Okay folks, I’m tired of hearing about “women in infosec” in its current topical form. I’ve stayed miles away from this topic for years, but now I’m going to speak up. And, to start the conversation, I call BULLSHIT. Not on the notion that we need more women in infosec, but on the methods, the justification and the explanation of why (or, lack thereof). Hang tight for that one – the why – that’s coming in my next post

Okay folks, I’m tired of hearing about “women in infosec” in its current topical form. I’ve stayed miles away from this topic for years, but now I’m going to speak up. And, to start the conversation, I call BULLSHIT. Not on the notion that we need more women in infosec, but on the methods, the justification and the explanation of why (or, lack thereof).  Hang tight for that one – the why – that’s coming in my next post.

Let me start by saying I haven’t read anyone else’s rants or posts on this topic recently. I don’t want to; they usually infuriate me. From my experiences thus far, the most vocal women are either going off half-cocked with chronicles of sexism and misogyny, or they’re sermonizing the need for women to empower women –for women to band together and rise up. Both of these approaches fail for me, for two different reasons. A session here at RSA has lit a fire in my little girly heart.

Yesterday I attended a panel at RSA on the topic; “Right Skills, Right Time, Right Industry: Women in Security” led by Julie Peeler of the (ISC)2 Foundation, who puts out a great study – the (ISC) 2 Global Information Security Workforce Study. This study is juicy and there’s some really interesting data there; check it out. There were five women on the panel, and Julie moderated. Every one of these women is extremely intelligent, successful and motivated, and I have a pure respect for each of them. But, I think they have it all wrong. Listening, I realized for every comment made, I agreed with one or two, then disagreed with the next. In the end I think I had about a 68% agree-with rate.

For example, one panelist said “women are more open to saying “yes” to requests than men” because they’re women. That’s crap. They may be open to saying “yes” because they’re new; they don’t have the longevity and experience that creates the “automatic no” mindset in security. Men and women can both cultivate openness via mindfulness (see the bottom for more, and for our session on this Wednesday at RSA). It’s not a gender thing. If your kid keeps asking you for ice cream, and you keep saying “no” it just becomes semi-habit. Women are no better or different here than men. But, they are different in other ways, and it’s those other ways that should lead these discussions.

Other panelists said our environment and our culture in America is the primary cause of a gender shortage in STEM-centered industries like infosec. I don’t necessarily disagree with that, even though my experiences were quite different. But I would pose the question of whether our industry is producing (and highlighting) motivated, creative thought-leaders; people that capture the hearts and attention of others; people that lead; people women want to learn from, and follow. Maybe we’re missing or not communicating the charisma, the soul, or the passion little girls want to look forward to in their careers. Maybe to attract diverse groups, we need to be life-leaders, not just thought-leaders.

People ask me all the time about the subject of women in the industry. I usually roll my eyes and comment that it falls in line with discussing politics and religion; avoided at all costs, but here I go.

Here’s where I come from; I grew up in this industry, but before I got here, I was a kid who loved science and math, and I had parents that nurtured that passion. My Dad taught me binary when I was but a wee lass. He taught me calculus early, because I demanded to know what the “sin” and “cos” buttons on the calculator meant. Being the math genius that he is, he used the opportunity to launch a full-scaled course, books and all. Maybe I’m privileged; maybe I had advantages that others didn’t; maybe I was set up for success early; maybe I’m naïve; you’re entitled to any of those opinions, and I wouldn’t argue it. But while school sets you up for many of life’s lessons, navigating the tribulations of 8th grade isn’t the same as managing a successful career, in any industry. And, while there’s a component of reaching girls early in life, we should look at our current situation closely first.

Based on the (ISC)2 Foundation’s study, women make up only about 10% of the industry (it’s 11% but I like round numbers). Obviously, there’s a gender gap, and obviously organizations, teams and even individuals can greatly benefit from all types of diversity.

But why, as women, are we trying to pigeonhole ourselves in to achieving our success by attaching solely to already-successful women? Why do women have to rely only on other women? Isn’t that sexist on our part to assume that all men are such chauvinistic pigs, they wouldn’t deign to help us? By making that assumption, I really don’t know who we’re demoralizing more; we’re either saying men are pigs, or women are  inferior.

While Julie stuck with the facts of the study, the majority of panelists were definitely very woman-help-woman, she-power, X-chromosome FTW. Why can’t men help women, and women help men? Why can’t we assume we’re equal and proceed under that notion until someone demonstrates otherwise? And, while we know diversity is good, why aren’t we talking about the scientific and medical research that demonstrates the differences in female and male brains and processing information? After all, that’s the source of the diversity – something we can quantify, and a tangible body of evidence to prepare a case for gender diversity. We like facts, give us facts, not feelings. On a side note, I feel passionate about this because men (not women) got me where I am today. I’ll thank some of those men and include more in my next post.

