3 Realities for Women In InfoSec

While Chief Information Security Officer, Director of Cyber Security Operations, Digital Forensic Investigators or Penetration Testers were likely not our dream jobs – or even dreamed up yet – when most of us were little girls, we now know just how opportunity-rich the Information Security field is among all industries – from entertainment to healthcare to education to space travel and all industries we likely did dream of working in one day.

Last month, the Tampa Bay ISSA chapter brought together a panel of distinguished female leaders in Information Security for the 1st Annual Women In Security event to discuss opportunities and challenges of being a woman in the infosec field.

I was so energized by the enthusiasm of the women (and a few good men) who attended the event that I literally couldn’t sleep that night.  I ran through the numerous key takeaways from the event and finally boiled it down to three key realities:

 

1. Huge opportunities exist now and in the future.

According to Marci McCarthy, CEO of T.E.N., there’s incredible demand growth in the near future for information security:

• Information security jobs are expected to grow by 53% by 2018 – Bureau of Labor Statistics
• 25% of all organizations have a problematic shortage of information security skills-Network World 2014
• Among the most sought-after professionals in the tech sector with demand for workers in cyber security field outpacing the other IT jobs by a wide margin – CIO Magazine 2014
• Demand for cyber security professionals has grown more than 3.5x faster than the demand for other IT jobs over the past 5 years and more than 12x faster than the demand for all other non-IT jobs. Current staffing shortages are estimated between 20,000 and 40,000 and are expected to continue for years. –Burning Glass International

*Research and statistics gathered and shared by Marci McCarthy, CEO of T.E.N. for the Women In Security Presentation. Download the full presentation here:  http://ow.ly/EegXv

There were are also several attendees representing colleges and universities that now have programs dedicated to IT and Cyber Security, including the newly created Florida Center for Cyber Security at USF and Nova Southeastern’s CIPHER (Center for Information Protection Education & Research). You can find a  more complete list in Marci’s Presentation.

With all of these opportunities, believe it or not, women actually have a huge advantage.

Only 11% of the global InfoSec workforce is made up of women, according to the ISC2 Global Information Security Workforce Study. As women and minorities in the industry, we have the ability to stand out in this job market specifically because we bring diverse perspective, leadership talents and the ability to be flexible by nature. Executive leaders are seeing the importance and value of diversity and soft skills that women can bring to the table.

I’ve learned this firsthand from three amazing women who introduced me to the information security world after being recruited by them to Wisegate. I worked closely with Stephani Williams, our VP of Member Services, and Kirsten Moran, our VP of Sales when they began working at Gartner through the Burton Group acquisition. Since joining Wisegate, I have had the honor of working closely with our founder and CEO, Sara Gates, who is an incredible inspiration to successful leaders in IT and security information industry in her own right. I have also been fortunate enough to work with our inspiring leadership team full of talented and smart ladies, including Denise Court, VP of Member Engagement, Tamara Rezler, VP of Everything… err… I mean Operations, and Cathy Wofford, VP of Revenue (A.K.A Controller and awesome-get-things-done-now leader).

The recognition of these incredible ladies is not to downplay the importance or value of our unbelievable guys, including co-founder Dan Dinhoble and Rich Pusateri (no relation) on the leadership team, because they are really awesome too. But, after all, this post is about the ladies.

Hiring Managers Are Looking for Women to Lead InfoSec.

Women bring diversity and leadership skills that work well in Information Security. In fact,  Sherri Vollick, IT Security Manager, Holland & Knight, shared a story that when her the hiring manager came across her resume, he went gleefully screaming down the hall, excited shouting,

“I found her!”

Additionally, Paige Needling, Sr. Director of Global Info Sec, Recall Corporation, discussed how she was able to elevate her career into IT leadership by offering to be a front lady for her male colleagues. She used her communication skills and business expertise to successfully secure funding for IT projects and resolve communication disputes. She recalls:

“I offered to take on those conversations that my socially challenged techie male colleagues dreaded. This made me their ally, and I was successful in selling the projects and getting the budget we needed.”

 

2. Technical skills are the price to play, but soft skills are critical to win. Invest in personal development & your brand.

I was thrilled to hear the conversation turn to a subject I am very passionate about: personal development, branding, marketing and soft skills.  Marci McCarthy, CEO of T.E.N. and Anne Kuhns, the first CISO for the Walt Disney Company, shared their thoughts with the mostly female audience. See more of Anne’s advice in my blog post  Disney’s First CISO Shares Her Insights.

