Conference Coverage

Browse Sections
This content is part of the Conference Coverage: RSA Conference 2015 special coverage: News, analysis and video
News Stay informed about the latest enterprise technology news and product updates.

Successful women in security tout need for mentoring, encouragement

Female infosec pros say the industry needs to do more to not only encourage women to pursue infosec careers, but also help mentor them along the way.

SAN FRANCISCO -- There's no question that women can thrive working in the information security field, according to a group of women who've done just that, but the industry needs to do more to not only encourage women to pursue infosec careers, but also help mentor them along the way.

Those were some of the key discussion themes during a Monday panel at RSA Conference 2015 exploring the changing role of women in information security.

According to the results of the newly released 2015 (ISC)2 Global Information Security Workforce Study, women account for just 10% of today's infosec workforce. According to panel moderator and freelance journalist Fahmida Rashid, with as many as 900,000 unfilled security jobs today, adding more women to the workforce is essential.

"It's a lopsided team we have out in the field," Rashid said. "That figure is a little disconcerting when women aren't nearly 10% of the population, and considering the fact that study after study says organizations are struggling to fill cybersecurity jobs, that's a very disappointing number."

Rashid offered more statistics highlighting the state of women in security, most notably that 46% of women believe that a gender bias exists in their evaluations, and 56% of women working in technology leave their careers after achieving a midlevel role.

Despite those data points, four female panelists shared their experiences on how they've succeeded and the many valuable skills women bring to information security.

Michelle Johnson Cobb, vice president of marketing for Skybox Security, said that research shows women can provide infosec teams with key expertise in badly needed areas, such as spurring communication, collaboration and teamwork, focusing on big-picture/long-term strategy and fostering innovation.

"One thing I feel strongly about is that the status quo -- this 10% participation figure -- is starting to show its weakness," Cobb said. "Bringing women into information security is going to help in all those areas. It's been shown time and again that having a diverse workforce has those kinds of benefits. So we need to make those changes now."

Penny Leavy, chief operating officer of Outlier Security, noted that information sharing has long been a struggle for the industry as a whole, but it's an area where women have a lot to offer in the way of team-building and looking at the big picture.

"It takes a lot to share information because it makes you vulnerable," Leavy said, "but if we could get more people with those particular traits, we could all benefit."

Women in security: Ask for mentors

All the participants spoke of the importance of having mentors who can offer career help and guidance. Rashid noted that (ISC)2 recently found that 84% of women say they don't have sponsors in their organizations to help mentor them.

Panelist Melinda Rogers, chief information security officer for the U.S. Department of Justice, said she had a mentor earlier in her career whom she credits with helping her be more direct and not worry about hurting anyone's feelings when offering feedback, something she said can be a struggle for women.

Cobb said mentors can be men or women, peers or managers. While a mentor can be someone within a woman's team or department, she recommended taking the opportunity to work with people on different teams or in other organizations.

Rogers added that women shouldn't be afraid to formally ask someone to be a mentor.

"If you feel like you could use a mentor, identify someone you respect," Rogers said. "They're usually flattered; they don't know you need a mentor, and you'd be surprised where making that call is going to take you."

Panelist Angela Knox, engineering director for Cloudmark, said that through pursuing an MBA she learned about the importance of "owning" her career and pushing herself to achieve challenging goals, but that for many women a mentor can serve the same purpose.

Achieving the work-life balance

None of the panelists shied away from an audience member's question about the challenge many women face when they decide to start a family, often at a point when their careers are just starting to take off.

Leavy, who is married to Outlier Security CEO and former HB Gary cofounder Greg Hoglund, said she eventually realized that it wasn't the quantity of time she spent with her now-college-age daughter that mattered, rather it was the quality of that time together.

"You could be there for your child all day, but if you're not engaged, it doesn't matter," Leavy said. "My daughter grew up beautifully, so give yourself a break. If you want to work, you can find someone to help you out."

Rogers, who has twin sons, said there's no magic to finding the right work-life balance, and though it's hard it's OK to have a job you love and work hard doing it.

"I have a lot of guilt about not spending enough time with them," Rogers said, "but I want them to respect their mom when they grow up and know that she had a career to help support them."

Knox, who has two daughters, said the issue is getting easier for women to manage because many companies now recognize that both men and women need flexibility for both work and family.


For women in security, path getting easier

While the path into information security for women may often be circuitous or even accidental -- most of the women on the panel worked either in sales or marketing in some capacity before finding their way into infosec -- they were unanimous in their belief that the gender bias that once existed in the industry has largely gone away.

Leavy said that when going on sales calls early in her career, male customers would often look to her male colleagues for answers instead of to her, but those colleagues would quickly defer to her, and that support helped grow her confidence.

