Modern field guide to security and privacy

Opinion: Cracking the cybersecurity gender code

Attracting more women into the male-dominated cybersecurity field means ditching the bro pipeline of computer science, military, and intelligence recruits and drawing from disciplines such as law and public policy.

Ann Hermes/The Christian Science Monitor
Attendees at the 2016 Black Hat cybersecurity conference in Las Vegas.

It's hardly news that women are poorly represented in tech. In 2015, women held just 25 percent of computing jobs, and companies such as Twitter and Google have been widely criticized for lacking gender diversity.

The cybersecurity field is even more imbalanced, with just 11 percent of jobs held by women, according to the nonprofit Women’s Society of Cyberjutsu.

Yet not every corner of the tech universe is equally male-centric. Consider the digital privacy field, those professionals charged with developing and implementing policies to protect employee and customer data from unauthorized access.

While privacy goes hand-in-hand with cybersecurity, given its emphasis on protecting customer data, it has a nearly perfect gender split. There are more female than male chief privacy officers in the US, and conferences on the subject are much more balanced.

Why is privacy faring so much better? It starts with the pipeline. Privacy is an accessible and multidisciplinary field that is frequently taught in law and public policy courses. As a result, professionals from law, policy, and human resource management have come to dominate the industry, bringing far more women into the field.

Contrast that to the pipeline feeding the cybersecurity workforce, which has traditionally drawn from male-dominated disciplines such as computer science (including hackers and coders) and national security (especially military, law enforcement, and intelligence).

As a result, the culture of security largely mirrors that of technogeeks, cops, and spooks. (It's telling that Google gives its Site Reliability Engineers bomber jackets with military-style patches.)

In contrast, the privacy community has roots in issues that themselves favor gender balance: civil liberties, consumer protection, equality, and reproductive rights. For instance, Supreme Court justices in the Roe v. Wade wrote that the "right of privacy ... is broad enough to encompass a woman's decision whether or not to terminate her pregnancy,” branding privacy as a core gender and feminist issue. Many women I have spoken with "found" their way into the privacy field following stints at other advocacy organizations.

Workplace policies have also played a role in helping women in privacy. When it first emerged as a distinct role within companies, privacy was seen as a family-friendly space, perhaps offering flexible hours and less responsibility than other mid-career roles.

In contrast, security is perceived to be more competitive, as a failure to keep a network secure can put your job on the line. Breaches can occur at any time, day or night, so work hours are not always family-friendly (though this gap is closing as privacy and security become more tightly intertwined).

Of course, women in privacy still face significant challenges, including pay equity: the mean salary for chief privacy officers remains under $200,000, while chief information security officers generally make more than $300,000, and in big companies, usually above $500,000.

The women I talked with also felt privacy was undervalued as a profession and is less respected than security. As privacy professionals spend more of their time managing the same data breaches as their cybersecurity counterparts, they often face many of the same risks, but without the potential prestige or rewards.

On the whole, though, cybersecurity and other tech sectors would be wise to look to the privacy field for inspiration. 

Some suggestions: 

  1. Ditch the bro pipeline: Start recruiting from fields outside of computer science, the military, and intelligence communities. Think about psychology, law, public policy – all fields that teach skills useful for deep cybersecurity problem-solving. Women in these fields bring a lot to the table – and can set examples for other women to follow.
  2. Find a newbie: Whether you’re a woman or man in the field, think about becoming a mentor for young women. Many women I have spoken with say it was a mentor – and often a man – who encouraged them to pursue a cybersecurity career.
  3. Tout your security cred: If you’re a woman in the privacy or security fields, don’t be afraid to sell your security accomplishments. I have noticed many women in the field focus on their privacy accomplishments, even though they also have strong security experience. This could be a result of the general tendency for women to understate their accomplishments.
  4. Sell the human side: Companies tend to market the industry as a cool, hacker-dominated space that needs "warriors" to police territory like the Wild Wild West. The industry could do more to market to women. Security, after all, is about protecting things that matter to people. Why not include that fact in marketing campaigns? 
  5. Be flexible, but not too flexible: Companies should do more to support a diverse workforce, including offering telecommuting, flexible time, and family leave options. At the same time, there is risk in being too accommodating. As the privacy industry discovered, once an industry is perceived as female-dominated, it can be accompanied by lower pay, lower prestige, and limited upward mobility. 

It’s not clear whether having a male-dominated workforce affects security or other outcomes of the tech industry, but we do know that problems emerge whenever a single gender – male or female – dominates an industry. That's especially true for the workers who are in the minority, and for how their majority workers perceive them.

A gender imbalance can keep important issues out of the public debate, too, and that’s a problem for anyone who cares about security, in the digital realm or in real life. Cybersecurity is one of the greatest challenges we are facing, and the best way to develop effective solutions for tomorrow will be to ensure that everyone—men and women alike—is given a seat at the table today. 

Betsy Cooper, the executive director of the Center for Long-Term Cybersecurity and a Truman National Security Project Fellow, was recently named one of SC Magazine's "Women in Security Power Players." She would like to thank Elizabeth Weingarten from New America for her assistance with this article.

 

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.