multitasking, communicating and negotiating are all contributing factors to their success."
Adds Peter Gregory, a senior security strategist: "Women are very valuable; they think differently. Talented women can and will stir things up in a good way. Men want to fix it quick, women want to understand. Women improve a professional working team for a number of reasons; they see problems differently and they bring a good perspective to the table."
Johnson, who earned a degree in forestry and began her IT career through a temp job, agrees that a shift in attitude toward information security as a business enabler, rather than productivity blocker, has turned the roles of CSO and CISO into those of a problem-solver with a firm grasp on risk management. That requires learning the language of business and getting a firm understanding of how enterprises operate.
"It's much more of a complex challenge, and it requires relationships and taking time to understand a business before you can be understood," she says. "Maybe that is what's drawing more women into the business."
Rebecca Norlander, who came to Microsoft as an Office application developer and now is general manager of its Security Technology Unit, believes that the ability to view issues from myriad angles serves a useful tool in developing operational, tactical and strategic goals. "I think women have a higher tendency to look at computers as tools in their daily life that solve a larger problem and need to be treated with care, whereas a lot of men see [security] as a technical challenge."
As such, Norlander says, women are "uniquely positioned to paint a picture of what you're actually trying to accomplish, and then translate it into nitty-gritty technical details in the solutions. Most men do the opposite."
But some, like Suzanne Hall, AARP's director of IT operations, says the workplace still has a ways to go. "Security has a seat at the table and is reporting to the highest levels," Hall says. "As a woman, the impact is the same as it was for many women who first found themselves at the executive table: Look around, and you are often the only woman."
Hall, an accountant by education who not only runs AARP's security division but heads all of its IT operations, finds that female business leaders are more plentiful in other areas, such as marketing and human resources, than in information security. "I found most women that started out when I did over time have chosen to stay home or take on a profession that doesn't require them to be out of the home as much as IT can," she says. "It's still not the most hospitable climate for women in general."
That's one reason global companies such as Microsoft are investing millions of dollars into college scholarships, computer research labs and recruitment of minorities and women. It also hosts internal regional conferences on work/life issues for its female sales force to help them to better handle schedules, child care and task-sharing in the home and at work. Not that men don't have similar struggles once they become fathers, but the workplace bias is still there, and these companies are working to fix that.
Adrienne L. Hall, senior director of Microsoft's Trustworthy Computing initiative, remembers being told by a customer that it was useless for them to build a work relationship because she'd soon have children and leave. The customer later apologized for his remark. "I think there's always a tension around the time people spend at the office and at home, and women have that aspect to consider in terms of when they would take a promotion or when they would have a child," she says. "There's a need for increasing awareness and sharing best practices for it."
That's one reason that, five years ago, Brocaglia founded the Executive Women's Forum (EWF), which meets annually to build alliances and advance careers.
"We help to make women aware of how other women succeed in gaining influence and consensus and getting their point of views conveyed," Brocaglia explains. New to this year's conference in September will be the announcement that an EWF fellow will receive a full two-year scholarship to the Carnegie Mellon Information Networking Institute (INI) for her master's of science degree in information security technology and management. In addition, the recipient will be mentored by an EWF participant. It's another step in strengthening female bonds and fostering cooperation, rather than competition.
"The biggest change I've seen in the 20 years I've been recruiting...is the huge change in attitude of women from the old days of 'I got here the hard way and you have to pay your dues, too,' to a complete turnaround, where women are incredibly gracious and willing to help other women to succeed," Brocaglia says.
"The women who attend the forum have this determination to share and help each other, be open and honest, and really go out of their way to make other women successful.
And that's a huge advancement," she says.
Dig Deeper on Information security certifications, training and jobs
For board of directors, cybersecurity literacy is essential
Women in cybersecurity work to grow voice in US lawmaking
Women now almost a quarter of cyber security workforce
Recruiting women key to closing cyber security skills gap, say experts