NCSAM Week 4: Good Advice and Teachable Moments from Women in Cyber Security

It’s already the 4^th week of National Cyber Security Awareness Month and this week the focus is on careers in cyber security. There are many ways to approach this topic, and I wanted to look at it through the lenses and experiences of a truly passionate group: women in cyber security. The 2017 Global Information Security Workforce Study: Women in Cyber Security provides a lot of detail and insight into the gender divide in the cyber security industry.  Only 14 percent of cyber security pros are women which is a bit startling if you consider the fact that women make up 48 percent of the entire U.S. workforce. I interviewed three of my female peers about their experiences and asked for their advice to women who work in the industry, or are interested in exploring cyber security. However, their insights and thoughts are surely relevant for everyone in this industry and even beyond, regardless of gender identity. My Three Experts Hannah Dalke, Senior Product Manager at LogMeIn focuses on shaping the direction of LastPass. Hannah is focused on the consumer side of our business, experience she’s applied from a past post at a big travel company. She noted, “Working in security is a different vibe. It’s technically ok to make a mistake with a person’s vacation, but if you make a mistake with security it can affect their whole life.” Sara Czyzewicz is a hands-on LastPass software engineer, architect and coder who develops web, mobile and standalone password management applications here at LogMeIn. Sara previously ran her own startup that developed an identity platform that identified an individual's future interests by scanning their social media sites and digital life. Erica Antos is the Senior Director of Governance, Risk and Compliance at Nuance Communications, a company that develops artificial intelligence (AI) and voice-driven technologies.. She oversees security operations including vendor reviews, IT initiatives, policy frameworks and risk assessments, and the means to track and measure it through GRC technology tools. How do you see gender diversity in cyber security? Hannah noted that while engineering is typically male dominant, its not something that phases her. “In fact, I enjoy being in a male-focused industry… You are always going to have some people who are going to look at you differently. But when I feel good after doing a good job, it’s kind of like ‘I told you so.’” Sara sees gender diversity as a challenge in almost mostly every tech field, “I think that gap is slowly but surely closing. A lot of that has to do with initiatives that encourage women to be get involved in STEM [science, technology, engineering, and math] fields, and those women-focused networking events and conferences. It is very important to have the support from everybody including male counterparts.” What skills do you feel are most critical for working in security? Erica noted that it’s particularly important to be an effective communicator and negotiator. “You not only have to be able to articulate security, but also do it in a way where you can connect with both male and female senior executives. It can’t just be ‘We need to implement this firewall.’ The need must be translated in a way where business stakeholders understand the value and why it is needed, and not just because we say so, and by the way it costs this much.” Hannah also acknowledges that communication is critical. “It is very important to be open and communicate if something goes wrong.” She added that being able to understand pain points quickly helps find the right project for the right experience. For her, a lot of it comes from common sense and a gut feeling. For Sara on the engineering side, the awareness of the latest news and security breaches is key. “It’s important for me to stay on top of new attacks that have occurred, and new standards and platforms to consider integrating with your product or services.” Given it's National Cyber Security Awareness Month, what can we do to help others become more educated and diligent?   “Working in security we have an important role to maintain an open web while still being able to confidently provide the tools and methods to keep that private. It’s a combination of empathy and taking people’s privacy very seriously,” Sara noted. “What we do and what we build is truly helping people to enjoy and utilize the wealth of information at their disposal via the web. It could be otherwise inaccessible or dangerous without security.” With Hannah’s focus on consumers (rather than business users), she advises that security professionals would be more effective in their jobs if they think about the role that security plays in everybody’s life, including their own, and not just their customers and clients. At Nuance, Erica plays a big role in general security awareness and has advice for anyone trying to up the general security IQ. “Security should be a learning opportunity in the moment, and not some sort of forced drudgery. Make it part of the culture so it’s a continuous opportunity and not just a point in time. You can capture more people’s attention when you include things that help them be more security aware in their personal lives too.” What’s your advice for other women looking to work in cyber security? Sara believes being able to effectively represent your ideas is critical.  “Not being shy is really important. I lucked out because I was coding at age 13 because my uncle was an engineer. So I was never really shy about it. I have seen women too timid to attend events or speak up. That’s yet another reason why everyone on the team needs to be involved in building a good culture.” Sara just signed up as a mentor fora Boston-based group called “Girl Develop It." It’s technical and mostly for junior engineers or those completely new to coding. Their mission statement is “Don’t be shy. Develop it.” Hannah encourages women who have an idea to push for them, make sure they are heard, and don’t back down. “If someone says no, keep pursuing it. Take it as a challenge, not as an insult or as something taken personally. Just use it as something to better yourself.” Finally, Erica’s advice, “It’s a big field, explore every opportunity within it. Be tenacious in your goals. Push past issues you can’t fix, but advocate for change nonetheless. At the end of the day, let your work speak for itself.” And that’s good advice for anybody.