Putting Lipstick on a Pig

I was Googling when tragedy struck. As a cybersecurity strategist, I was trying to find images of a female cybersecurity expert to refresh a dated briefing presentation. When I typed “cyber, woman” and then clicked “Images,” my giant, super-jumbo widescreen monitor was suddenly filled wall-to-wall with sexually explicit imagery. There were women in skin-tight neoprene bodysuits holding silver orbs over their breasts and completely nude women in provocative postures with transparent lines of code covering their bodies. There were futuristically-styled women holding all-too-phallic corn on the cob or huge, intimidating medical syringes. There were women in bondage gear. I closed the tab. Within a few seconds the shock wore off and I initiated a new search, this time with the phrase “cyber, professional.” The results were just that…professional, and I found the imagery I needed.

So what’s the real issue here? Are the engineers tagging imagery or writing algorithms for search results just overtly, blatantly sexist? I suspected that my choice of search terms had caused me to stumble upon a characterized “cyberwoman.” To check this theory, I Googled up “cyber, man.” What I found was a montage to Dr. Who’s “Cybermen” — a fictional race of cyborgs. Somehow, I wasn’t reassured. How did things get so sexually skewed when it came to the cyberwoman character? At a time when the cybersecurity industry is largely lacking in female representation, I think the characterizations deserve attention.

Cyberspace is an intangible realm and so there’s a high degree of fantasy, imagination and mystery involved when it’s integrated into entertainment or media. That leads to the bionic man character, the depictions of shadowy figures, and the sexualized woman character. The issue with these images is that the female versions are hyper-sexualized depictions, some including a nod to sexual violence. The male versions are non-humans, machines incapable of feelings and emotions. This matters because these “fantasy” characterizations leak into our subconscious perceptions and contribute to the identity of the industry as a whole.

Right now, that identity is largely male-centered: the cybersecurity industry is still only 10 percent female, which has prompted professionals to suggest things like female-only hackathons, women-centric cyber career fairs and corporate mentorship forums to boost parity. The problem with these efforts is that they attempt to put lipstick on a pig — to attract women into a field that is defined by questionable visual depictions; a sketchy-guy-in-a-hoodie (the guy that girls are taught to avoid), a de-humanized robot, an objectified hyper-sexualized woman or worse. Until we address the deep cultural and social undercurrents that contribute to the production of this imagery, women will be suspicious and less likely to give a career that has anything to do with cyberspace a chance. Cybersecurity isn’t just suffering from a gender parity crisis, it’s suffering from an identity crisis that is contributing to a lack of gender parity. What, exactly, are the characteristics that make up cybersecurity’s identity? An attack/defend mindset; a threat-centric focus; the lurking presence of powerful adversaries. Add to that list the guy in the hoodie and a skewed vision of women on the wrong side of a social power dynamic. Do we, as a collective industry, really want to continue with this overwhelmingly dark and fear-ridden persona?

Our failure to address the implications of the industry’s narrowly defined identity is contributing to cybersecurity’s massive gender gap. So how do we, as professionals in the industry, help to push past limiting contours and expand cybersecurity’s identity beyond attackers and tools, and beyond fear, uncertainty and doubt?

First, we can change the conversation. For every panel or meeting that focuses on the security of cyberspace, we should also talk about the care and good stewardship of cyberspace. When do we ever discuss ethics of secure engineering or secure coding at conferences, or examine what social responsibility cyber specialists have as they develop new and innovative ways to harness the internet? For example, there’s a lot of discussion going on regarding the security of self-driving vehicles. Who in the technology industry is talking about the security of the 1.8 million truck drivers in America who may be out of work when self-driving big rigs are a reality?

For teachers, this conversation change could mean incorporating ethics and the underlying philosophies of how technology is used, secured and exploited into your lesson plans. Parents can start asking their teens “who benefits?” and “who gets shafted?” when pirated materials are downloaded. Open dialogue, community-oriented solutions, and peace and consensus-building efforts should be represented as equally as protectionism, adversary profiling and defensive measures. Microsoft’s recent plea for a Digital Geneva Convention that includes the active assistance of technology companies is a great example of this. We need both police officers and social workers, both the Department of Defense and the Department of State, in order for society to thrive both on and offline.

We can also change the images we use to illustrate the people, places and ideas of cybersecurity. I can influence the visuals used in my day-to-day work — replacing that “guy-in a-hoodie” image at every turn. For those in charge of designing conferences: Booth Babes have got to go. Sexualized style has a place — but it’s not for the workplace, especially a workplace that is already fighting an undercurrent of unhealthy female hyper sexuality and traces of sexual violence. CEOs: be aware of the lexicon and imagery that marks your company’s branding — mention allies as often as adversaries; remind your constituents that although the “bad guys” are persistent so are the “good guys,” and not just because the “good guys” are producing tools in rapid fashion but because they are keeping a big-picture view of the importance of an open and transparent Internet.

And then there’s the change in mindset — rethinking the profile of the ideal cybersecurity professional. Human Resources and hiring managers can consider the underlying strengths of new cyber job candidates. If apples compare to apples, choose the candidate with a higher degree of connected thinking or who understands. how their efforts fit into the big picture of human society.

The big picture is that if we don’t start reshaping cybersecurity’s identity now, the industry could continue to repel half of the population — leaving us missing key perspectives and ideas. What are you waiting for? Share your ideas in words or pictures of how you would reshape cyber’s identity. Leave your feedback in the comments section, or message me directly, @jgvazzana. I’ll publish a follow-up post highlighting your suggestions.