SecurityBrief Asia logo
Asia's leading source of cybersecurity and cyber-attack news
Story image

Where to from here? Women in cybersecurity speak up

FYI, this story is more than a year old

For this year's International Women's Day, the theme is #BalanceforBetter - focusing on encouraging a more gender-balanced world.

Lack of representation, the glass ceiling, a gender pay gap and toxic attitudes in the workplace are just a few of the challenges faced by women working in technology today.

International Women's Day is an opportunity to reflect on how far the industry has come in treating women more equally, but also to rally together and put measures in place to improve the situation for future generations on the cusp of entering the workforce.

Here are what women working in cybersecurity have to say:

Ping Identity A/NZ marketing manager Vivienne Horsfall

Attracting women into IT starts from the grassroots.

Changing the perception of STEM programs in school is paramount.

Programs must be inspirational, relevant and capture the imagination while evoking an intrinsic 'coolness'.

Providing influential female role models and mentors is extremely powerful as girls can project their future self.

Getting excited about the application of STEM in the real world is an important element to capture their imagination.

These experiences must be relevant to the different development stages to have greater appeal. For example, the younger girls tend to want to have fun so an excursion to a theme park working alongside engineers to understand the design and technology of building a roller coaster is appealing.

As they mature there tends to be increased consciousness of the world around them so investigating technologies that are saving the world - cleaning water supplies and our oceans becomes more relevant and finally playing with the technologies that are changing our lives such as robotics - AI.

The workplace itself is changing and as more companies embrace and honour their mantra and truly understand the benefits of a diverse workforce, women will feel valued and the domino effect will prevail.

Aura Information Security virtual security consultant Petra Smith

The cybersecurity skills shortage is approaching three million people globally but less than 20% of the current workforce in the industry are women.

This comes at a time when analysis from AustCyber suggests that a shortage in Australia's cybersecurity workforce may be costing the country more than $400 million in lost revenue and salaries and predicting that we may need 17,600 more cybersecurity workers by 2026.

Diverse teams are better at solving problems and in an industry that's all about solving complex problems, the lack of diversity another business risk.

So how do we solve the problem of gender inequality in technology?

Representation matters.

Women and gender minorities need to see people like them succeeding.

It isn't enough to interest young women to enter the industry.

We also need to break down the barriers that keep women from advancing and becoming tomorrow's role models.  

LogRhythm Asia Pacific and Japan senior regional marketing director Joanne Wong

While we've made good progress in improving gender equity in the workplace, there's still a long way ahead towards achieving greater gender diversity in our technology talent pool.

To help strike the balance, we will need to rally both organisations and individuals.

From an organisational level, companies will have to set the stage to help women acquire tech-related skills.

These organisations can pave the way for women to either shift their careers or develop a hybrid skillset, marrying their current skills with technology.

For example, a finance manager can learn analytics which may be relevant for fintech companies.

On the individual level, it is important for women to adopt a mindset of lifelong learning and constantly upskill to stay relevant.

In a fast-moving environment where organisations are going digital, cybersecurity know-how is becoming an increasingly vital skill set for any employee.

Women who are willing to learn this skill will be able to get an edge over the others and in fact, play a significant role to help the company grow.

Gender fairness at the workplace is a big ambition but definitely one that is achievable.

As a cybersecurity professional, I believe technology will be the heart of some of the biggest changes in the next decade.

Artificial Intelligence will be a huge enabler but we will still need irreplaceable abilities such as human instinct and experience to help us discern false positives from true cyber incidents. Women will be able to harness their 'women's intuition' by giving a different perspective based on their life experiences and wisdom.

It is those who are able to leverage both technology and personal skill sets that will truly stand out from the crowd.

ExtraHop security product marketing senior director Barbara Kay

The need for both male and female cybersecurity professionals creates a great, reasonably level playing field.

Today's youth are growing up surrounded and buffeted by security and privacy concerns.

Using tools like Khan Academy and code.org, anyone can get more comfortable with the technical components and then layer on understanding of the security concepts.

Gaining a certification in security is also a way to establish credibility - and frankly this space is starved for people.

Bring your curiosity and you will find more environments using tools and automation to facilitate effective workflows and an environment that enhances skill development on the job.

When it comes to cybersecurity, learning never stops for both men and women.

CQR Consulting senior security specialist Shannon Campbell

Born in the 60s the term “Information technology” applied to the amazing ability to store and index data in place.

The focus switched to the evolving IT space where coding created capability and then hackers broke the code.

Today, this coding and the hacking focus and stigma of sitting behind a desk staring at a computer all day is what girls believe “being in IT” is all about.

My version of IT is much wider, sexier and much more involved than coding and hacking.

The ‘IT' space has evolved rapidly.

 We have the world at our fingertips, we are interconnected and it is an essential enabler of business. Do we need to change the name of IT to something more representative of today to inspire?

By changing the name, can we reach a whole new generation of girls and young women who want to be communicators, problem solvers and global entrepreneurs in an integrated corporate environment?