And this panel aside, I want to ask the other group of women: why do you feel that drawing ranting, negative attention to the subject will make anyone (men or women) more receptive to talking about the topic? It’s a huge turn-off and I wish you’d stop. Stow your vinegar and go grab some honey. Stop throwing virtual temper-tantrums; it makes you look immature, and certainly does nothing for the cause of our gender in a male-dominated industry. People point at your blog, and they say “THIS- this type of attitude is why we don’t seek out women, they do THIS.” No one wants to help whiny, angry b!@***$ who demean men, attack the system, and offer no constructive solutions. Hell, I’m a woman, and I don’t even want to help you.

So now that I have that off my chest, I want to mend a few perceptions. I wholeheartedly support the well-thought-out initiatives to engage women in STEM and to bring more women in to infosec. I think the Executive Women’s Forum’s LIFT program for women mentoring women is genius, constructive and helpful. And, while I support these programs, I still think there’s a great room for improvement. I won’t say “you’re doing it all wrong” but I’ll say “you’re not quite doing it right.” Again, more of my opinions on that coming soon.

For now, I think we need to encourage women to seek help and support from ALL people – men and women. And we should all understand that during changes, there are times when things aren’t fair, when things are frustrating, and a little messy. Stay classy, stay calm and cool, handle it like a lady, and we’ll all come out winners in the end. Life’s not fair, but you can work with the system, instead of against it for better results.

P.S. For all of you that are frustrated, you can start a better path forward by being more mindful, more attentive, more introspective. By learning to RESPOND instead of REACT. If you’re at #RSAC and interested in taking this first step, I encourage you to attend our session Wednesday morning “Neuro-hacking 101”.

# # #


Author, speaker, and recognized authority on network and wireless security architectures, Jennifer (JJ) Minella helps organizations solve technical problems and align teams.

View all posts


  • You work at a family owned business, right? Do you think your opinions about this phenomena are influenced by this? i.e. do you believe it is possible you may have a different experience than someone whose family was not already in a STEM business or who spent their STEM career surrounded by strangers and rivals?

    • Hi Curious Beaver,
      Absolutely; that’s why I said in many ways, I’m privileged. (I’m also at a disadvantage for many other reasons.) However, that benefit doesn’t extend beyond the walls of our offices. I have to fight like everyone else to win and execute client contracts, engage colleagues, earn spots speaking at events, get writing gigs, sit on a board of directors, etc. While I may be protected in one of my LinkedIn titles; the other 6 or so I currently hold I had to work very hard for, and many of those are positions that I certainly had help with – so far the help has come from men, and I owe many of them “thanks” for believing in me, trusting in me, and helping me get where I am today.

  • Great article, I see the same and feel the same. I don’t see InfoSec professionals as male or female, I see them as just InfoSec professionals. I do have experience with women in security, both technical and managerial. I had no issues working alongside them, and there were rarely any differences between them and male technicians or managers. I believe that those who pound their fists demanding more XX/XY chromosome pairs in a certain field are just mad they don’t have a buddy at work to relate to professionally and biologically. This should not be the reason, it’s childish and hinders the integrity of InfoSec.

    I do support more STEM related courses in schools, especially programming. I didn’t have this opportunity in school, we had to follow a strict schedule and rarely could choose our own classes — I always regret not taking programming at an early age. Ultimately, I believe it’s boys/girls perception of the “coolness” factor that influences their interest in a field such as InfoSec — something I believe can be accomplished.

    • Jamey, you may have hit the nail on the head with the “coolness” factor. Maybe the next big question is, how to we appeal to, and appear “cool” to the females at a younger age?

  • Call me in 20 years.

    You see, I’m not deliberately ignorant of “politics” such as gender issues like you. I know that the thing about saying yes is based on science. I know that there are reasons behind the recommendations that those women have that are based on science. You have implied that they are stupid because you are ignorant of the science and thus think it doesn’t exist.

    Yes, you have privilege. I have faced discrimination based on my gender since I was a child. My family discouraged me from STEM. My teachers discouraged me from STEM. I was told by adults all my life that I was *faking* being smart because girls aren’t smart.

    But I ended up in STEM anyway and after years in STEM do you know what I found? The only difference as an adult is that the sexism is *sneakier*. But hey, let’s get guidance from men without knowing in advance whether their guidance is an attempt to sabotage us because women shouldn’t be in STEM. I’m sure that such men will have great ideas on how to handle sexism against us.

    Oh wait, that’s right. The way to handle sexism against us is to assume that it’s not sexism, put up with it, pretend it doesn’t exist, and insult the women who talk about how to manage it. I tried that for decades. It doesn’t work.

