Search the phrase “women in cybersecurity,” and your eyes will glaze over staring at the never-ending list of articles, statistics and sincere anecdotes. We live in a day and age where young girls are lifted on shoulders and told in an empowering manner that they too can affect the future of technology.
I was never that girl. Granted, even I wasn’t accustomed to the level of technology that inundates the daily life of youth today. Times have changed and specific industries, such as cybersecurity, have hosted the conversation surrounding diversity and workforce development. When does this stop being just a trendy conversation, and start being a plan?
I never envisioned security as my career path, at least not at first. I studied theater in college and took my first job at a local government agency, in IT support by a stroke of luck from the temp job gods. I was a hungry millennial. Literally. I got into security mostly due to a colleague’s recommendation and was, as some would comically say, “duped” into an information security auditing project to get better acquainted with security controls. After the audit’s completion, I was hooked. I wanted more.
By the time I earned my first certification and then a cybersecurity apprenticeship a year later, I finally claimed the infantryman title of analyst. Within another year, I was quantifying all of our tracked incidents compared against emerging threats in our sector, presenting the findings to the C-suite of our agency in hopes we could justify further investment into an internal cybersecurity program. The fact I was a female in my early twenties, standing in front of a room full of government experts didn’t matter. I was just doing my job and supporting the agency’s mission.
As I continued my work, as well as my constant education, I sometimes felt uneasy. In addition to my perseverance and obsession with being as skilled and knowledgeable as my coworkers, I wanted my career to mean something; not in a “legacy” sort of way, but with a more existential motive. What am I doing about the environment I speak of so nonchalantly? We want the right to complain, but how do we fundamentally impact a solution? How am I contributing to a solution and not just learning avoidance strategies?
My answer: starting the not-for-profit Ms. GreyHat Organization in Idaho.
When I first began this journey, I initially created it to be for and about women in cybersecurity. Then, my organization co-chair, Shawna, completely opened my perspective to have more meaning in a mission. What is the root-cause of the problem?
It’s not a stance that some “patriarchy” is out to protect the working environment of this fortress of a promising trade. Instead, there had to be a deeper systemic connection between the perceptions of cybersecurity at the citizen level, in addition to its stead in our current school systems.
As such, the mission of the Ms. GreyHat Organization is to “transform the culture of cybersecurity.” Culture being the way we learn about technology, the way technology is marketed and sold, the user interactions and behavior with technology, and ultimately how all of these have corresponding cybersecurity risks and consequences.
We are almost a year into our Ms. GreyHat non-profit endeavors, and we’ve volunteered at schools, we’ve spoken to young girls in an attempt to enlighten and educate, we’ve assisted in our own state cyber-curriculum development for security education in schools, and we’ve partnered with other organizations locally to provide free trainings to the current workforce.
Ms. GreyHat is researching and aggregating metrics that support qualitative change in our upcoming projects. We don’t just want to change. We want to transform our industry.
It is mine and my colleagues’ view that transforming security starts with a focus on education and a focus on increasing equality.
We believe that required cybersecurity education—as early and as often as possible—will spark interest and likely improve workforce pipeline. In addition, focusing on gender equality means not just ensuring that we are improving our 2-to-10 ratios of women to men in a conference room, but that we are inherently attracting women to this field. My sincere hope is we can not only improve security for security’s sake, but change and evolve the entire security industry so it can become something we can all be proud of.
I can look back on my experiences and challenges in this industry and tell those coming up behind me ‘I did it, so you can too!’ but I don’t personally believe that accomplishes much. Education, equality and empowerment. Those things cause real change. So how are you going to stop talking about it and do something about it?