Can we help companies build empires, market goods all over the world, secure secrets, create effective and efficient human processes to support this critical enabler?

This new world view must be mentored in the workplace and marketed by women to schools and universities to capture the interest of the next generation and leave them with powerful images of the possible.

Real life stories from real women in ‘IT' will really help in explaining what was the outcome that was achieved by my contribution.

One day I can be reviewing a corporate network to assist executives with a holistic view of people, process and systems to support decision making, smart investments and company growth, the next day assessing the complex business and information communication requirements of a fully integrated jet using satellite communications, airport ground systems, people and process or helping deliver a secure and manageable data store assist in the management and safety of women in hiding from abusive partners.

This approach could shape the education pathway where Information communication technology skills are seen in multiple streams (not just seen as STEM),  align with business and personal goals and enable girls and young women to visualise outcomes much bigger than coding and hacking.

The success of the integrated corporate environment requires a holistic approach to business (including computers, risk, security, people).

You can be a master of one or generalist.

It's not just ‘IT', it's not just for coders and hackers.

There a real skills shortage in information communication technology corporate integration experts.

It's about business goals, communication, risk, security and money at all levels of business.

SolarWinds head geek Destiny Bertucci

International Women's Day is here, and it's great to see that year after year, it's growing in recognition and importance.

In my work, I'm already fortunate to be surrounded by women.

And the good news is that—looking at the wider industry—I can see change is afoot, particularly in encouraging the next generation of female leaders in cybersecurity.

Because I'm so passionate about cybersecurity, and because I'm a mother myself, I feel that STEM programs can help many girls get started in IT.

Just a few weeks ago in Sydney, the Australian Computing Academy (ACA) announced the launch of the Schools Cyber Security Challenges as part of the curriculum for Australian high school students. Initiatives like these will ignite a passion in young children—especially girls—to work in IT and phase out any question of gender equality in the future.

Ultimately, working in IT comes down to a passion for problem-solving, day in and day out. Cybersecurity needs people who love to read and find answers; developers to help create new ways to block threats and help protect data in every sector; and, of course, a dose of charisma and good relationship-building skills go a long way, particularly when driving security policies within an organisation.

International Women's Day is not only a great reminder for people to take practical steps to address the ongoing gender imbalance we face in certain industries and countries, but also that women can break glass ceilings and soar in any capacity.