    • Hi Jen,
      I’ve been in the tech industry for 19 years; I’m not just getting out of college wide-eyed and naive. I really hate that you’ve had poor experiences in pursuing STEM at a young age, and in dealing with men in the industry as an adult. The experiences of mine, and many women around me, have been ones of great support and trust from everyone- men and women. In fact, I don’t want to discuss details, but I can say that the one time I was stabbed in the back (that I know of) it was by a female in the industry, and (I’m told) that happened out of prejudice and jealousy the person was experiencing at the time. My goal wasn’t to diminish the struggle that women have, only to offer a perspective that we can ALL help one another succeed. Also, I think maybe in haste or frustration you misread a small part of my post. I am saying there are differences between men and women; neurological, biological, proven by a large volume of scientific data. I’d like to talk about that more, and let us all work together to identify those areas where women have an advantage; where men have an advantage – and then go in to these discussions with some clarity on exactly HOW and WHEN women can add a unique value, and seek and hire to those positions/skills/needs.

      For the sake of us all, I genuinely hope you’ll still give it a chance, keep an open mind, and that the experiences you’re having will be more favorable. We definitely don’t want to lose the few women we have now!

  • Good call JJM … You go girl!!

    I will add that these tactics are used by miscreants who cut across gender, race, ethnicity, and whatever new categories
    society comes up with. It is usually a smoke screen to obscure underhanded trickery. I recognize that this is your field
    but I have seen and experienced these tactics in all disciplines (and life) and not just in the information security arena.

    Whenever I see such tactics being used and slogans being slung around … I immediately suspect something underhanded is afoot … after all where
    there is smoke(screen) there is always a fire!

    What we need to emphasize in this the 21st century … nay demand … is that everyone pull their own weight and not use “sleight of hand and sloganeering” to move
    “hidden agendas” forward. Also taking a stand like you have done and making such calls publicly is a good way to STEM the rot (pun intended).

  • I put male in my title because I have no right to weigh in. I do not have the female experience. I do not know what it is like to have those kinds of pressures or even if they exist. But I do have a thought for all those who operate under any of these old beliefs.

    I look for anyone who can solve my info-sec problems. I collect smart people. I say if you have a bias against women or anyone else, that is good for me because I will scoop them up and get them to kick your ass in the next contract.

    So the question becomes, what if they are not trained or ready? Smart is still smart. If I see that talent and it needs fostering, mentoring, or my talent; I am all in.

    So keep on being bias. I will reap the reward. I don’t really mean that in the true sense. I want all the smart people to win.

    Gender makes the game more fun.

  • While I hear what you’re saying here, it seems to me that there needs to be some clarion call to men-some impetus to call them to support women in the industry.

    It is my experience, even as I sit in a restaurant in San Francisco during the RSA Conference, that there remains a general attitude of patriarchy among men. I have overheard at least two separate conversations in which the male voice dominated, and I have no reason to believe that an alternate option exists. I look forward to your upcoming post to soften my view of how women are regarded in our industry.

    • Hi Mike,
      That’s a great point. I’ll say this – most of the men that I know in the industry are MORE than happy to help women. In fact, they’ll go out of their way to do so, and not in a patronizing way. As I mentioned, I’ve had amazing support from the men in our industry, and I’ll write on that soon, but it goes beyond that. After writing this article, I was flooded with people (men) walking up to me in person, tweeting to me, DM’ing me and emailing me to say “hey, I’m happy to help!” These guys are willing to give their time and resources to help women of any age, background or experience. The only caveat I heard- a woman shouldn’t coming in blind, ignorant, and try to ride the momentum of other “non-intellectual assets” (if you know what I mean). In other words, don’t roll up to a party with 0 knowledge, bat your eyelashes, shake your ta-tas, and ask for help. And, of course I completely agree with that!

  • I’m not going to say what gender I am but I will start out by saying I avoid conferences because after time and time again after reading blogs like this confirms my beliefs that these type of interactions are toxic hence the bad moods and frankly never ending nit picking as a result of bruised egos. It seems like conferences attract speakerers who are on some type of selfish power trip and then run to social media for affirmation of self worth. It’s very sickening to see someone whom I know (not the author of this blog), whom I have extensive personal knowledge of speak at one of these engagements a lie so badly about their own character then watch the brainwashed minions believe it. Very scary. Security people seem to be very guilable in general but most people are who are driven by ego alone. I work in the industry but have no desire to engage in such toxic behavior but it seems that’s where the big bucks are, in the throws of corporate cults, idol worship, expense account spending addictions, exploitation, cheating, lying, you name it, I’ve seen it all. Very sick community of people. Maybe someone should hand out guitars at these events, at least rock stars are interesting.

    • I’m sorry to hear that. I hope you’ll realize that this type of “ranting” and controversy is a tiny, insignificant part of our industry and especially for conferences like RSA. Please don’t let the 1% ruin the 99% value you’d get from attending, learning, and connecting at these events!