7.5 mins | 1540 words
By: Jennifer Campbell
‘Our voices are needed’
Women’s presence in cybersecurity is essential to global prosperity.
When asked for practical tips for success in a cybersecurity career, Claudette McGowan advised women to “shoot your shot.”
McGowan, global executive officer at TD, said if you don’t take a shot, you’ll never hit the target. She was one of an inspiring group of three panellists who kicked off a virtual International Womxn’s Week event titled Womxn Leading Globally in Cybersecurity. Sonya Shorey, vice-president of strategy, marketing and communications at Invest Ottawa, opened the event by noting there are four million cybersecurity professionals needed around the world. With only two million currently working, there’s a clear shortage.
“This gap is widening with the pandemic and it’s not simply a labour gap, but also a gender diversity gap,” Shorey said. “Women make up approximately 20 percent of the global cybersecurity workforce and this is a risk that threatens our long-term competitiveness, prosperity and security as a global society.”
Sophia Leong, of the University of Ottawa, added “the rate of digitalization, acceleration of remote work and learning and an increasing reliance on global connectivity open doors to sophisticated cyber threats, which added further pressure on the supply of cybersecurity talent.”
As moderator of the panel, Leong first asked the panellists about the state of cybersecurity globally.
“We’re in this place where no day is like the other,” McGowan said. “We know through the Solar Winds breach [which affected 18,000 companies], what’s possible. We understand the power threat disrupters have. We’re not just thinking about institutional protection, but also protection at home.”
Sem Ponnambalam, president of Xahive Corporation, noted many other recent breaches, including the Marriott breach that impacted 10 million guests, the Twitter hack and the MGM breach.
“Notable victims were Justin Bieber, [Twitter CEO] Jack Dorsey and U.S. government officials,” she said. “This was due to unauthorized access to cloud servers. It’s really important to have good education and good governance protocols and policies in place for the entire value chain.”
Sandra Wheatley Smerdon, senior vice-president of marketing and communications at Fortinet, said COVID has caused a resurgence of attacks as attackers look to the home office as a foothold to enterprises.
“You’re also seeing the whole landscape change with IoT and the move to the cloud,” Wheatley Smerdon said. “Five years ago, you had a perimeter that was clearly defined — it’s everywhere today.”
Wheatley Smerdon said organizations and security leaders are concerned about insider attacks, which is why education is so important. Because only one percent of cybercrime is solved, she said it’s important for organizations to work together. Fortinet works with the World Economic Forum and NATO to bolster global security.
The low percentage of women and diversity in this white-male-dominated field is concerning, primarily because the enemies — cybercriminals — are very diverse.
“The most creative people I’ve seen are these threat actors,” McGowan said. “They don’t sleep, they have teams of millions and they are collaborating. They don’t say ‘let’s leave out the women.’ You want the best and brightest minds and some are in female bodies. When you bring diversity of thought, race, gender to the table, you get better outcomes, because we’re protecting everyone.”
The panellists also shared their career journeys. Wheatley Smerdon remembered being asked her to work with a customer who’d been hacked.
“That experience was the most exhilarating I’ve ever had,” she said. “I decided I wanted my next job to be in cybersecurity. I do think it’s a crime that there are so few women in industry, and underrepresented groups overall. Women are 20 percent, but underrepresented groups are only about five percent. Women are very detail-oriented, they bring great creativity, they’re open and without those perspectives, we’re missing a lot of opportunity in the industry.”
Ponnambalam came to the sector after working for the federal government.
“I don’t have an IT background,” she said. “I look at it from a governance perspective. Education is aimed at tech people, but they already know something about what’s happening. The value chain needs to be educated and have insurance protocols in place.”
All of the experts said their organizations have initiatives to interest people in the field. And Wheatley Smerdon is actually seeing more women express interest.
“We’ve created a pathways program where we outline the journey to different types of roles,” she said. “We’re also out there, educating and learning. We have a veterans’ program and that’s been great for bringing diversity to the industry. We provide training, but also résumé-building, coaching. This issue has to be attacked on multiple fronts.”