"I don't see that bias anymore," Leavy said. "I feel there are a lot of women given a lot more credibility in the business now. Not as many as we'd like to see, but women in this business are capable, bright and respected by their coworkers."

Cobb said that, in her experience, too many women in infosec feel like they have to be beyond reproach, constantly working to be the best and feeling obligated to prove it over and over again. In reality, she said, it shouldn't be that way.

"You don't always have to wear that armor," Cobb said. "To provide valuable leadership as a woman, you have to tap into the masculine characteristics of leadership, but also the female ones, and that means integrating both sides of your personality."

Attendee La Tonya Simmons, a technical sales engineer with IBM, said she could relate to many of the panelists' experiences; as a biology major, she found her way into information security thanks to the help of mentors who encouraged her beginning as a systems administrator and then an IT engineer.

She said that the industry needs to do more to show girls at an early age that information security can not only be a viable career choice, but also one they can thrive in and enjoy.

Next Steps

Facebook's director of security speaks out on women in IT

The ban on 'booth babes' at RSA may signal new era for infosec women

Dig Deeper on Information security certifications, training and jobs

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What can the industry do to foster greater numbers of women in security jobs
I don't work in security, but I am a woman in IT, and the only woman on my team of 13. It's difficult. I struggle almost daily with feeling out of place, and I believe I would be happier working on a team with at least one or two other women.  

I agree with the tip to find a mentor - especially a female one, if you can. It helps immensely. 
Thanks for sharing your experiences! My takeaway from the session was that the tide has finally turned, in security at least. Perhaps if for no other reason that the desperate workforce shortage, organizations are realizing that talent, from men or women, should be valued and respected. Very uplifting to see. 
It is encouraging to hear that there is at least some recognition at this point for more women to get in to the field of Information Security.  I have been in the IT world for about 15 years and am just beginning my transition into network and cyber security.  Even as a Sys Admin I felt I always had to prove myself.  I have been on many teams where I was the only woman or one of two or three.  I am hoping the tide is changing and women are respected for their skills in this area as well.
I think the biggest thing that can be done is to offer women in various positions the opportunities they need to try out security work and determine if it's a good fit for them without risking their current positions. Offering ways to slowly build people into the right positions might help overcome any feelings of inadequacy that may be keeping them from entering the field.
Security is so important, I don't know why there aren't sponsored programs to help attract all kinds of talent especially women to this important field.
Certainly women, but I think many companies do not put enough emphasis on training and mentoring period.  We aren't training the next generation like we should be, and I think that's a huge problem no matter WHICH demographic you are in. 

Maybe if we better trained and mentored everyone, the IT field would be a place where women and other minorities would feel more comfortable doing.
I agree. Unfortunately fighting the fires of the day are often such a time-consuming struggle for most organizations that anything beyond that, including mentoring, falls to the wayside. It's a problem the industry needs to find ways to address.
@Eric - Sad but true. I’ve worked in many environments where all all efforts were put towards addressing the issue of the day. Today, I think that I’m fortunate to work in an environment that promotes mentoring through a company-wide mentoring program. The first few iterations were smaller, and were used to refine the process, and now individuals from all over the company are paired with mentors to help them succeed in their positions. It took a lot of time and energy for the company to get over the obstacles in moving from reactive to proactive, but it’s an investment that is paying off.
mcorum - my company has recently implemented a program just like that. We just completed the pilot mentoring program, and the team has started taking applications for new mentees. 

I participated in the pilot, and I found it really beneficial. It's a step in the right direction, but our whole IT department is still extremely reactive. In fact, I think that we used to have a better, more mature process but under new management, it feels like we've regressed in the past couple of years. It's very difficult to find any time to concentrate on any training or career development goals. 
I've worked for so many companies where, if there was ever going to be a hope of moving forward and learning something beyond the truly expedient and the here and now, that I had to plan to do it myself. I've had a few lucky breaks where I had a real mentor to work with in my immediate team, but more times than not, I had to mentor myself and learn whatever I could on my own. This is the culture that needs to be addressed, and it needs to be addressed for everyone. Give your tram members time to learn and some incentive to learn, and then incentivise the sharing of what they learn. The more that knowledge is spread around, the better chance real learning and training can take place for everyone. 
While certainly everyone deserves the opportunity to work with a mentor, the reason you focus on female mentors is because men are already pretty successful at obtaining and maintaining these careers. You can tell because they are 90% of the workforce. So if your goal is to increase the total number of people in the security field, yes, mentor everybody until we have enough people to fill all the unfilled positions. But if your goal is to increase the number of women willing to fill those positions (which would necessarily increase the number of people available to fill unfilled positions) you focus on mentoring women.