How WiCyS is taking on security’s image problem

Since 2012, Women in Cybersecurity has been breaking down barriers by building a community focused on recruiting, retaining, and advancing women.

Janell Straach
WiCyS

The way Janell Straach sees it, the cybersecurity profession has an image problem, and it’s keeping women out of the field at a time when the industry needs all the workers it can get.

Straach says female students, when asked to describe cybersecurity work, continue to think of a guy in a hoodie alone at a keyboard. They see disproportionately few women on the job, particularly in the senior ranks. And some still get harassed at conferences, despite codes of conduct meant to discourage inappropriate behavior.

Granted, the first image isn’t accurate and hostile experiences aren’t the norm, Straach says. Yet both perceptions persist.

And the sense of too few women in the field? That, Straach says, is actually true.

Women in Cybersecurity is out to change all that, with Straach one of many leaders on the forefront of that work.

“We have to get the message across that women belong,” Straach says.

Women in Cybersecurity, or WiCyS, is a 10-year-old nonprofit started in part to bring together women in the profession.

It remains committed to that mission today, with a focus on recruiting, retaining, and advancing women through a collection of programs, initiatives, and a signature annual conference.

The goal, WiCyS leaders say, is to bust the profession’s image problem by bringing gender equality and overall diversity to the field.

Janell Straach WiCyS

Janell Straach, Online MCS Faculty, Rice University and Chairman Of The Board, WiCyS

“We’re trying to build this community where they say, ‘I do belong. I’m not alone. I have a tribe that’s like me that does a variety of things in cybersecurity and not just sit in the basement and program,’” says Straach, a Rice University faculty member who lectures on computer science.

Indeed, WiCyS started in part to address a need for community in a profession that has consistently had a lack of women as well as minorities. The professional association (ISC)² puts the percentage of women in the cybersecurity profession at 24%, up from 11% in 2017 (although they attribute the jump to a change in research methodology, not a sudden surge in women entering the field).

Ambareen Siraj, a computer science professor at Tennessee Tech University and the founding director of its Cybersecurity Education, Research and Outreach Center (CEROC), established the organization in 2012 through a National Science Foundation grant. She first launched a conference, which drew two times the women participants that she had expected. Given that high demand, Siraj organized another conference, drawing in more attendees as well as early leaders. The organization grew from there.

Straach was both an early participant and leader.

Straach attended the 2015 conference. She brought along some of her female students from the University of Texas at Dallas, where she was then a senior lecturer, and saw WiCyS’s impact on them.

Her students hadn’t been sure they wanted to pursue careers in cybersecurity before the event but they came away from the conference encouraged and energized, Straach remembers.

Inspired herself, Straach signed on to host WiCyS’s 2017 conference and grew her involvement in the organization from there. She now serves as chair of the organization’s board.

Straach says she’s passionate about countering the narrow perceptions and stereotypes about the profession that linger; she’s equally committed to breaking down remaining barriers and obstacles that discourage women from the profession and that limit their ascent to senior roles.

“We’re not just about building the pipeline and keeping the pipeline strong; ultimately we’re about diversity in the workforce,” she adds.

Building up the community

Working with advocates like Straach and others during the past decade, Siraj has grown WiCyS into an alliance of leaders from academia, government, and industry.

Today, WiCyS is a global organization with 5,400 members (women and men) from more than 70 countries. In addition, the organization has 43 professional affiliates around the world as well as 150 student chapters. Affiliate groups are either regional, corporate, or associated with professional roles—such as the CISO position, the military or cloud security.

The objective, says WiCyS executive director Lynn Dohm, is to cultivate a culture of inclusion.

“We’re a catalyst for creating opportunities,” she says, adding that the organization seeks to bridge gaps and barriers that work to keep women from joining the cybersecurity profession and advancing through its ranks.

Lynn Dohm WiCyS

Lynn Dohm, Executive Director, WiCyS

WiCyS leaders say the organization’s efforts remain essential because the percentage of women in the profession, while improving, still remains low; there are both low numbers of women entering the field and a high number leaving. An Accenture report on women in tech found that 50% of women in tech roles leave them by the age of 35, and only 21% say it’s easy for women to thrive in tech.

