A Place at the Table - Part 2
December 03, 2015
In the first part of this blog series, I explored the shortage of women in IT security and talked about the fact that women have been a part of technology since the beginning. In this post I will discuss how we all can become better mentors to young women interested in technology. I will also share some observations about the qualities women possess and what they can bring to the table to enhance our business.
Turning the Corner
How do we do become better mentors? How can we encourage boys and girls equally? It starts in 5th grade. Psychology Today published an excerpt of Heidi Grant Halvorson's book, Succeed: How We Can Reach Our Goals, which illustrates the difference in how we tend to talk to 5th grade boys versus 5th grade girls. Though I'm not an expert, I will attempt to gracefully describe what I got out of the article. It boils down to our message delivery. The theory is that ability doesn't always lead to confidence. What sounds positive to both boys and girls is inherently different. Fifth grade boys tend to be rambunctious and have a hard time sitting still. We tell them things like, "If you can just sit still a few more minutes…." or "If you can just try a little harder…" These types of statements allude to limitlessness. Girls on the other hand tend to sit a little more quietly and are sent messages like, "Job well done" or "Congratulations on completing [x] task," and these messages sound a little more static and unchangeable. The theory is that these ideas are carried into adulthood and that boys believe they will succeed through continued practice and hard work. On the other hand, the theory is that girls feel there is a ceiling and will continue to judge themselves instead of believing the possibilities are limitless. If we as mentors and leaders have awareness of these differences, we will be armed with the power to change how we encourage young people.
Leveraging Our Qualities
- Women have a lot to bring to the table. Many women have a strong gift of gab coupled with the ability to be good listeners. These are great assets in the security industry. Most of us in InfoSec make our living by being able to tell either internal or external customers their baby is ugly in a way that they not only say "thank you" but to hire us for future engagements. We also have to be able to communicate the same information to different types of individuals in language they understand. For instance, I've been on at least one on-site client engagement where I have found a high level vulnerability and have had to present it to the security contact, the development group, the application's business owner and the CISO of the organization in the same day. These people all needed to understand the vulnerability in different ways.
- The development folks needed to know how to fix it;
- The business people needed to understand how it could impact their business;
- The security contact wanted a deep dive into the details of the vulnerability itself; and
- The CISO needed to understand the risk on a high level so that he could be equipped to make an educated decision on whether to delay the implementation of the application. He also needed to be able to explain that decision to the other C-level executives.
In these types of situations, we also need to use our listening skills to understand the concerns of our audience.
- Many women are natural nurturers. This is an important skill set for our industry. We, as an industry, have found time and time again that security can't be force fed. It does not work. All it does is encourage people to find ways to circumvent our processes, policies and assessments. There are two things security adds to every project: time and money. There are two things every project is lacking…. Time and money. If we can't come into an engagement and present ourselves as part of the team, advocates and not adversaries, we have failed. There's usually one skeptic in the room and we generally have to have to win them over to be successful.
- Women have a natural affinity towards security. Most every woman who has been a student on a physical college campus has been taught where the emergency phones or alerts are around campus and/or who can escort us safely at night. Most young women in urban areas have been taught to be alert if it is necessary to park in a parking garage and to have her keys at the ready so she isn't fumbling through her purse and making herself vulnerable. We have been taught how to look for the shadows in the darkness and how to keep our doors locked. Looking for the vulnerabilities in life is something that comes naturally.
There is a shortage of experienced security personnel in IT and as the need for security increases, the industry will not be able to meet the demand unless it’s focused on developing and training the next generation of experts. Women are an important part of that equation. In future blog posts I will explore programs to get them involved.