“There is so much opportunity to advance in a highly visible position.”

She was also quick to reinforce the idea that your career growth is up to you. Just doing a good job isn’t enough. You have to market yourself to get where you want to go.Marci, in addition to sharing in-demand opportunities, also shared her advice to aspiring women through her well-prepared presentation and solid advice:

“Learn hard & soft skills and invest in personal branding.  It’s not enough to have technical skills and abilities. The soft skills (communication, marketing, personal hygiene, branding) are what will set you apart from your peers, make you memorable and lead to your success.”

She then shared her tips for personal development and branding:

1. Get a headshot. It is the best investment you can make in your career and personal brand.
2. You are selling yourself to the business.
3. Answer questions on LinkedIn and get involved in the conversations.
4. Get a mentor.
5. Do “Lunch & Learns” and share your expertise.

 

I would add that we need to continue to promote each other in this field. When we help each other personally with our advice and mentoring and professionally with our networks and recommendations, we all win.

 

3. Change is the new norm – adapt or get out of the way!

Change is the new norm. If you can’t adapt, you will get left behind. Also, do not roll the dice and blindly follow one path. Look at all of the changing opportunities – some opportunities that have been available in the past don’t exist today.

During the conference, Karen Zwolski, Vice President, IT Security at URS Corporation, talked about the challenges and fast paced change that happen in the corporate world, as URS was just acquired and went from a company of 40,000 employees to a global enterprise of over 100,000.

“It is even more critical to stand out and be heard in times of change and uncertainty with mergers and acquisitions. I have to be flexible and willing to change, as the company’s needs change in order to successfully lead an Information Security program protecting an organization of technical professionals that has instantly more than doubled in size.”

Anne Kuhns added:

“When companies make a major technology platform shift, potentially up to 1/3 of technical staff won’t make the leap.”

Rini Fredette, Senior Vice President & Enterprise Risk Officer at PSCU, pointed out how the field can be as exciting as being a spy or being the James Bond of IT.

She had to be ready for change when she was asked to build the information security program at PSCU, then change again when she was promoted to overall Enterprise Risk Management.

So with all of the opportunities in information security here now and on the horizon, coupled with the unique talents and abilities women can bring to the workforce, the obvious question (which, thankfully, was also asked by a fabulously successful IT business development professional sitting next to me, Lisa Crow): How do we get more women involved in Information Security?

One way: start young. Rini enlightened us about the STEM programs that the Girl Scouts of America are leading:

“Girl Scouts have STEM programs that are encouraging girls to be anything they want to be, so we do have resources available to encourage girls at a young age to take interest in technology careers.”

(You can also check out the really cool feature on their website called the Inspiring Women Timeline)

There is also a huge focus on information security now in schools, from elementary to University, with several programs and scholarships geared toward women.

I wanted to especially thank Marci for her efforts in promoting the incredible Leading Ladies of InfoSec. I personally think it’s pretty cool to be an entrepreneur who has launched and runs three successful companies that connect and recognize top executives in IT Security. Add on top of that your own custom logo personally designed by Christian Louboutin and a holiday named after you (March 13, 2012 was decreed in by congressional citation Marci McCarthy Day, and I’d say Marci’s earned some bragging rights.

As an added bonus, I’ve added my Top 10 Takeaways version of the key takeaways from the event below:

1. Huge opportunities exist in information security.
2. Change is the new norm.
3. Take responsibility for your career.
4. Invest in your personal brand.
5. Take risks – It’s okay to be afraid and Its okay to fail – that’s how we learn.
6. Seek out mentors and drive those relationships.
7. Get involved & network.
8. Read as much as you can to stay on top of the trends.
9. Technical skills AND soft skills are crucial
10. If you are reading this now, please share it with the girls and women in your life so that they can be aware of these opportunities, and we can all do our part in promoting strong female leaders in this growing and crucial career field.

I am passionate about helping people and I always welcome advice and feedback from those more experienced and wiser than me. I am also happy to introduce you to Wisegate, where we connect senior InfoSec and IT leaders in a private, vendor free social platform and arrange exclusive roundtables and match members to help each other with their challenges. It is the perfect place to find a mentor, solve problems, save time & money in the process.

This is the third Part in a 3 part blog series. Please check out the first post Women Insecurity  and the second part Disney’s First CISO Shares Her Insights with Women In IT Security.