RSAC 2019: Women in Tech are Ready to Reach New Heights Together

What does it mean to be a woman in the tech industry?

It’s a discussion that's been developing for years. During the RSA Conference in San Francisco this week, Emily Heath, CISO of United Airlines, and Symantec CIO Sheila Jordan, advanced the conversation in a dialogue with a diverse group of their female peers from other leading companies. The focus: specific actions today’s female cyber security leaders can take to grow, support and mentor the next generation.

The statistics are hard to ignore. Only 11% of the cyber security community is comprised of women. And while the number of women as individual contributors in cyber security is on the rise, the number of women in critical leadership roles remains paltry. At any level, it can be a lonely existence for a woman in the male-dominated, cyber security work place.

"It is our job as female leaders in IT, to help increase the number of women in cyber security. We can’t leave it up to others,” said Jordan. “Today we took the first step by creating a community whose mission is to help increase that number in spades through mentoring and sponsorship.”

Attendees agreed overwhelmingly that women are often not seen as available and ready to take on cyber security roles. That has to change. The group discussed gearing job descriptions in a more gender-neutral fashion in order to attract more female applicants. Though small changes like this can make a difference, it was agreed that women need to be encouraged from a young age to see the cyber security industry as welcoming.

Taking Action

The first actionable task agreed to by the group: create marketing buzz that makes women in tech more visible – targeting women entering the marketplace as well as those working to advance.

The bulk of resumes submitted for an open cyber security position are by men. One leading reason why is that men go for jobs they see themselves "partially qualified for" while women hold off applying unless they see themselves as "almost wholly qualified." Lack of personal confidence will hold a woman back, just as strongly as gender bias in the industry culture. It was noted by one CISO in the room that women tend to wait to be recognized while men step up and ask to be recognized. A Vice President shared her own practice of "self-editing," which she acknowledged holds her back in meetings. Women need to be mentored and coached to stop self-censoring and represent themselves better.

The second actionable task: build a community site for mentoring, knowledge-sharing and support, so that women can better market themselves for cyber security positions.

"It’s incredibly important to connect and build relationships now within the cyber security spectrum," said Heath about encouraging and mentoring women in the industry. "When we create a concept of community, we bring great ideas together. But then it’s up to us to act on those ideas to move all of us forward."

Jordan asked the room if they felt gender bias is present in their companies today. Almost every person raised her hand. It makes sense that a male-dominated culture will hire more males. Where it doesn't make sense is when an HR department tells a hiring manager after he's hired eight women into the twelve open positions that he needs to be more balanced in his organization. He thought he was hiring the most qualified applicants.

Or when a woman who has applied repeatedly for a position is told that she can't advance without a business degree, though she has many years of experience that make her more than qualified for the job. This story was particularly upsetting to Heath, who shared her own journey of leaving school at sixteen years of age out of personal necessity and grew to forge a career without a formal education. In fact, Heath is the CISO of United Airlines today, because she was honest during her interview with her prospective male CEO about her life journey and experience. Her honesty helped her land the leadership position.

The final actionable task: create alliances that promote women.  Inside companies, between organizations for women, and with men in the workplace, sustainable change happens when everyone works together.

Marketing, mentoring, and alliances: concrete actions that a room full of today’s most prominent female cyber security leaders agreed to. The group was also unanimous in its desire that all female cyber security professionals join in. "The dirty secret is the women who are opting out of these conversations," said one participant. Women with the power and position to help other women in the industry are critical to this work. Companies and the industry prosper when women are engaged.