Few IT leaders would deny that having staff with a wide range of backgrounds is an advantage. But with men still dominating the field it isn’t easy, and trying to get more women into cybersecurity is even harder.
But it can be done, says Rinki Sethi, senior director of information security at Palo Alto Networks, who is in Western Canada this week meeting customers.
On Tuesday she talked to ITWorldCanada.com about the challenges of being a woman in the infosec sector and what educators and employers need to do to increase the numbers.
Unfortunately, she said, “boys’ clubs” still exist in some organizations no matter how diverse staff are. And, she added, managers often are promoted from this group.
As she describes it, Sethi got into IT by accident. Exposed at an early age to programming through her father, a mechanical engineer who learned to program in Java, Sethi wanted to go into law. But her father said she should first get a degree in something she was good at.
While taking computer science engineering at the University of California at Davis (where she was usually the only woman in a class) she took a cryptography course and enjoyed it. After she graduated in 2004 that led to a job at the utility as an information protection staffer.
From there Sethi went to Walmart.com, which was in early stages of building its ecommerce site, then eBay, where she rose to chief of staff of security, and to Intuit where she became senior manager of information security and core security services.
At Palo Alto Networks, she is responsible for corporate and product security.
It’s hard to find figures on the number of Canadian women in cyber security. The just released forecast of the Information and Communications Technology Council (ICTC), which conducts labor market research, women still account for only 24 per cent of the ICT workforce, a trend that’s held steady for at least a decade.
Last month the Centre for Cyber Safety and Education and the Executive Women’s Forum on Information Security, Risk Management & Privacy released a report that said in North America women represent 14 per cent of the cyber security workforce.
Part of the problem is ICT is still looked at as a career for geeks. Another is sexism.
Daina Warren, now director of client and service management at IT services company CGI, where she oversees a team delivering information technology including cyber security to customers, recalled in an interview Tuesday going into a presentation years ago and being asked to remember to bring the cream for beverages. “He assumed I was there to bring the coffee.” She was there to lead the presentation.
Then there was a colleague who said, “Could you come and talk to security to this client. It would be great because you’re a woman, and they only ever talk to men. They might listen more because you’re a woman.”
That could be interpreted as a backhanded compliment …
Industry groups here have a number of efforts designed to increase the participation of women in technology generally, and cyber security specifically. They include the Information Technology Association of Canada’s (ITAC) Women on Boards initiative and Talent CareerMash; the Canadian Advanced Technology Alliance’s (CATA) Canadian Women in Technology (CanWIT) networking hub. Globally the Information Systems Audit and Control Association (ISACA) has created the Connecting Women Leaders in Technology program.
At the education level last year the ICTC launched the CyberTitan program, a Canadian version of the U.S. CyberPatriot effort to encourage high school students to consider careers in technology including cyber security. Sandra Saric, vice-president of talent innovation at the ICTC, said her group wants to increase the number of all-girl Canadian teams entering the annual North American skills competition, to be held next year in Ottawa.
If Canadian enterprises and governments are serious about encouraging women on staff to go into cyber security then sponsorship and mentor programs are “tablestakes” to break down traditional barriers women feel are in their way, says Sylvia Kingsmill, partner and director of strategic initiatives for financial advisory (chief of staff) at Deloitte Canada.
Kingsmill, who recently headed the consulting firm’s national privacy and data protection practice, said efforts at Deloitte include a #GoSponsorHer program, to create opportunities for women.
“We challenge the traditional gender stereotype thinking about women can’t do something in cyber security because it’s IT or male dominated.”
Daina Warren shrugged off the colleague who asked her to present to a group because she’s a woman, taking the attitude that, yes, she is different, and may be more relatable than a man. “Be confident, be confident in that diversity…. But I bring something different to the table, so embrace that.”
As for the guy who asked her to bring cream to meetings, “I didn’t make a spectacle, but I did kind of lean in and say ‘I’ll make sure they know that at reception. And by the way, my name’s Daina and I look forward to presenting today.’”
Rinki Sethi said it’s important managers recognize if there is a boy’s club in their organization, making sure they aren’t part of it and when considering promotions look at staff widely. “And then making sure you’re creating an environment – and I’ve seen the best leaders do this – where they don’t allow for it,” she added.
It’s also important leaders advise outsiders to such groups – who may not just be women — how to navigate how to navigate around them and not accept it, she said.