The Unicorn Extinction Series: An Introspective Analysis of Women in Cybersecurity, Part 3

Posted on by MacKenzie Brown

In part one of this series, we examined the diversity problem in Cybersecurity and learned about the Unicorn Law.  In part two of this series, we learned the ideas and conclusions of senior leadership and technical women in the industry in order to gain a woman’s point of view. We aren’t finished with their conclusions yet and will begin with their most significant and practical ideas in education and conclude the series with the creation and measurement of the return on investment of women in Cybersecurity. 

Education and Opportunity

The field of cybersecurity has a multitude of different educational resources available - from obtaining degrees in computer science, to attending hands on training, as well as the many certifications now offered that test and certify cyber competency. When reviewing educational resource options, these women had some excellent recommendations based upon their experience. 

These recommendations for resources and skills include: 

  • Technical trainings that range from penetration testing, reverse engineering, network analysis, and the fundamental basics of information system architecture. 
  • An understanding of critical skills such as threat modeling, secure coding concepts, incident response, business finance, and data analysis. 
  • Attending hands on courses, such as what SANS offers, in order to immerse yourself within a focused crash-course and then test and certify your ability. 
  • Attending conferences, both large and small, in order to network and connect with field expertise. 
  • And finally, although many tech and analyst positions are obtainable through certifications alone, aspiring to an executive and C-suite level positon requires furthering your education by obtaining a bachelor or masters level degree. 

Jessica commented on the need for technical training as well as a deep understanding of business principles: “We have an across the board fundamental lack of foundational security building blocks to build off of in businesses. Everyone wants to do cool and sexy but doesn’t know how many computers you have or versions of OS. Your tools aren’t fancy if you can’t count.” 

The Return on Investment by Investing in Women

There may be a notable gender gap within cybersecurity, but there also lies great opportunity as well. Organizations can help narrow the gap, but there is also tremendous opportunity in women helping each other as well. 

Some things that companies can do to help, include: 

  • Providing continuous education, empowering and encouraging women to acquire new skill through additional training and certifications. 
  • Using this development training to promote from within. 
  • Reaching out to communities to encourage young women from junior to high school levels to consider cyber security as a career. 
  • Seek out women candidates for jobs, both independently and utilizing outsourcing recruitment if need be. 
  • At events, refusing to field all male panels. 
  • And most importantly, encourage the discussion about the benfits of a diverse team. 

Women can help support one another by: 

  • Becoming evangelists for passion. Promoting the exciting world of cybersecurity and the potential its showing for global growth. 
  • Look to mentor those more junior than you. Take a proactive approach to both being mentored and mentoring others. 
  • Women networking with other women through organizations supporting the cause. 

By leveraging skilled female cybersecurity prospects, providing conversation, further guidance, and solutions to businesses who are hiring, and continuing the overall conversation around “Unicorns” towards eliminating the phrase and anecdote by establishing true diversity, Cybersecurity can begin to fill these vacancies. We may even establish that diversity is the natural evolution within the workplace when skills and assets have been normalized in pure professional development.

MacKenzie Brown

Associate Research Principal, Optiv

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs