Too few women in cybersecurity: a gap in our protections that must be addressed

This post was authored by Angela Mckay, Director of Cybersecurity Policy

I started working in the cybersecurity space in almost 15 years ago, first as an engineer for BellSouth Telecommunications and then supporting the Department of Homeland Security’s (DHS) Office of Cybersecurity and Communications in several key roles at Booz Allen Hamilton, before joining Microsoft in 2008. In those years I learned that in at least one respect I was unusual, even exceptional: unlike most of my colleagues and peers, I was a woman.

Diversity in cybersecurity matters for a very practical reason. Those seeking to breach cybersecurity are willing and able to exploit any flawed thinking, any inadvertent blind spot. Cybersecurity teams that fall into group-think or are blind to alternative ways of working through challenges are more likely to miss things and enable hostile actors. Teams that include people with different expertise, backgrounds, genders, ages, cultures are more likely to deliver robust cybersecurity outcomes; implicit assumptions can be more easily challenged and the fullest range of insights on what can go wrong (and hence what can be done) can be gathered.

Diversity also matters from a business perspective. Microsoft’s goal of empowering every person and organization across the world means that our technology needs to reflect the different needs and perspectives of the people who will use it. These perspectives and requirements cross cultural, gender, social and age lines, and our teams need to be able to cross those lines too, even in cybersecurity.
Recently, I had an opportunity to host an event, “Women in Cybersecurity: Opportunities and Experiences” at the Microsoft offices in Washington, D.C. The event addressed the concerning deficit of women in the cybersecurity arena and also explored avenues for making a career in this field attractive for a more diverse range of people.

Fred Humphries, who leads Microsoft’s U.S. government affairs, made an excellent point in his opening remarks: achieving gender balance in the cybersecurity workforce is important but part of doing so is better acknowledging women already active in the sector. Events such as “Women in Cybersecurity” should be a platform for pushing for that acknowledgement. So I’d like to take a moment to acknowledge the impressive women I was honored to join as moderator for a discussion of the practical challenges and opportunities for women in the cybersecurity field.

Brooke Hunter is chief of staff and director of strategic initiatives at New America’s Open Technology Institute. Her career path started in policy-related work in Washington D.C., not just on technology but on media and workplace diversity.

Valecia Maclin, director of cybersecurity and special missions at Raytheon, began (like me) as an engineer, transitioning into the cybersecurity space at a time when it was moving from being a technical, backroom issue to a significant business, government and societal concern.

Dena Graziano, Symantec’s director of federal government affairs started in the policy space, working on Capitol Hill, including for the House Homeland Security Committee and the Judiciary Committee, all of which brought her into privacy and security sphere.

Emily Schneider, cybersecurity consultant at Deloitte & Touche LLP, entered cybersecurity from a distinctly non-technical background, studying literature before going to law school and supporting federal clients in the identity management sector.

As the panel itself shows, there are multiple career paths into the cybersecurity sector for women, so the question is what is hindering our numbers and contributions?

All the panelists found common ground on the challenges facing women. Even with technical experience and skill, the importance of speaking confidently was underscored as a way of ensuring different, opinions were heard. The ability to ask questions and insist on answers was also seen as essential, especially in more technical areas.

The panel discussion and the event’s group exercises and side-bar conversations, confirmed my belief that cybersecurity can and must benefit from diverse contributions from diverse people. By setting clear professional as well as personal priorities, women in particular can and should build strong careers in this space, not least because they (we) are well suited to foster collaboration in increasingly diverse cybersecurity teams. It is, therefore, up to businesses, from leaders like Microsoft to fresh start-ups, to encourage women to engage in the cybersecurity field, and it is up to women to take on the opportunities that cybersecurity offers.

About the Author