Skip to main content

A Place at the Table - Part 2

December 03, 2015

In the first part of this blog series, I explored the shortage of women in IT security and talked about the fact that women have been a part of technology since the beginning. In this post I will discuss how we all can become better mentors to young women interested in technology. I will also share some observations about the qualities women possess and what they can bring to the table to enhance our business.

Turning the Corner

How do we do become better mentors? How can we encourage boys and girls equally? It starts in 5th grade. Psychology Today published an excerpt of Heidi Grant Halvorson's book, Succeed: How We Can Reach Our Goals, which illustrates the difference in how we tend to talk to 5th grade boys versus 5th grade girls. Though I'm not an expert, I will attempt to gracefully describe what I got out of the article. It boils down to our message delivery. The theory is that ability doesn't always lead to confidence. What sounds positive to both boys and girls is inherently different. Fifth grade boys tend to be rambunctious and have a hard time sitting still. We tell them things like, "If you can just sit still a few more minutes…." or "If you can just try a little harder…" These types of statements allude to limitlessness. Girls on the other hand tend to sit a little more quietly and are sent messages like, "Job well done" or "Congratulations on completing [x] task," and these messages sound a little more static and unchangeable. The theory is that these ideas are carried into adulthood and that boys believe they will succeed through continued practice and hard work. On the other hand, the theory is that girls feel there is a ceiling and will continue to judge themselves instead of believing the possibilities are limitless. If we as mentors and leaders have awareness of these differences, we will be armed with the power to change how we encourage young people.


Leveraging Our Qualities

  1. Women have a lot to bring to the table. Many women have a strong gift of gab coupled with the ability to be good listeners. These are great assets in the security industry. Most of us in InfoSec make our living by being able to tell either internal or external customers their baby is ugly in a way that they not only say "thank you" but to hire us for future engagements. We also have to be able to communicate the same information to different types of individuals in language they understand. For instance, I've been on at least one on-site client engagement where I have found a high level vulnerability and have had to present it to the security contact, the development group, the application's business owner and the CISO of the organization in the same day. These people all needed to understand the vulnerability in different ways.
    • The development folks needed to know how to fix it; 
    • The business people needed to understand how it could impact their business; 
    • The security contact wanted a deep dive into the details of the vulnerability itself; and 
    • The CISO needed to understand the risk on a high level so that he could be equipped to make an educated decision on whether to delay the implementation of the application. He also needed to be able to explain that decision to the other C-level executives. 

    In these types of situations, we also need to use our listening skills to understand the concerns of our audience.

    • Many women are natural nurturers. This is an important skill set for our industry. We, as an industry, have found time and time again that security can't be force fed. It does not work. All it does is encourage people to find ways to circumvent our processes, policies and assessments. There are two things security adds to every project: time and money. There are two things every project is lacking…. Time and money. If we can't come into an engagement and present ourselves as part of the team, advocates and not adversaries, we have failed. There's usually one skeptic in the room and we generally have to have to win them over to be successful.
    • Women have a natural affinity towards security. Most every woman who has been a student on a physical college campus has been taught where the emergency phones or alerts are around campus and/or who can escort us safely at night. Most young women in urban areas have been taught to be alert if it is necessary to park in a parking garage and to have her keys at the ready so she isn't fumbling through her purse and making herself vulnerable. We have been taught how to look for the shadows in the darkness and how to keep our doors locked. Looking for the vulnerabilities in life is something that comes naturally. 

    There is a shortage of experienced security personnel in IT and as the need for security increases, the industry will not be able to meet the demand unless it’s focused on developing and training the next generation of experts. Women are an important part of that equation. In future blog posts I will explore programs to get them involved.

    Continue to Part 3

Related Blogs

February 17, 2016

A Place at the Table – Part 3

This blog post, the third in my series about women in IT security, will center on finding solutions to the shortage in our workforce. Optiv has create...

See Details

February 28, 2018

Part 1: Frameworks in Context: The Business-Aligned Information Security Program and Control Frameworks

During hundreds of strategy, risk and compliance engagements, Optiv’s consultants often have been asked very thoughtful and deep questions about contr...

See Details

March 08, 2018

Part 2: Frameworks in Context: The Business-Aligned Information Security Program and Control Frameworks

In part 1 of this series, we provided insights responding to the frequent question regarding control frameworks and their place in the security strate...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

September 22, 2014

The Key to a Strong IT Security Program | Optiv

Over the years, I have worked in top positions in the security departments of several major enterprises, which has given me insight into what separate...

See Details

April 24, 2013

Cyber Security Flaws We All Know and Love

Joseph Belans provided an excellent presentation at BSides titled "Hacking like it's 1999: Security Flaws We All Know and Love." Below is a video rec...

See Details

December 10, 2014

Building an Information Security Program from Scratch | Optiv

The unfortunate reality of today’s business world is that information security breaches are an everyday occurrence. A quote that is thrown around in t...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.