How a push to remote work could help fix cybersecurity’s diversity problem
When Rinki Sethi heard that her 7th grade daughter applied to take a technology innovation class as an elective, she was thrilled. Sethi, who joined Twitter in September as its chief information security officer, said one of her passions is getting more young women interested in technology.
But when her daughter found out that she didn’t get into the class, Sethi discovered a troubling statistic: 18 slots for the class went to boys, while only 9 were filled by girls. “I went and sat down with the principal and asked: ‘Why are we turning down girls if that’s what the ratio looks like?’” Sethi recounted Monday at a virtual panel centered around women in cybersecurity. “We need more women to enter this field, and I think that’s the biggest problem—how do we get more women and girls interested.”
Women are underrepresented in technology jobs, and the discrepancy is even worse for cybersecurity roles specifically. Although there’s no definitive statistics on the subject, recent studies have pegged that women account for somewhere between 11% and 20% of the cybersecurity industry. At Monday’s panel, which was hosted by seed-stage cybersecurity fund YL Ventures and held to coincide with International Women’s Day, cybersecurity executives said they had some hope that changes brought by the COVID-19 pandemic could make it easier for cybersecurity teams to diversify their ranks.
For example, Sethi said that an increased willingness to hire remote workers will likely allow more women to take jobs at tech firms. “More companies are now seeing that if they’re not focused on where their headquarters is, it opens the door to people from different backgrounds,” she said. “Shelter-in-place has given women the flexibility to work who might be mothers and want to stay at home with children—there’s now the possibility of both staying at home and working.”
Liat Hayun, a vice president of product management at cybersecurity firm Palo Alto Networks, said she regularly sees a similar problem in Israel, where she’s based. “More women take a step back because they need to take care of kids,” she said, adding that an increase in remote work could help even the playing field.
Increasing the pipeline
Although remote work trends can help increase the number of women in the industry, panelists also highlighted the need to promote diversity in the next generation of cybersecurity workers.
Edna Conway, the chief security and risk officer for Microsoft’s Azure business, highlighted three things cybersecurity professionals can do to help increase the talent pipeline and attract people from underrepresented backgrounds into the field: teaching, sponsoring, and being open towards diversity.
Conway said she spends time teaching and sponsoring (meaning pushing them further into the field) 8- to 12-year-olds to get them interested in cybersecurity careers. She added that companies can help address diversity issues by expanding the skills they look for. “We have an obligation to open our minds to the existing members of the workforce who are sociologists, actuaries—folks who have different talents and can be brought into the fold,” she said, adding that she went to law school and her undergraduate degree was in Medieval and Renaissance Literature. “We will not meet our needs if… we don’t embrace the capabilities they have.”
Panelists also said they encouraged cybersecurity professionals to take steps that would pressure employers to diversify their ranks. Moran Ashkenazi, the CISO at DevOps firm JFrog, said that over her 22-year career she’s sought out companies that specifically have women in leadership roles. “Pay attention to that and choose a place that has women leaders. This was always important to me when I selected new opportunities, and I think that’s critical to making change,” she said.
Sethi also said she encouraged cybersecurity executives to turn down opportunities that don’t prioritize diversity, such as panels where women or Black and Latinx communities aren’t represented.