• United States




Women in security: Cultures, incentives that promote retention

Oct 14, 20156 mins
CareersIT Jobs

While women remain in the minority in security positions, they are positioning themselves for success in the future of InfoSec.

female cso executive
Credit: Thinkstock

In order to attract and retain highly qualified candidates who possess a combination of emotional and technical intelligence, enterprises need to look at their corporate cultures and offer more than monetary incentives. Women in security are inclined to stay in positions where the enterprise encourages a healthy work-life balance, offers equal pay for equal work, and provides mentor programs.

The 2015 (ISC)2 report, Women in Security: Wisely Positioned for the Future of InfoSec, found “pairing new InfoSec hires with mentors, and, as the survey described, adapting compensation plans and training to better align with the flexible working arrangements and diverse training options women expressed as important in retaining and engaging InfoSec professionals.”  

The field of information security traditionally has been dominated by well-educated and highly technical men. The study, however, found that because the future of InfoSec will demand an increased need for managing business risk, “Women, therefore, have positioned themselves wisely in an InfoSec profession that should not be defined by sheer headcount, but in the roles of those that are shaping the future practice of InfoSec.”

[ ALSO ON CSO: 10 tips to attract women to infosec jobs ]

In order to redesign corporate culture and offer a more diversified incentives programs, enterprises need to first understand the obstacles women in security encounter in the workplace.

“The first obstacle they will face is a lack of women in security. It’s a field that has grown out of IT, which is a field that’s been strongly dominated by men. That lack of diversity can be a blocker in terms of communication,” Chris Brazdziunas vice president of engineering, LogRhythm said.

Men and women communicate differently, and in an environment that is dominated by men, it is easier for men to communicate with each other and build relationships more quickly.

As a result, “Women have to step in and do something they are less comfortable with and they are not assimilating as fast or understanding rules and options as quickly as men do,” added Brazdziunas.

These realities impact the internal health and harmony of an enterprise. At LogRhythm, Brazdziunas said the company is trying to promote diversity for reasons of better listening and social awareness within the organization. “We have a very low percentage of women in our organization. As a result, we have a commonality that doesn’t have that need to be more socially aware.”

A male dominated workforce also impacts the way the culture is motivated. Where a male dominated work environment traditionally thrives on individual success, women tend to value team efforts.  Brazdziunas said, “For women there is a desire for harmony and working as a team.”

Rather than comparing one person’s success against another’s, a culture that encourages team success over individual success is a better structure for women, said Brazdziunas. “Women thrive in the workplace that is results oriented where goals have a high degree of clarity and there is recognition for achieving them.”

Many women succeed in places where people work well together.

“I like harmony, and part of that is because I’m a woman. In general I have found it to be an asset in the workplace. One of my strong skill sets is getting people to work together to make difficult decisions,” said Caroline Wong, security initiative director, Cigital, a software security firm

Some of the obstacles that offset that harmony in the workplace are “either biases of a particular person or inconveniences of biology,” said Wong.

“These days when I go to work onsite, I’ll ask if there is there a mother’s room or wellness room where I can pump,” said Wong who is a new mother of a six month old baby. “People are usually very accommodating, but sometimes the logistics are a little bit complicated.”

[ALSO ON CSO: Myths and truths about employing women in Infosec ]

Depending on the physical layout of an office space, the wellness room can be on a different floor or on the other side of a building, which creates an inconvenience of biology for working moms who are nursing.

While they can’t redesign office spaces, there are things that women can do to affect positive changes in culture.  

Wong said, “When I arrived, I realized there are not a ton of women, so I worked with HR to create a group of women at Cigital. We wanted to create ways for women at Cigital to have a purposeful community with each other.”

Through an email list, the women in Cigital offices all over the world are able to communicate with each other. “We get together virtually for book clubs and are able to hang out and talk about the topics relevant to women that relate to life and work,” said Wong.

Wong said the initiatives to improve corporate culture for women continue to evolve. “In the new year we are planning to feature women at Cigital for a speaker series. We will have one event per month where we get to hear from our fellow women about how they got to where they are,” she continued.

Julie Franz, director, (ISC)2 Foundation noted, “Women in security is not a gender parity issue, it’s in everyone’s best interest to bring as many human beings into security.”

While highly valued by women, consistent and effective training will improve corporate culture across genders.  

In order for women to advance in their careers and grow into the leadership positions of the future, they need mentors and role models from whom they can learn.

“When you come into an organization as a woman and there aren’t a lot of other women, there aren’t a lot of role models. Men find role models easier. For women, it’s like finding a needle in a haystack made of needles,” Franz said.

Having a mentor is extraordinarily important, Franz added. “You need to see where you are headed. There are so many soft skills related to advancement that you are not going to learn in a text book. That person provides you with an objective perspective of your skills and can provide internal political coverage.”

Tina Stewart, vice president of market strategy, Vormetric, also spoke of the value in training programs. “Providing mentors and role models leads to high level of collaboration and having the ability to see how leadership works,” said Stewart.

As far as overt programmatic approach that will attract the best qualified person for the job, Stewart said, “There is a shift in the new generation. Everybody is not necessarily tied to their desks. In the land of security and start up everything is able to be accessed remotely now.”

Having the flexibility to work when and where inspiration strikes rather than the fixed hours at a desk in an office proves to be helpful in allowing women to achieve a better work/life balance. Offering the flexibility for employees to work remotely is an attractive perk for men and women alike. “We’re not worried about how many hours you spend on vacation as long as you get the work done,” said Stewart.

While monetary perks are attractive, “Women are more consistent with finding a job that fits,” said Stewart.  


Kacy Zurkus is a freelance writer for CSO and has contributed to several other publications including The Parallax, and K12 Tech Decisions. She covers a variety of security and risk topics as well as technology in education, privacy and dating. She has also self-published a memoir, Finding My Way Home: A Memoir about Life, Love, and Family under the pseudonym "C.K. O'Neil."

Zurkus has nearly 20 years experience as a high school teacher on English and holds an MFA in Creative Writing from Lesley University (2011). She earned a Master's in Education from University of Massachusetts (1999) and a BA in English from Regis College (1996). Recently, The University of Southern California invited Zurkus to give a guest lecture on social engineering.

The opinions expressed in this blog are those of Kacy Zurkus and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author