Despite much focus on increasing the number of women in cybersecurity, as an industry we are still falling short. For many companies the problem starts with the tech pipeline—there just aren’t enough resumes from qualified female candidates. But I think the real problem is that our definition of qualified is too narrow. It’s so narrow that many women and people from other underrepresented backgrounds don’t identify with cybersecurity. And it limits our ability to evaluate potential defenders. Hiring managers too often reject excellent candidates who don’t check all the boxes. At Fortalice, we do things differently, and as a result nearly 40 percent of our team are women.
During Women in Cybersecurity month, Microsoft is publishing blogs by female cybersecurity leaders who have advice on how to increase the number of women in the field. Last week, Diana Kelley wrote about how to create a culture that helps people of all of backgrounds thrive. In this post, I’ll share four tips for recruiting more women.
It starts with commitment
Increasing diversity requires focus and attention. If you sit back and passively wait for the right resumes to land in your inbox, nothing will change. Much of this starts with the executive team making a concerted effort to take a stand and ask themselves and their organization why they don’t have more women on their teams. Diana’s blog does a great job of walking through some of the cultural aspects that make it hard for diversity to thrive. With the right commitment, you can put structures in place to find the people that you want.
With the coronavirus outbreak around the world, pay attention to your commitment to allow flexible schedules and the flexibility to work from home. Your female employee may be a caregiver to a parent or might be working from home while her children are remote schooling.
Expand the criteria
Cybersecurity is noble work. Every day we defend privacy and protect identities. We use creative problem-solving skills to outwit our adversaries and help people. It’s technical and analytical, yes, but it also takes interpersonal skills. Yet this isn’t how the public envisions cybersecurity. Most imagine a young white guy with poor social skills sitting in the dark, surrounded by more of the same—usually all wearing hoodies. It sounds boring, right? Is it any wonder that so many people opt out?
The stereotype discourages more diverse candidates from seeking us out, but we compound the problem with ridged job requirements. Many hiring managers are leaving women and minority candidates on the sidelines by chasing the same resumes, the same degrees, and the same alphabet soup of certifications. While these are some of the indicators of a successful hire, they aren’t the only ones.
Expand your criteria. The best cybersecurity professionals are insatiable learners and highly skilled problem solvers who think about the user while never underestimating the adversary. Take a chance on people outside cybersecurity or who don’t have a college degree and invest in cross training. Some of my team members started out in a different field. Now they are among the best, most well-rounded defenders in the industry.
Start young
I went to high school at Marine Corps Base Quantico, which mandated a class in computer programming. Thanks to that class I discovered that I have an aptitude and passion for technology. I might not have ended up in cybersecurity if it weren’t for that class. I’m so grateful that the U.S. Marine Corps and the Department of Defense saw the value in us learning new technologies and made this non-negotiable. We need to take this lesson and apply it more broadly. Women who don’t start developing technical skills early are at a great disadvantage when they compete against others who learned to code when they were young.
One way to do this is with training programs for kids. I partnered with another cybersecurity female leader from Cisco and members of FBI InfraGard to found the InfraGard CyberCamp in North Carolina. The program provides security training, security tools training, forensic analysis, and other activities and is hosted at Microsoft’s Charlotte campus. To get the diversity we want, we go directly to the organizations that know girls, kids of color, LGBTQ youth, and economically disadvantaged kids and ask them to apply. The extra effort works; each year, the camp graduates 30 kids from all walks of life—male, female, and economically disadvantaged students included. As more security conferences look to create “hackathons” for middle and high school students, as well as scholarship programs for college students, they must deliberately foster diversity.
Provide a platform for your cybersecurity women
Many young women are looking for role models. They want to feel connected with their coworkers. Send women from your organization to recruiting events on college campus so prospective candidates can get to know your team. Elevate the female leaders at your company with articles or speaking roles at conferences.
As people see more women and other underrepresented groups in cybersecurity, stereotypes will be tested. This will encourage a diverse group of people to apply. We need them! Diversity will make us better at solving the complex problems inherent in cybersecurity.
Learn more
Fortalice started a group called Help a Sister Up on LinkedIn, #hasu. This space is dedicated to advancing women in technology and serves as a rallying point for them and their male advocates. We post job openings, articles, and avenues for discussion. Please join Help a Sister Up.
Theresa Payton is CEO and President of Fortalice—a group of “former White House cyber operatives and national security veterans who have honed our craft protecting people, business, and nations for decades.” Theresa was the first female CIO for the White House and was named One of the 7 Women at the Top of their Game by Meeting Magazines.