Related stories
Top stories
Story image
Malware
Black Lotus Labs discovers new, multipurpose malware
Black Lotus Labs, the threat intelligence team at Lumen, has discovered a new, rapidly growing, multipurpose malware written in the Go programming language.
Story image
Distributed Denial of Service
Sysdig reveals a loss of $53 for every $1 cryptojackers gain
The 2022 Sysdig Cloud Native Threat Report breaks down supply chain attacks against containers and how geopolitical conflict influences attacker behaviours.
Story image
Firewall
Barracuda accelerates growth in its data protection business
Barracuda cloud-to-cloud backup protects against evolving cyber threats, such as ransomware, and is now transactable in the Azure Marketplace.
Story image
Apple
Jamf shows intent to acquire mobile security firm ZecOps
This acquisition positions Jamf to help IT and security teams strengthen their organisation’s mobile security posture.
Story image
Work from home
Jamf showcases new products to simplify and secure work
At the 13th annual Jamf Nation User Conference, the company shared how its continuous product innovation is helping organisations succeed with Apple.
Story image
Network Management
Fortinet introduces enhanced AIOps across its gateways
FortiAIOps builds on Fortinet's rich history of developing artificial intelligence to deliver actionable network insights for self-optimising management.
Story image
Kaspersky
Cybersecurity loopholes prevalent in South East Asia
In terms of the share of vulnerabilities with publicly available exploits, three countries out of top five are located in Southeast Asia.
Story image
Cloud
How modern IT architectures are moving beyond network visibility
Dealing with multiple cloud providers makes it difficult to identify security threats and performance bottlenecks and troubleshoot issues.
Story image
Data Protection
Cloudflare brings Data Localisation Suite to more APAC businesses
This allows any business in these countries to service their data locally while benefiting from the speed, security, and scalability of Cloudflare’s global network.
Story image
Ransomware
Delinea updates DevOps security, remote access more seamless
New enhancements include development support on the most recent Mac computers and improved secrets' management usability through automation.
Story image
Cybersecurity
Employees unsure who to go to to report security incident
A new study shows more than 20% of the untrained global workforce do not know who to contact during a security breach.
Story image
Malware
Cybereason delivers nation-state level of protection to enterprises
Cybereason has announced new advancements in Cybereason NGAV that deliver nation-state level protection for organisations of all sizes.
AWS Marketplace
Whitepaper: A practical guide for mitigating risk in today’s modern applications
Link image
Story image
Cybersecurity
Best practices for industrial cyber resilience
Operational technology (OT) security is gaining more attention than ever before, but sufficient understanding of what it takes to prevent breaches is still lacking amongst many organisations.
Story image
Cybersecurity
Test your API Security with Infinite API Scanner
The effectiveness of API scanning technology can mean the difference between successful and unsuccessful programming outcomes, and often enterprises and IT leaders struggle to get it right.
Story image
Mobile Device Management
How to easily scale your mobile workforce and devices for the peak shopping season
Retailers are under constant pressure to streamline processes and become more efficient while looking for ways to improve customer satisfaction levels.
Story image
Cybersecurity
Kaspersky updates endpoint detection and response solution
"One of the goals was to make all the solutions capabilities accessible for all types of our users, even those who are making their first steps in EDR."
Story image
Cybersecurity
De-risking the innovation cycle – a modern, real-time approach to security
Many organisations see cybersecurity as an inhibitor of innovation, with burdensome protection measures standing in the way of progress and speed.
Story image
Cybersecurity
Macroeconomic headwinds driving security up priority list
Current macroeconomic headwinds are driving security up enterprise’s priority list and reshaping the hardware Security Module market.
Story image
Threat intelligence
Trellix advances threat intelligence with new research centre
Trellix has announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Story image
Cloud Security
75% of AU companies had cloud security incident in past year
According to new Venafi research, complexity is due to increase, as companies plan to host more applications in the cloud.
Story image
Hybrid Cloud
Hybrid cloud security driving need for deep observability
Gigamon is bringing application and network-level intelligence together to help network, security, and cloud IT operations teams eliminate security blind spots.
Story image
Artificial Intelligence
Ordr improves security and management of connected devices
It has implemented more than 80 integrations within the Ordr Data Lake while adding security enhancements to accelerate zero trust segmentation.
Story image
Enterprise
Delinea shares the importance of PAM, partners and security for modern enterprise
Identity-based security is becoming a crucial tool for modern enterprises as they continue to adapt to different working environments.
Story image
Secure Code Warrior
Secure Code Warrior announces Coding Labs innovation
Coding Labs mechanisms allow developers to move from learning to applying secure coding knowledge more efficiently, leading to fewer code vulnerabilities.
Story image
Malware
SonicWall threat report mid-year update highlights significant threat variance
The 2022 SonicWall Cyber Threat Report mid-year update from SonicWall gives an in-depth insight into many of the current trends across the threat landscape.
Story image
Ransomware
Commvault unveils early warning system, Metallic ThreatWise
A first among data protection vendors, the new cyber deception service detects and contains ransomware threats.
Story image
Cybersecurity
StackHawk launches deeper API security test coverage
Expansion of test coverage includes custom scan discovery, custom test scripts and custom test data for REST APIs.
Story image
Edge Security
Security practices for modernising the “spaghetti” of on-premises IT
Many organisations are wondering how to securely modernise their workload, often made up of a “spaghetti” of on-premises applications and management consoles.
Story image
Malware
Kaspersky uncovers new malicious malware NullMixer
Kaspersky researchers have uncovered a new malware stealing users credentials, address, credit card data, cryptocurrencies, and accounts.
Story image
Phishing
Vectra Protect team finds Microsoft Teams vulnerability
The Vectra Protect team identified a post-exploitation opportunity in August, allowing malicious actors to steal valid user credentials from Microsoft Teams.
Story image
Cybersecurity
Ransomware attacks continue to increase, report finds
Nearly a quarter of businesses have suffered a ransomware attack, with a fifth occurring in the past 12 months.
Story image
IT Training
Six ways to transform your cybersecurity training and influence lasting change
If the goal is to win hearts and minds, formal awareness training can fall short and often doesn’t inspire people to care.
Story image
Malware
Decrease in malware volume, but surge in encrypted malware
The Q2 Internet Security Report found office exploits continue to spread more than any other category of malware.
Story image
Virtual Private Network
95% of organisation rely on VPN as threats continue - report
There is a growing number of VPN-specific security threats and a need for Zero Trust security architecture in enterprise-level organisations.
Aws Marketplace
Learn how to implement a backup and recovery plan for a new generation of Kubernetes-based modern applications
Link image
Story image
Legacy
Trellix enables greater cyber resiliency with extended XDR platform
"Legacy SIEM technology has failed to modernise security operations. We are confident Trellix XDR fills this critical gap.”
Story image
Software-as-a-Service
Varonis adds secrets discovery to data classification
The data security firm announces enhancements that detect and remediate overexposed private keys, encryption certificates, API keys, and authentication tokens.
Story image
Cybersecurity
Video: 10 Minute IT Jams - An update from SearchInform
Val Novoselova joins us today to to discuss new trends in the information security space, and how SearchInform is adapting to some of the new trends we are seeing.
Story image
Software-as-a-Service
Enterprises yet to fully commit to cybersecurity - CompTIA
“Digital transformation driven by cloud and mobile adoption requires a new strategic approach to cybersecurity, but this poses significant challenges."