When I was a graduate student in Information Security, I attended a cybersecurity training event where the training culminated in a team contest.
As I was one of three females and two minorities at the training of roughly 80 people, I figured out I would likely be the only female or minority on my team. I received my team assignment and scanned the ballroom where the contest was held, trying to locate my team in a sea of similar-looking people sitting at oval-like tables. I arrived at my table to find my team comprised of seven males. While I tried to integrate myself into their conversation, I looked around to notice that the contest was set up like a 70s techno-video game. The scoreboard displayed on the room’s projector was in 8-bit characters and there were team names such as Double Dragon, ZeldaForce, and HackDragon. The facilitators announced that the contest prize was a pair of concert tickets to see a thrash-metal band.Most of the room erupted excitedly. My thought was, “Who is that?”
This is just one of many such experiences I’ve had as a minority in technology and cybersecurity. And it’s an experience that has taught me an important lesson: A lack of diversity and inclusion in the early, introductory stages of the information security field is one of the foremost impediments to attracting and retaining the sort of diverse talent the industry sorely needs. Given that cybersecurity is one of the biggest challenges to our nation’s security, and given that we’re facing a major talent shortfall in the industry, figuring out how to make everyone feel welcome and included is important. Diverse recruitment and development are issues that, if addressed constructively, have the potential to propel the industry forward. To address the issue in this discussion, I’d like like to highlight the positive impact that diversity outreach programs and communities can have by discussing how these programs have positively impacted me. If I’m biased on this latter point, it’s because this is how these programs have directly helped me.
I completed four computer science internships during undergrad in four varied locations: Texas, New York, Silicon Valley, and Germany. Although the places were very different and in distant corners of the world, the gender and ethnic disparities were the same. In two of the positions, I was the only female on the team. In the other two, I was the only African American in the room. These experiences, coupled with similar on-campus experiences from my undergraduate years, left me with a slight feeling of alienation in and from the tech world.
My internship in Silicon Valley was my introduction to computer security. I stumbled upon the research opportunity through an extensive Google search. I applied and was accepted. This research program was specifically developed to increase the level of diversity among students entering into tech-related graduate programs. Through the internship, I was introduced to the world of cybersecurity a world I found fascinating because of its large scope in security research and the many industries it touches. I decided to pursue graduate studies within the field afterwards.
When I arrived for my first day of graduate study in Information Security, I scanned the cohort of new students, only to recognize a familiar pattern. Although I saw a more diverse set of individuals than I’d encountered as an undergrad, I noticed that I was still one of a handful of other women and minorities in the room. I also noticed around this time that there was a lack of role models for a woman of color in the Information Security industry, as I had only stumbled across a few names of minorities or women in high-level executive positions. If you have never been in an industry where you notice a lack of representation for people like yourself, let me assure you that it distracts from your academic experience by making you focus on your inherent difference. Thankfully, there was a turning-point for me.
Near graduation, I attended a conference that transformed my attitude dramatically: the Grace Hopper Celebration of Women in Computing (GHC), where I participated in the Women of Color sessions. I had heard about the conference from a friend a year before and decided to attend. To this day, I’m glad I did. I spoke with others who’d experienced the same situations I had. I noticed that I was in a pool of diverse women technologists all proud of our abilities and celebrating our varied differences, and still able to appreciate each other’s backgrounds and collaborate smoothly as one team. I met women who fearlessly walked in their differences with electrifying poise. It changed me.
I left feeling refreshed. I began appreciating my differences. I began exploring cybersecurity topics online and creating things I found to be fun. I delved into topics I once thought were out of my range. I carried myself as those powerful women I met would, and challenged myself to speak up in uncomfortable situations. I realized how much I liked cybersecurity, how much of an art it can be, and how good I was at it. GHC and the Women of Color sessions gave me the sense of community I didn’t know that I needed. I didn’t feel like the different one. I felt like one of all the different ones, and it felt great. I found my outlet in finding “different people” in an industry that doesn’t always represent everyone broadly. Different people who are there despite their difference.
I’ve seen direct benefit from environments of empowerment. Diversity outreach works, and I know that because it worked on me. I jump at opportunities to help younger girls and minorities like myself and I’m an active member in groups and communities such as Women in Cybersecurity (WiCys) and BlackGirlsCode (BGC). I’m proud that through minority and women’s support organizations, I began to settle into the environments I found myself in and change them for the better.
However, this positive change doesn’t happen for everyone. In many industries, the experience of difference can be a root cause of employee retention. Even in 2016, minorities and women are not represented well in cybersecurity. Cybersecurity isn’t marketed toward minorities or women enough. If it were, the prize at an introductory competition would likely not be tickets to a thrash-metal band. Further, the industry isn’t pushed toward diverse academic backgrounds, recruitment efforts are focused on computer science, which is a field that already lacks enough representation for women and people of color. Those are problems. But the good news is that cybersecurity is supposed to be about solving problems.
I am passionate about attracting diverse talent into the field through outlets of support so that everyone feels invited and included. Communities such as the Grace Hopper Conference and Women in Cybersecurity are needed for people who may feel like I did, to understand that difference is good and should be celebrated. Celebrating diversity is paramount in retaining talent and encouraging minorities and women to stay in a field that is so important to our societal stability—one that needs to welcome and encourage all of society.