• United States




Myths and truths about employing women in Infosec

Sep 15, 20144 mins
CareersIT JobsIT Leadership

Lysa Myers breaks down the truths and the fallacies behind women in security careers

I’m sure you’ve read the statistics about how women make up only 11 percent of the information security workforce, and how 56 percent of women who start a career in tech leave it at the mid-point. And I’m sure you’ve seen all sorts of proposed solutions for how to fix this. As a woman in security, one who has indeed considered leaving in the past, I have a few thoughts about which of these suggestions are valid and which decidedly are not.

Myth #1:

Quit referring to skillful people as rock stars and ninjas

It seems the theory behind this sentiment is that women are nitpicking every word coming out of a man’s mouth to find examples of sexism to get angry about, and to point out that these terms are only flattering to teenage boys. But obviously there are female rockstars and female ninjas. And there are plenty of women that would happily associate themselves with these exceptionally skillful archetypes.

Myth #2:

Ditch the beanbag chairs

The theory here is that women are offended by casual workplaces or uncomfortable/unfashionable furniture. While frat house décor may not appeal to everyone, I don’t think this is a gender issue. Plenty of men would look at beanbags and protectively rub their back muscles too. A casual workplace is a desirable thing for many people, and if you throw some yoga-ball chairs or treadmill desks in there, you can still enjoy your large and unfashionable furniture without giving all your employees lumbago.

Myth #3:

Scrap the beer kegs

One theory behind this is that women hate beer. Which is about as absurd as the notion that “rockstar” and “ninja” are sexist terms. The other theory is that workplaces with beer become out-of-control frat party atmospheres. Combine this with guys who stereotypically have a hard time with social cues, and you have a recipe for theoretical disaster. If you’re drinking during work hours, you probably have problems beyond just the lack of women in the workplace. But if beer is for after-hours consumption, and if your employees can drink responsibly and not act like jerks, many women enjoy a chance to socialize with co-workers whether or not they partake.

Truth #1:

Help increase the number of women in the pipeline There is such an incredible number of groups that focus on getting women and girls into technology right now, it’s hard to know where to start. You can start with national or international groups like Women Who Code, Girls Who Code, and Girl Develop It. The Executive Women’s Forum conference is right around the corner, and the Women in Cybersecurity conference is in the spring. You can search locally for Women in Technology meet-ups, women-friendly hackerspaces or other groups to help find women to mentor, intern or hire.


Truth #2:

Consider rewording job ads Most women are likely to have gotten the message that technology is “for boys.” And yet, here we are, so clearly this logic is erroneous. By the time we get our first job in tech, most women have a finely tuned mechanism for detection of erroneous logic. So when we see ads asking for ten years of experience in something that has only existed for five, or a list of skills as long as your arm offering a very moderate salary, most women are likely to avoid applying. While this could be due to timidity, it could also be due to realizing that the employer has outsized expectations and an undersized inclination to remunerate.


Truth #3:

Be more flexible to attract the best talent

There was a time when I seriously considered leaving the security industry to look for a less technical role. I wasn’t tired of security by any stretch, but because many of the jobs about which I was contacted or for which I was qualified were inflexible about location. For certain positions, I can appreciate the necessity of frequent face-time, but when it comes to things like writing, research or development: sitting in a cube in a busy office is not conducive to getting things done quickly. Consider the possibility of being more flexible about work hours or telecommuting, for instance; as long as the work gets done well and on time, how much does it matter when or where that work happened?

InfoSec has become more than just a technology problem; it’s a business decision. To develop the most effective solutions, we need the best and the brightest minds to apply a variety of skills and unique perspectives. Bringing people with a wide variety of backgrounds to the table will help us do this.

And if you are looking for more tips to attract women to InfoSec jobs, Maria Korolov has also written a fantastic article on the subject.


Lysa Myers began her tenure in malware research labs in the weeks before the Melissa virus outbreak in 1999. She has watched both the malware landscape and the security technologies used to prevent threats from growing and changing dramatically. Because keeping up with all this change can be difficult for even the most tech-savvy users, she enjoys explaining security issues in an approachable manner for companies and consumers alike. Over the years, Myers has worked both within antivirus research labs, finding and analyzing new malware, and within the third-party testing industry to evaluate the effectiveness of security products. As a security researcher for ESET, she focuses on providing practical analysis and advice of security trends and events.

The opinions expressed in this blog are those of Lysa Myers and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.