What I Learned from the Women Changing Cybersecurity

“One of the crucial things we can do to make an impact is to be seen, and to do things like this, to be vocal, to be out there…You can’t be what you can’t see.”

Words from Aileen Ryan, Senior Director of Portfolio Strategy at Siemens EDA, stayed with me as I listened back to the podcast episode we’d recorded a week prior. The discussion, also featuring Uma Rajagopal (Amazon’s Industry Security Specialist) and Netacea’s Lead Data Analyst, Paulina Cakalli, left me plenty to think about on how women are treated in technical roles, and the importance of having women at the forefront of cyber brands, to be seen, to be vocal, to be out there.

Listen to ‘The Women Changing Cybersecurity’ on your favorite podcast platform now.

Influences and inspirations

What was clear from the beginning, as we completed the formal introductions on over Zoom, was that each of the panelists had entered a technical career after being inspired by their surroundings and refusing to conform to expectation. Whether it was Paulina leaving behind her family farming in Albania, Uma following in the footsteps of her diligent Indian mother, or Aileen with her stubborn response to a careers advisor back in Ireland, each of my guests followed their gut in pursuing a passion for technology. Regardless of generation, culture, or background, all three had, from a young age, shown resilience in their nonconformist goals.

But telling your family you want to work in cybersecurity isn’t always an easy thing; for Paulina, who grew up without computer access or internet until she was 16 years old (in 2010), it was not easy for her to break into cybersecurity. She was met with reactions for deciding to pursue a career outside of the traditional responsibilities of a woman, like doing housework and raising children. Some women may also be put off by the image of hackers as criminals, but this is not (always) the case, as Uma criticized: “Don’t be put off by the antisocial basement-hacker type of image. Cybersecurity is not like that. We are all professionals with a serious and important role in helping to protect the businesses, the consumer, the nation, the wider society, and generations to come.”

Challenges in a male-dominated industry

Familial backlash wasn’t the worst of the panelists’ problems, however; whether working at a startup, educational institution or established enterprise, the gender imbalance across cybersecurity was overwhelming. When I asked what specific challenges Uma, Paulina and Aileen had faced over the last 30 years of their collective careers, and having anticipated a narrative of derogatory comments and misogynistic assumptions, I was still shocked at the responses.

“I do remember in one role many years ago,” recalls Aileen, “One very nice gentleman was saying that he hadn’t received any comments back on his document, and I knew I had sent him back a critique of this document. So, I said on a conference call, “No, I did send you some notes.” And he stopped. And he said, “In a hospital, a surgeon does not ask the janitor to critique his work.”

Uma and Paulina recounted similar instances of male colleagues presuming they were at the table to take notes or make the tea. They spoke about being interrupted in technical discussions, talked over by men in the room, and assumed to be a junior.  Drawing from experience, they explained a lot of the time there’s no intent to marginalize or exclude women, but that colleagues make assumptions based off their prior experiences. It might seem like a problem of generations gone by, but for Paulina, who started her career in cyber just seven years ago, the treatment was similar.

“I started my career when I was 20 years old, and my first job was working in IT. There were 11 men, and I was a student. I was sitting all day on that chair, no one asked me like about my ideas. And even when they went out for lunch, for example, they didn’t invite me.

Something brought to light by Uma was the personal challenge of doubting yourself and your abilities as a woman in a male-dominated field.

“Early in my career, I was intimidated by everyone else in the room, mostly of men,” explained Uma. “I was scared to even speak up or share my ideas when I was the minority, being an Asian and a woman. After all that struggle I went through, later I realized that it’s okay to take pride in myself and share that with the others who supported me.”

The superpower of the female voice and amplification

What all three of my guests had in common was their choice to turn their experiences into a superpower, as Aileen called it. She spoke about the power of people underestimating you as a woman and the advantage to being the only woman in the room.

“You may not be particularly vocal in the meeting, but by listening and absorbing, sometimes you’re able to come in and either close down an argument, bring a point to a conclusion, or suddenly move things out of conversation into decision making. And I find that being a slightly different voice in the room can be used to your advantage.”

Building on this, we discussed the advantage of offering a fresh perspective as a woman in a room full of male colleagues – thinking about challenges differently and providing alternative solutions. But what remained the overwhelming thread of the discussion was this idea of amplification. Uma explained she had picked up this technique from a female White House advisor that had started using it to get their point across the table and ended up going viral.

The premise is simple: a woman making a point or contributing an idea is acknowledged by another woman in the room who repeats it and gives credit to the original speaker. Not only does it elevate other women in the room, but, according to Uma, it achieves good results during decision making too.

But why must it only be women amplifying each other’s ideas? Let us not underestimate the importance of men around you acting as an ally. Once biased behavior is pointed out to male colleagues, they can help to address the problem too.

With so few women working in senior positions in the industry, we can’t solve these issues on our own. We need allies who can help to change this culture.

‘You can’t be what you can’t see’

So, where does this leave us? Are we seeing more women being encouraged and accepted as professionals in cybersecurity? The Global Information Security Workforce Study from (ISC)² and its Centre for Cyber Safety and Education revealed in 2017 that women made up only 11% of the global cybersecurity workforce. In 2019, another survey by (ISC)² titled 2019 Women in Cybersecurity Report revealed that women now represent 24% of the cybersecurity workforce. A promising statistic.

But we still have progress to make, so why is it that women seem reluctant to apply to cybersecurity roles? The panel agreed that there is a tendency for women to not apply for jobs unless they meet 100% of the job specification requirements, as opposed to men who are more likely to apply to for the job, even if they only match 60% of the criteria. According to Uma, by changing the language slightly on job descriptions, employers could see a phenomenal difference in getting women into the cyberspace.

Aileen added an interesting point; she referenced research which explains how women instinctively seek out careers where they can easily join the dots between what they’re doing and the difference they’re making. In tech careers, that hasn’t always been the case.

“I do think it feels to me intuitively like cybersecurity is an area where you can see the impact, you know, you can join the dots between ‘this is what happened’, ‘this is what I did’, and ‘this is what the impact was and it was good.’ That kind of outcome orientation is going to be helpful in encouraging other women into this type of career,” explained Aileen.

The next generation of women in cyber

What was poignant to me as we finished the podcast, was the impact of what everyone on the panel is doing personally to encourage more women into cyber, and support female colleagues. Through their own struggles and challenges, there was definitely a collective sense of responsibility to future generations.

From organizing a security information conference in Albania, to spotlighting junior female colleagues in women’s leadership initiatives, to visiting local schools in northern Virginia to teach them the importance of cybersecurity, the focus on amplification, community and solidarity was tangible.

Speaking to three women from diverse cultures and generations working in the same industry incited anger, shock but also a sense of hope. If women across cybersecurity and across the globe are actively participating in similar projects and movements, while crucially getting the support of male colleagues, then things will slowly change, never overnight, but always for the better.

The more we diversify the technical landscape, the better the ideas will be, and the more progress we can make together.