The technology industry has, at least, for the past forty years, been something of a sausage-fest, with men dominating almost all tiers of the workplace. A new report from infosec industry group, the (ISC)2, shows that’s gradually changing. Not only are women representing a larger swathe of the cybersecurity workforce, they’re also accomplishing great things in leadership roles.
The (ISC)2 Cybersecurity Workforce Study shows that women comprise an estimated 24 percent of the cybersecurity workforce. While that’s far from an even (and ideal) 50-50 split, it’s certainly indicative of an upwards trend of more women joining the industry. For context, in 2017, women made up just 11 percent of the burgeoning cybersecurity sphere.
It’s worth noting that this study, while promising, has significantly changed the parameters of who is included in the sample by widening the professions eligible for inclusion. Previously, the group consisted solely of infosec professionals working in official cybersecurity professions. In the latest edition, the survey sample includes other IT/ICT workers who dedicate at least a quarter of their working time on cybersecurity-related responsibilities, even if it’s not their main job.
It’s worth mentioning that the methodology for the latest iteration of the study has generated some discussion, highlighting the difficulty of pinning down the true figure of women in infosec. If anything can be gleaned from this report, it’s that women have been doing infosec for a lot longer, and a lot more often, than has been previously recognized.
What is an infosec worker?
Not everyone in infosec is necessarily a penetration tester, and not everyone in infosec spends all their time sat dealing with security-related problems. It’s worth recognizing that this is a field that’s fundamentally multidisciplinary in nature, and people often wear multiple hats (all white, one hopes) while working in the same role.
You could be an instructor who trains office workers how to perform their jobs without exposing the business to any unnecessary security risks (like, for example, using random USB flash drives that you found on the street). Programmers could spend their time reviewing code in order to find security vulnerabilities before a potential adversary does. You could be a journalist working on a security beat, writing important analysis about industry trends.
When I mentioned I was working on this post, someone (quite rightfully) pointed out that the involvement of women in infosec is nothing new. Women have historically had an enlarged role when it comes to keeping and protecting business information, working in fields like archiving and library science. And that, it could be argued, isn’t too far removed from today’s digital roles.
Growing presence? #infosec started decades ago with librarians, archivists, records and information managers, and file clerks, all traditionally female dominated professions. Women are, in fact, the keepers of information at home and in business. https://t.co/2VIiyWdySg
— Sharon K. Sandeen (@SharonSandeen) April 2, 2019
The report also shows that women are increasingly taking up a leadership role in the infosec industry. According to the (ISC)2, some 28 percent of women who responded to the survey hold a C-level or executive role. In comparison, only 19 percent of men said the same.
Similarly, seven percent of female respondents hold the coveted Chief Technology Officer position, compared to just two percent of men. A further 18 percent of women have a job title of IT director, compared to 14 percent of men.
So, in short: there’s more women in information security. Not only that, but they’re climbing the highest echelons of the industry and attaining leadership roles. Of course, there’s a long way to go, but overall, this is extremely good news. You can find out more about the (ISC)2 Cybersecurity Workforce Study here.
Meet the experts
Of course, I don’t want to merely tell you about these accomplished women. I want you to follow them and see their accomplishments first-hand. While writing this piece, I reached out to my Twitter followers and asked what women in infosec they admired. The response overwhelming. Dozens of people got in touch, to the point where Twitter said (paraphrased): “I see you’re getting a shitload of notifications. Want to set up some filters?”
Infosec twitter: Who are the women you admire, and what are their handles?
I'm writing a piece about the growing presence of women in the industry, and it couldn't hurt to highlight some excellent examples of cybersecurity excellence.
— Matthew Hughes (@matthewhughes) April 2, 2019
Obviously, this isn’t an exhaustive list. Not even close. There are hundreds of thousands of people working in infosec. It’d be impossible to highlight all the wonderful and talented women in this sphere. Consider this list, albeit embarassingly small, a solid starting place.
It’s also indicative of what the report tries to argue, insofar as you don’t have to be a pentester in order to be considered an infosec professional. Information security is a multidisciplinary field, with countless avenues of entry. Below, you’ll find developers, analysts, authors, educators, and much more.
- Lesley Carhart, Principal Threat Hunder at Dragos Inc
- Keirsten Brager, ICS Security Engineer
- Swati Khandelwal, Cybersecurity reporter at The Hacker News
- Kate O’Flaherty, freelance security journalist
- Amanda Rousseau (AKA MalwareUnicorn), Offensive Security Researcher at Facebook
- Jenny Radcliffe, social engineering expert
- Kelly Lum, Appsec at Spotify and NYU professor
- Katie Moussouris, Founder and CEO at Luta Security
- Wendy Nather, Head of Advisory CISOs at Duo Security
- Eva Galperin, Director of Cybersecurity at the EFF
- Tracy Z. Maleeff (AKA InfosecSherpa), Analyst at GlaxoSmithKline
- Binni Shah, Malware and Linux expert
- Joanna Rutkowska, Founder of QubesOS
- Maddie Stone, Security Engineer at Google
- Yan Zhu, CSO at Brave
- Georgia Weidman, Author of Penetration Testing: A Hands-On Introduction to Hacking
- Tanya Janca, Cloud Advocate at Microsoft
- Alissa Torres, digital forensics expert
- Jessica Payne, security researcher and blogger at Microsoft
- Melanie Ensign, Security and Privacy Communications at Uber
- Mary Aiken, cyberpsychologist and author
- Alison Gianotto (AKA Snipe), Founder and Chief Mohawk Officer of Grokability
- Parisa Tabriz, Director of Engineering at Google Chrome
- Dr Jessica Barker, co-founder of Cygenita
- Shannon Morse (AKA Snubs), security broadcaster and educator
- Jovi Umawing, Analyst at Malwarebytes
- Kate Brew, editor of AT&T’s cybersecurity blog
- Tailor Tolliver (AKA, DigitalEmpress), cybersecurity engineer and mentor
- Kim Crawley, security writer
And it goes on. Really, it does. I wouldn’t be surprised if there’s more than 100 names mentioned in my thread. If you’re a security professional looking to diversify your following list, or are merely looking to learn more about this fascinating and important field, it’s worth checking out.
TNW Conference 2019 is coming! Check out our glorious new location, an inspiring line-up of speakers and activities, and how to be a part of this annual tech extravaganza by clicking here.