When someone takes on the CISO role, they go into it knowing the demands of the job. Even so, the overwhelming responsibilities of a CISO may not comfortably align with the responsibilities of having a family. “You can hire good people who can give you some time off at night, for example, or a security operation center that can respond to some events. However, the problem comes into play when you don’t have the resources or your budgets are cut to afford these,” says Rose.
On a practical level, industry events that are scheduled in the mornings when school drop-off happens or after work when children need to be collected from daycare, or after school care and then fed and looked after in the evening make it logistically difficult for working mothers to attend. “Dads can be parents too, but as a rule, women tend to be the ones with the family duties or caretaking for elderly parents,” she says.
To help make it easier, event organizers need to consider the timing and whether the kinds of events, such as boozy dinners or extreme team bonding experiences, sit comfortably with everyone’s schedules and interests. Rose, who is connected to many women in the profession, is often asked by organizers about the lack of women in attendance. She tells them why the timing of events in the mornings or after work overlooks that working mothers have responsibilities at home. “If you’re a working mother, you usually can’t just show up at an event at 5.30 pm,” she says.
Rose moved into consulting and founded her own practice to create a balance that better suited her situation. “The CISO has ultimate responsibility. It can be a difficult field, especially for women.”
Tackling the obstacles to women’s participation
Unconscious bias can be one of those things that makes it harder for women to become CISOs because it can impact their perceived competency and promotion. Daniela Fernandez, head of information security with PayPal Australia, has taken the technical path and as such hasn’t faced challenges in relation to technology knowledge and qualifications. But in progressing her career through leadership, she’s faced some unconscious biases due to her “identity as a Latino woman and the fact that English is not my native language,” Fernandez tells CSO.
Fernandez has tried to take her unique perspective and background to propel her career. She encourages other women to create a network, advocate for diversity and inclusion and for her own part, she has worked to be visible by putting herself out there for other women to see, even if it feels unfamiliar or like taking a risk. “There is a lack of representation, and the absence of women role models make it difficult, especially for young women, to envision themselves succeeding in the field,” Fernandez says.
She’d like to see programs across primary, high school and universities to encourage women into the profession as well as support for women already in the field who may want to advance to a leadership role with mentors and others who can help them.
Facing stereotypes, biases and lack of representation are the main challenges that women face, says Fernandez. Improving diversity and equity extends beyond being a women’s problem, it requires everyone working together, including the many men who are supportive of these initiatives. “By connecting with allies who can help turn the dial on making changes and getting involved with groups that promote diversity and inclusion and provide support to others who may be facing similar challenges,” Fernandez says.
Organizations need to support efforts to improve gender participation as part of their wider efforts to improve diversity, according to Raulings. “If you’re trying to promote innovation, you actually want diversity of thought.” It’s the people who come at a problem from different, unique perspectives and backgrounds that together will collectively help to find an outcome or a path through that you wouldn’t necessarily do otherwise, Raulings says.
However, it requires organizations to execute this at every layer, at every opportunity, across every process and every individual. “The organizations doing that well are the high-performing ones that outstrip their competitors, when it comes to key indicators, from financial performance to satisfaction,” Raulings adds.
Code 42’s Ostendorf concurs, and with many different types of users who interact with technology, it makes sense and is vital to have different input when it comes to security. “You’re missing an opportunity to bring into the fold these different points of view, if you are only focusing on what you’ve always done,” Ostendorf says.
How to improve women’s participation in cybersecurity
Fernandez wants women entering or considering the profession to believe in themselves and their abilities from the outset. Then look at courses, training or books to strengthen other areas such as public speaking or presenting and build confidence. “Connect with others who are also in the field through networking events, online forums or courses, because you will find support and opportunities for advancement through those networks. Leverage networks to help find a good mentor who can provide guidance and encouragement,” she says.
Raulings suggests achieving certifications and leveraging adjacent roles to build cybersecurity knowledge and relevant experience. “Start with relevant cybersecurity certifications and go from there. Seek out women who may be at a point in their career where you aspire to be and seek advice, insights or even mentoring,” Raulings says. “It’s also important to build your confidence and your support networks, especially when aiming for leadership roles.”
Ostendorf wants more women to know there are different ways into cybersecurity and opportunities for women are improving. “There are more security influencers who are females elevating their voices on different platforms. It’s still male dominated, but it is changing and people are aware of the disparities between genders, and they’re trying to elevate other voices,” she says.
Rose encourages women not to restrict themselves to only women’s networking or mentoring or other events. “Mentorship and education are great, but you’ve got to learn how to play with the majority. You can’t segregate yourself out or you’re not going to go up the career ladder,” she says.
Rose would like to see women’s voices and contributions heard more, whether it’s in online discussions, panels, meetings or networking events. Even if it means taking a risk to be more visible, something men are more comfortable with. “We have this fear of being seen as stupid or not knowledgeable. Men say things with such conviction and women need to get that confidence,” Rose says.
The University of Queensland report also suggested solutions from individual action through to industry-wide and governmental involvement to encourage more girls and women to consider careers in cybersecurity. The report makes the following recommendations:
- Individual: Women currently in the industry need to be encouraged and supported with opportunities for self-learning, upskilling, and developing networks, along with greater male advocacy and education around unconscious bias for males and hiring managers.
- Organizational: Workplaces and industry need to develop partnerships, mentoring programs, marketing campaigns, leaderships pipelines and training and development programs. In addition, positive discrimination hiring in practices and diversity, inclusion and equity programs are needed. There also needs to be policies to support women in the workplace, women returning to the workforce, and working mothers.
- Government: Changes to primary and secondary schooling curricula are needed to include data and security topics, critical thinking development, and confidence building for young girls. There also needs to be future workforce planning, policies, and cultural workplace and industry practices that encourage more diversity within cybersecurity.