Oct. 19, 2016
Several years ago, when I was in my early 30s, I interviewed for a technical cybersecurity position with a Fortune 500 company. It was a stretch interview: I don’t have a computer science degree but had spent time and money pursuing technical certifications, teaching myself how to use BackTrack, (a version of Linux designed for digital forensics and penetration testing use) and networking like crazy to try and break into the field. I was invigorated by the prospect of being immersed in a new industry, one that was in its infancy and had tremendous opportunity and potential. I didn’t get the job, which didn’t surprise me.
What did surprise me was what happened at the end of my conversation with the hiring manager. I had just finished explaining why I’d be a great candidate: I thrived in new environments, and my previous roles had prepared me for the open position. When I paused to give the manager, who was roughly my age, an opportunity to react, he didn’t comment on my lack of hands-on-experience or how my technical certifications were inadequate. He said he was surprised that he was interviewing a mom.
In his defense, he didn’t say this was a bad thing and his tone of voice didn’t relay any connotations, positive or negative. It was just a statement. “I’m surprised to be interviewing a mom.” Hindsight being 20/20, I wish I had asked him why. Instead, caught off guard, I sat silently. He asked me a question about encryption techniques and the interview went on.
Nearly 10 years later, I’ve now broken into the industry — I’m a cyber strategist and I work for a federally funded research and development corporation advising government sponsors on cyber strategy and policy implementation and capacity building. But I still think about that statement. It was the first time I remember being aware that there was some correlation between my being a mother (or a woman, or a parent, or something personal) and my being considered for a job. I know — naïve right? To think of yourself as just a “worker” in the eyes of a prospective employer? Naivety aside, that experience led me to start thinking about the relationships among sex, gender and being a human in the tech industry. There’s one prominent dynamic I’ve noticed since then that I think deserves attention. I call it Genderism.
Genderism is a term I use to describe a dangerously transparent patriarchy that plagues industry, and it may affect technical industry more than others. It’s transparent because it’s often overlooked or completely ignored. It’s dangerous because it negatively impacts nearly every part of working life. That’s in part because it’s different from sexism. One’s sex is determined by the physical attributes that make them male, female or transsexual, the form their physical body takes. Sexism is the unfair treatment of people because of their sex. What I’m describing here is genderism, sexism’s evil twin. Our gender is defined by the behavioral, cultural, or psychological traits typically associated with one’s sex. Genderism is my term for a disdain for femininity — and it hurts men and women.
Here’s what I mean. There are some traits that, according to research, tend to appear more prominently in women (not all women). These include traits like empathy, vulnerability, humility, inclusiveness, generosity, balance, and patience. But humans are complex. We all possess a unique personal cocktail of traditionally “feminine” and “masculine” gender traits.
In an ideal world, we would call all of these “human” traits. But since humans like to label things, and for the purposes of my argument, I’m calling attention to the traits that appear more commonly in women. I’ve found that there’s a strange double standard that occurs in industries where masculine gender traits and behaviors are highly valued when they are demonstrated by men, and sometimes valued when they are demonstrated by women. Feminine traits and behaviors, on the other hand, are rarely valued when demonstrated by women and entirely disadvantageous when demonstrated by men. This dualism can be more destructive than sexism because it not only devalues women bodily in the workforce, it devalues anything feminine in the workforce — whether that femininity appears in a woman, or in a man, or in an idea or a concept.
Imagine a male being assertive in the workplace — that behavior is expected and often appreciated. Imagine a woman being assertive in the workplace — maybe that’s appreciated, or maybe she’s called pushy, arrogant or abrasive . Now imagine a woman showing an emotion, maybe even tearing up in a meeting — makes you cringe, doesn’t it? But consider that a man tearing up in a meeting is often just as stigmatized. The fact is that women not only face sexism (like the assertiveness example) but men and women both face feminine genderism at work. There is a transparent layer of disdain for feminine attributes that pervades the workplace.
Cybersecurity is at risk for pervasive genderism. It’s male-dominated (the latest numbers show that women comprise only 10 percent of the workforce). But my concern is not just that cybersecurity is lacking in women (bodily), it’s that cybersecurity is lacking in “feminine” thought. One example is the propensity to define our work with a vocabulary constructed by men to discuss culturally masculine disciplines — we talk about the adversary a lot, but not so much about our friends in cyberspace. In their 2007 study, “Women, Science and Interdisciplinary Ways of Working,” Diana Rhoten and Stephanie Pfirman discuss correlation between gender and specialization, with preliminary findings suggesting that women might have a predilection for interdisciplinarity.
Their research demonstrates that women were likely to pursue interdisciplinary research and inquiry more readily than men. However, in cybersecurity, we still spend more time analyzing a kill chain and the individual technical steps and processes associated with it then we do telling the holistic story of a cyber incident and drawing interdisciplinary conclusions. The images and terminology of “militarized” cyber are all over industry (attack and defend for example) while cyber capacity building is relegated to academia and diplomacy. I would argue that cybersecurity is becoming more and more specialized and hierarchical; a tough nut to crack for smart humans who think in terms of webs and relationships rather than pyramids and processes.
Gender issues are highly sensitive and can elicit visceral reactions from all sides. I realize that by suggesting that some forms of thought are correlated with femininity, I risk a scathing outpouring of criticism from those who strongly believe gendered labels are the root of evil and must be destroyed. And that may be the right long-term goal. But for now, I’m more concerned with the lack of important human values like relationships, inclusiveness, mediation and openness in the way we talk and think about cybersecurity. Addressing that lack may be the best chance we have at balancing the culture of the industry and in turn, attracting more females to the field.