“We know retention is an issue. We know the advancement opportunities aren’t here, or the culture of inclusion isn’t there,” Dohm says.

She adds: “We’ve made progress in the workforce, but there’s lots more work to do.”

WiCyS leaders also stress that their efforts don’t only benefit women; they support the overall industry, which is struggling to find enough people to fill roles. (ISC)² puts the number of unfilled cybersecurity jobs at 2.72 million.

Dohm says WiCyS wants to bring not only more women into the field but to support more diversity in the profession overall – something that the organizations leaders say is essential for success.

“We know a more diverse team is a more effective cybersecurity team,” Dohm adds. “We need different ways to think of the issues, problems, challenges and solutions.”

WiCyS has a wide range of initiatives to support its objectives.

It continues to hold its signature conference, with its 9th annual one held just recently, on March 17-19, in Cleveland. Although focused on women in cybersecurity, the conference—like the organization itself—is open to all.

It is also the largest cybersecurity conference that has equal representation of professionals and students, as WiCyS issues a scholarship for a female student to attend for each professional registration it has. This move, WiCyS officials say, helps the organization with the recruitment part of its mission, by supporting up-and-coming professional women who are interested in a cybersecurity career.

Other WiCyS events include an industry leadership summit, a senior leader series, a fall virtual career fair and global webinars.

WiCyS runs a mentorship program, pairing mentees with mentors who use the organization’s own curriculum. It also has a student internship program and a veterans’ apprenticeship program. It hosts a job board, and it runs both a cyber talent emergency fund and veterans’ assistance initiative.

WiCyS enlists its corporate partners in its programming, too. Target supports its Cyber Defense Challenge, which provides WiCyS members a chance at hands-on experience with a Cyber Defense Team. Meanwhile, Bloomberg, Facebook, and Google support scholarships that WiCyS and certification organization SANSs together offer for security training.

WiCyS welcomes companies as strategic partners, which gives them multiple benefits, but it also has many companies buy individual memberships in bulk for employees and pay for their employees to attend WiCyS events.

Dohm says the programs collectively fit with WiCyS’s aim to both keep women in the cybersecurity workforce and support their advancement in the field.

“Everything we do is about a cohort and community, so as they grow, their networks expand,” she says, sharing a common WiCyS mantra that “together we thrive.”

‘Representation really does matter’

Reema Moussa can attest to the importance of WiCyS bringing women into the field.

Moussa had set her sights on law school while an undergraduate student at the University of California, Santa Barbara, where she majored in global and international studies. She had thought about a law career focused on human rights, but an undergraduate internship with the International Telecommunication Union in Geneva turned her interests toward technology.

With that in mind, Moussa took a job as a cybersecurity awareness coordinator with her university’s CIO office when she returned to campus for her senior year.

“That was my first real exposure to actual topics in cybersecurity and getting more of a real sense of what the field looks like and what the issues are,” Moussa says, noting she worked in the department through her senior year and then a second year while earning a master’s in technology management.

Now a student at USC Gould School of Law, Moussa is interested in the legal side of cybersecurity and data privacy.

Moussa came to WiCyS as a college senior in early 2020 while attending an RSA Conference session on career development for college students. There she heard a talk by Camille Stewart, an attorney and security executive at Google, who spoke about cybersecurity and diversity. Stewart encouraged Moussa to check out WiCyS.

Reema Moussa WiCyS

Reema Moussa, student, USC Gould School of Law and Founder and President, WiCyS UCSB Chapter

Buoyed by the experience, Moussa started a WiCyS chapter at her Santa Barbara campus.

But there was more; Moussa says she saw in Stewart an example of the possible career paths within the profession.

“For me, representation really does matter, and as a woman and as a daughter of immigrants and a woman of color, as someone who has long felt that there is some sort of game that everyone knows the rules to and I don’t, it’s important to see someone who looks like you and has this shared experience,” she explains.

She says she found that first in Stewart and then at WiCyS.

“The WiCyS community have given me amazing women and women of color [with whom] I can have candid conversations about what I need to learn, what are the things I should be aware of,” she says. “And WiCyS provides a place to know that there are women in this field doing amazing things, who can really inspire you to bring yourself to that level.”

Copyright © 2022 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022