There’s a new fatigue paralyzing cybersecurity. No, it’s not alert fatigue (the overabundance of cybersecurity alerts combined with too few resources and time to respond to them all). It’s gender fatigue.
This is the exhaustion that women start to feel due to the expectation that they alone can ameliorate the industry’s gender imbalance, and are responsible for representing all women in the industry. These are the women who, because they are female, tend to be interviewed by journalists about gender issues, rather than their technical expertise. They serve on panels about diversity in cybersecurity, rather than about how to counter global cyber threats.
Don’t get me wrong: Many of us women who comprise roughly 10% of the cybersecurity workforce are fired up about increasing diversity in the field. The problem is when we are viewed only as members of a disadvantaged group, rather than experts in our own right. The problem is when we are defined first by our gender, and assigned roles based on that primary identity.
It’s easy to overlook the diverse expertise of women in the industry, because that’s the message embedded in media coverage and technical content in the field. Across general media, journalists reference men 82% of the time. In other words, five out of six experts referenced are men. These numbers are almost identical to those in foreign policy, where 79% of experts interviewed are men. Looking at the tech sector, according to some analyses, women are referenced only 10–15%. It’s not a leap to infer that this number is likely even lower when it comes to cybersecurity, which crosses over both the national security and the tech sectors. When women in our industry are interviewed, more often than not it’s to discuss diversity and the challenges of being a woman in the field. At numerous conferences, including last week at Grace Hopper and this week at the Executive Women’s Forum, I’ve heard and spoken to women who would much rather talk about the cool research and work they are doing than the challenges they face or the dreaded questions about work/life balance. So here’s one crazy idea to address growing gender fatigue: let’s interview experts in cybersecurity (who also happen to be women) about their field of expertise, not their gender.
This is an idea that would benefit all of us who care about cybersecurity, not just the women who might be suffering from gender fatigue. Designing products or coming up with solutions for the entire population doesn’t work as well when only half the population is offering its perspective. Moreover, the demand for security professionals is only increasing. Imagine how this pipeline shortage would look if we pulled from the entire population.
And don’t tell me that these women don’t exist. I spent last week with 15,000 other women in tech at the Grace Hopper Conference, all of them speaking excitedly, and technically, on a range of cybersecurity topics and trends. They’re eager to talk — not just about being a woman, but about the latest in web exploitation, Tor, robotics, bug bounties, cyber deterrence and more.
Journalists, too, have a lot to gain from diversifying their sources: you can unearth new angles and fresh perspectives by talking to people who aren’t typically quoted.
This also matters if we care about diversifying the field of cybersecurity long-term, which we should, for reasons cited above. Research shows that it’s critical for girls and underrepresented groups to see role models through mainstream coverage and at conferences if they are to pursue a career in STEM. As one study put it, “Exposure to own-gender experts can provide … role models, break stereotypes regarding gender roles and improve individual women’s aspirations and propensity to enter traditionally male-dominated areas.” Absent these role models, the pipeline challenge will continue. Fortunately, there are groups such as Gender Avenger and #womenalsoknowstuff who are tracking the data on the imbalance of media coverage, but more clearly must be done.
Interviewing more women in cybersecurity on cybersecurity will require effort from a few core groups: women who are already in the field, conference-planners, journalists, and PR professionals at cyber companies. Here are ideas for all:
- For women already in the field, submit technical abstracts to the various cons and industry conferences. A key way to end #manels is for more women to submit. If that seems too daunting, attending and then speaking at meetups is good practice to help gain confidence and learn more about the community.
- But sometimes submitting is not enough, as unconscious bias exists in abstract and journal reviews. That’s why conference planners should instantiate a blind review process. This has proven to help increase the number of women and underrepresented groups who are accepted as speakers. I’ll be speaking at O’Reilly Security next week. They detailed their blind review process, resulting in 36% of the talks presented by diverse speakers.
- For the marketing and PR teams inside companies, help women grow their professional brand through additional PR opportunities, either by putting them forth to respond to media requests or through publishing technical content within the various industry journals or even better, mainstream discussions of cybersecurity. Publishing on a corporate blog is a good first step, or right here, in #HumansofCybersecurity.
- Executives can also sure that internal groups focused on diversity initiatives include men and women in equal numbers, with equal expectations. Requiring women to take on additional diversity responsibilities that aren’t equally expected of men can force women to take time away from their day jobs, hampering leadership prospects and sapping creative energy.
The expertise of women across cybersecurity is an untapped resource. Harnessing it could fuel innovation and advancement in cybersecurity for this generation, and future generations, too.