Okay folks, I’m tired of hearing about “women in infosec” in its current topical form. I’ve stayed miles away from this topic for years, but now I’m going to speak up. And, to start the conversation, I call BULLSHIT. Not on the notion that we need more women in infosec, but on the methods, the justification and the explanation of why (or, lack thereof). Hang tight for that one – the why – that’s coming in my next post.
Let me start by saying I haven’t read anyone else’s rants or posts on this topic recently. I don’t want to; they usually infuriate me. From my experiences thus far, the most vocal women are either going off half-cocked with chronicles of sexism and misogyny, or they’re sermonizing the need for women to empower women –for women to band together and rise up. Both of these approaches fail for me, for two different reasons. A session here at RSA has lit a fire in my little girly heart.
Yesterday I attended a panel at RSA on the topic; “Right Skills, Right Time, Right Industry: Women in Security” led by Julie Peeler of the (ISC)2 Foundation, who puts out a great study – the (ISC) 2 Global Information Security Workforce Study. This study is juicy and there’s some really interesting data there; check it out. There were five women on the panel, and Julie moderated. Every one of these women is extremely intelligent, successful and motivated, and I have a pure respect for each of them. But, I think they have it all wrong. Listening, I realized for every comment made, I agreed with one or two, then disagreed with the next. In the end I think I had about a 68% agree-with rate.
For example, one panelist said “women are more open to saying “yes” to requests than men” because they’re women. That’s crap. They may be open to saying “yes” because they’re new; they don’t have the longevity and experience that creates the “automatic no” mindset in security. Men and women can both cultivate openness via mindfulness (see the bottom for more, and for our session on this Wednesday at RSA). It’s not a gender thing. If your kid keeps asking you for ice cream, and you keep saying “no” it just becomes semi-habit. Women are no better or different here than men. But, they are different in other ways, and it’s those other ways that should lead these discussions.
Other panelists said our environment and our culture in America is the primary cause of a gender shortage in STEM-centered industries like infosec. I don’t necessarily disagree with that, even though my experiences were quite different. But I would pose the question of whether our industry is producing (and highlighting) motivated, creative thought-leaders; people that capture the hearts and attention of others; people that lead; people women want to learn from, and follow. Maybe we’re missing or not communicating the charisma, the soul, or the passion little girls want to look forward to in their careers. Maybe to attract diverse groups, we need to be life-leaders, not just thought-leaders.
People ask me all the time about the subject of women in the industry. I usually roll my eyes and comment that it falls in line with discussing politics and religion; avoided at all costs, but here I go.
Here’s where I come from; I grew up in this industry, but before I got here, I was a kid who loved science and math, and I had parents that nurtured that passion. My Dad taught me binary when I was but a wee lass. He taught me calculus early, because I demanded to know what the “sin” and “cos” buttons on the calculator meant. Being the math genius that he is, he used the opportunity to launch a full-scaled course, books and all. Maybe I’m privileged; maybe I had advantages that others didn’t; maybe I was set up for success early; maybe I’m naïve; you’re entitled to any of those opinions, and I wouldn’t argue it. But while school sets you up for many of life’s lessons, navigating the tribulations of 8th grade isn’t the same as managing a successful career, in any industry. And, while there’s a component of reaching girls early in life, we should look at our current situation closely first.
Based on the (ISC)2 Foundation’s study, women make up only about 10% of the industry (it’s 11% but I like round numbers). Obviously, there’s a gender gap, and obviously organizations, teams and even individuals can greatly benefit from all types of diversity.
But why, as women, are we trying to pigeonhole ourselves in to achieving our success by attaching solely to already-successful women? Why do women have to rely only on other women? Isn’t that sexist on our part to assume that all men are such chauvinistic pigs, they wouldn’t deign to help us? By making that assumption, I really don’t know who we’re demoralizing more; we’re either saying men are pigs, or women are inferior.
While Julie stuck with the facts of the study, the majority of panelists were definitely very woman-help-woman, she-power, X-chromosome FTW. Why can’t men help women, and women help men? Why can’t we assume we’re equal and proceed under that notion until someone demonstrates otherwise? And, while we know diversity is good, why aren’t we talking about the scientific and medical research that demonstrates the differences in female and male brains and processing information? After all, that’s the source of the diversity – something we can quantify, and a tangible body of evidence to prepare a case for gender diversity. We like facts, give us facts, not feelings. On a side note, I feel passionate about this because men (not women) got me where I am today. I’ll thank some of those men and include more in my next post.
And this panel aside, I want to ask the other group of women: why do you feel that drawing ranting, negative attention to the subject will make anyone (men or women) more receptive to talking about the topic? It’s a huge turn-off and I wish you’d stop. Stow your vinegar and go grab some honey. Stop throwing virtual temper-tantrums; it makes you look immature, and certainly does nothing for the cause of our gender in a male-dominated industry. People point at your blog, and they say “THIS- this type of attitude is why we don’t seek out women, they do THIS.” No one wants to help whiny, angry b!@***$ who demean men, attack the system, and offer no constructive solutions. Hell, I’m a woman, and I don’t even want to help you.
So now that I have that off my chest, I want to mend a few perceptions. I wholeheartedly support the well-thought-out initiatives to engage women in STEM and to bring more women in to infosec. I think the Executive Women’s Forum’s LIFT program for women mentoring women is genius, constructive and helpful. And, while I support these programs, I still think there’s a great room for improvement. I won’t say “you’re doing it all wrong” but I’ll say “you’re not quite doing it right.” Again, more of my opinions on that coming soon.
For now, I think we need to encourage women to seek help and support from ALL people – men and women. And we should all understand that during changes, there are times when things aren’t fair, when things are frustrating, and a little messy. Stay classy, stay calm and cool, handle it like a lady, and we’ll all come out winners in the end. Life’s not fair, but you can work with the system, instead of against it for better results.
P.S. For all of you that are frustrated, you can start a better path forward by being more mindful, more attentive, more introspective. By learning to RESPOND instead of REACT. If you’re at #RSAC and interested in taking this first step, I encourage you to attend our session Wednesday morning “Neuro-hacking 101”.
# # #