If ever there was a year for women in InfoSec, it is 2019.
In May 2019 , when 125 women in IT security took their message to Washington during the third annual event coordinated by the EWF (Executive Women's Forum on Information Security, Risk Management & Privacy), I got to thinking: What influence do women truly have in InfoSec, and how does that influence impact the decision-making and policy-making processes?
Turns out, females have growing influence in InfoSec, which is leading to more balanced decisions and policies. This is the overall takeaway based on my recent interviews with Joyce Brocaglia (founder of EWF and organizer of the Washington event), Chenxi Wang (general partner of Rain Capital) and Diana Kelley (Microsoft Cybersecurity Field CTO).
"We aim to increase women's participation in the legislative process. It is really important that, at the inception of making those policies, we have the insights and influence of people that represent those who are going to be affected by those policies," says Brocaglia, who is also CEO of executive search firm Alta Associates.
At the two-day women's event, EWF delegates presented on cybersecurity education, diversity and female veterans in IT sec workforce. They also met with members of Congress, and answered questions from staff members representing Chuck Schumer (D-Senate Minority Leader) and Mitch McConnell (R-Senate Majority Leader) about 5G, privacy, and election security and integrity.
Numbers on the Rise
The number of women working at all levels of the cybersecurity workforce is rising. According to the most recent statistics from Cybersecurity Ventures, for example, women will represent more than 20% of the global cybersecurity workforce by the end of this year (2019), up from 11% in 2013.
That means, by virtue of their increase in numbers, female influence in ITsec is growing.
Listen, Learn, Educate
As a consensus, the three women interviewed for this blog all reported that their ability to listen, learn and then educate are key components to their success in influencing decisions and policies in InfoSec.
"If I were to hazard a guess, I'd say that on average, women tend to listen better," says Wang, who also serves on the board of MDU Resources Group, a publicly traded company listed on the NYSE. "Then we tend to digest the information and look at the issue horizontally: What else does this impact and how? That gives us a more macro view where we can help with broader issues, not just solve a specific problem."
Whether these traits lead to being a better influencer or not, Wang adds, is a matter of perspective. But most organizations and government agencies should see value in inclusiveness of different ways of looking at problems (aka diversity), according to all three women interviewed.
In Kelley's long and distinguished career, for example, she led a team of developers working on a new security solution. As a consultant, she built out security architectures for financial institutions entering the online banking space. Kelley has also worked as an industry analyst and developed security research publications, and now conducts CTO-level outreach for Microsoft. (These are just a few of the highlights.)
"I'm proudest when I can really listen and match the organizational and business needs to the security needs of my clients," Kelley says. "So, before you roll out a new program, make sure you have buy-in. That means educating the users as to why they need this important function and involving them in the decision-making and testing processes."
Listening, learning and educating are also facilitated through industry groups like the EWF. SANS, too, hosts specific Women's CONNECT receptions and training at its national events, and has a women's immersion academy. The Diana Initiative (not affiliated with Diana Kelley) started in the summer of 2015 during DEF CON 23 as a women's chat and now has a large number of highly qualified female speakers presenting at its 2019 event in Vegas.
Moving Up to the Boardroom
EWF's Brocaglia just launched a new company, BoardSuited, an e-learning program open to all genders, in order to increase diversity in the boardroom by helping professionals gain their first board seat.
"Boards are now looking to include more diverse 'digital directors,' who are tech-savvy," she says. "So, the time is now for female cyber professionals to best prepare and position themselves for board service."