Ponnambalam says Xahive mentors students and provides training through several different organizations, including the California International Trade Centre, the New York Academy of Sciences and 25 academic institutions in Canada.
McGowan encouraged women to “shoot your shot.
“Don’t think you can’t do it,” she said. “Maybe you don’t hit that target, but if you don’t aim, you won’t hit anything. I’m always listening to podcasts, always learning. From a human perspective, tap into what’s holding you back. Often, it’s fear. Change that word fear to Face Everything And Rise.”
Breaking barriers, boundaries and billion-dollar markets
A second panel looked at why more women aren’t entering the field and aimed to give practical solutions to address that problem.
Carolyn Raab, chief product officer at Corsa Security in Ottawa, said people have to feel as though they belong.
“You can have a diverse workforce and a culture of inclusion,” she said. “But you have to wrap it all with this feeling [of belonging.] But ‘feeling’ isn’t discussed around a cybersecurity huddle. It doesn’t get talked about because it doesn’t seem to fit.”
The other issue is that there aren’t yet established networks of women in cybersecurity to foster that feeling of inclusion and community.
That’s something Mari Galloway, customer success architect at Palo Alto Networks, is trying to change. She’s also CEO and founding board member of the Women’s Society of Cyberjutsu, a non-profit dedicated to bringing more girls and women into cybersecurity.
“At CyberJitsu we make it feel like a community,” Galloway said. “Giving the people a place to be themselves and a little bit vulnerable without the fear of repercussion goes a long way.”
Beth Klehr, chief human resources officer at Entrust, said her company has created four different employee-resource alliances.
“We encourage everyone to join every alliance they feel passionate about,” she said. “People do feel like they can be their authentic selves.”
Entrust also has a mentoring circle with groups of fewer than 10 employees. “You have all different levels of women in this group and it’s great to learn from each other no matter what your position is.”
Raab, meanwhile, “encourages the encouragers. When you have people who are fine examples of attitudes and approaches and inclusion, [they are building] the base of your pyramid of change. I make sure there’s a feedback loop to tell them what they’re doing is special.”
Galloway said finding her “tribe” allowed her to feel comfortable.
“Finding that group of people is really helpful,” she said. “I also recommend building an advisory team of different people who inspire you. Join a non-profit, go out and volunteer.”
Entrust has a program through which employees volunteer during work hours. It also runs education programs for women in STEM and sponsors programs in high schools.
Raab recommended setting your own diversity metrics and then measuring your progress against them.
“It’s tougher to add more requirements to a job search, but change is never easy,” she said.
To add diversity to a workforce, Galloway recommends partnering with organizations that specialize in it. She also advised getting out of your comfort zone.
“We have career fairs, but where they do they take place?” she asked. “Not in southeast D.C., which is not the safest place. [Girls there] may not know cybersecurity and STEM are an option because no one’s going in there to talk to them about it.”
Asked about ideas to deal with women reducing their careers because of the pandemic, Galloway advised women not to give up.
“Our voices are needed,” she said. “Your story is important. You never know who you’re going to inspire.”
Klehr said, “it’s a systemic issue. We need everyone in the boats. Challenge yourself. For those mothers going through COVID, home-schooling on top of trying to invest in their careers, find your champions, find your tribe. We’re out here, we want to help you.”
Raab called the pandemic an opportunity.
“If you leave this pandemic without making meaningful change, you’ve probably missed the biggest opportunity in your life,” she said. “Nothing needs to be the same as we exit this. Shame on you if you’re not changing something. That’s the opportunity for all of us. Find these tribes, do networking in a new way, set your own diversity metrics.
The final presentation of the afternoon came from Rob Rashotte, vice-president of the NSC training institute at Fortinet, who gave a presentation on mitigating cybersecurity risk.
“We want to develop policies, procedures, best practices,” he said. “[It has to be] the language across our organization, but also across our entire supply chain.”
As a result of the pandemic, Fortinet continues to offer its Cybersecurity Awareness and Training Services free of charge. Visit Fortinet for more information.
For more information on International Womxn’s Week, visit investottawa.ca/iww
To check out more workshops and events, visit investottawa.ca/events