Anecdotally, women are awfully scarce in the cybersecurity field; except for a limited set of countries (Sweden, Romania, and Poland come to mind), it’s quite rare to run into a female colleague. To a large extent, I guess, this is a remnant of traditional gender roles, but the STEM field is unfortunately also still considered largely devoid of human interaction and therefore slightly boring by many – a stereotype that continues to require a lot of effort to shake off.
The STEM field is unfortunately also still considered largely devoid of human interaction and therefore slightly boring by many – a stereotype that continues to require a lot of effort to shake off.
From experience I’ve noticed that girls see everything/everybody as equal before they reach the age of 12. There is no difference between boys and girls. However, when it’s time for decisions, of course the people that are close to you, parents, have a great influence on them. If the parents are in IT, the perception of cybersecurity is positive and viewed as a normal job you can get. If the parents aren’t IT versed, then it can somehow be painted in a way that is not close to reality.
The main obstacle does seem to be the gloomy reputation of the IT industry in general as a bit of an old boys’ club that involves lots of screen-staring and very little interpersonal contact. This stereotype is of course far from generally applicable, and many companies are doing their utmost best to be different. On the other hand, I have encountered actual difficulties in advancing my career because of organisational issues in dealing with people that don’t fit in with the establishment, so I do understand the hesitation of new entrants into the field.
In my opinion, the only way to do this is to lead by example: women, and especially young people about to decide on their post-secondary education path, need to be able to see plenty of role models that show IT to be the exciting and rewarding line of work that it is. Of course, for such role models to exist, the industry needs to step up its efforts at inclusiveness, and there is also much work that remains to be done at the primary and secondary education levels to prevent women from prematurely tuning the STEM field out. But in general, people need to be shown, not told.
Women, and especially young people about to decide on their post-secondary education path, need to be able to see plenty of role models that show IT to be the exciting and rewarding line of work that it is.
You can’t start young enough. A girl can wear a princess dress or be dressed as an alien, it doesn’t matter, she can still crush the stereotypes. Teaching them at an early age what is possible with computer technology just tears down these perception barriers other people are putting up that these jobs are only for men.
Every company that is serious about workplace diversity should continuously be identifying the obstacles that keep minorities from making practical use of the theoretical options available to them, and then work on removing those as much as possible. Although the exact process will vary by company and even department, I’ve found that mentoring and internship programmes at every level (allowing people to get comfortable with job roles that they may not have considered before) and explicit career ladders (that do not rely on insider knowledge of the available options or lots of negotiation) are helpful in this regard.
Every company that is serious about workplace diversity should continuously be identifying the obstacles that keep minorities from making practical use of the theoretical options available to them, and then work on removing those as much as possible.
Both my own personal experience and numerous studies have shown that a diverse workforce performs better. This is especially true for cybersecurity, where insights from team members with dissimilar backgrounds frequently lead to identifying threats that had been previously overlooked or allow use cases to be addressed that are specific to non-mainstream user groups.
In my opinion, the lack of career advancement for women in IT in general is more of a supply-side issue than an actual glass ceiling, with the situation slowly improving over time. Given that cybersecurity is a relatively recent specialisation, it’s quite plausible that women got in on the ground floor on a more equal basis, and that this has resulted in a naturally more diverse executive suite. It will be interesting to see whether these numbers hold and to what extent they can be replicated in other IT sectors.
Youngsters nowadays use YouTube and Instagram a lot. Until recently it was more Snapchat (that is still being used but less popular). The role models would come from this industry like vloggers and photographers. Mind you, the best role models for these young girls would be their own parents. They have been around them for a lifetime and discuss life and jobs constantly. Hence I guess, besides educating the kids, it’s also key to engage the parents too if they are not in IT yet.
Informal groups are an important part of Cisco culture and are quite helpful for both newcomers and long-time employees to navigate the opportunities available in such a large organisation. As with other groups (such as Early in Career Network and the more general Women in Tech), the focus with Women in Cybersecurity is on sharing experiences and information. I’ve been present at several coffee talks about the opportunities within the security field, as a result of which several people have applied for new positions within the company. External presentations are typically more general but have convinced at least a few women to settle on a STEM study they had been considering.
Have you ever seen a house burglar as a woman? This is probably the same reason hackers are thought of as men. Yet there are loads of examples of famous women that hacked major systems. Mata Hari is a good example of a spy yet nobody expected this from a woman. The same goes for Cyber Hacking – one does not simply expect that a woman would do such a thing. In order to make this change we must go into the gender-neutral stage. In the Netherlands, for example, the announcements in the train are nowadays gender neutral – I still have to get used to it, as when I hear the little announcement sound before the voice starts to speak, I automatically wait for “ladies and gentlemen”, yet now they say “dear traveller”. Again, it will take time before no one notices the difference anymore.
Go for it! Cybersecurity is a relatively new and exciting field with lots of opportunities and great demand for resources across all disciplines, be it architecture, sales, implementation, support, or engineering. Don’t be afraid to ask around, and if you can find someone willing to mentor you, use the opportunity.
Questions by Faustine Felici
The article is an announcement of the upcoming issue of the European Cybersecurity Journal (ECJ), which will be published soon!
Nicole is based in Amsterdam, The Netherlands and has a global role for the security part of SDA (Software Defined Access) and SD-WAN in the Enterprise Networking team as a Technical Solutions Architect (IBN Security). She graduated with a degree in Computer Science from the Amsterdam University of Applied Sciences and specializes in Security,the Internet of Things (IoT) and IPv6.
Her career in Cisco started in Routing and Switching and Network Security, but since fighting spam and malware turned out to be in her DNA since her first day on the Internet, a move to Content Security was an obvious progression. Recently she joined the Enterprise Networking team to continue her Security passion. Some side activities Nicole is the EMEAR lead for the Women in Cybersecurity trying to get as much female talent attractive into the world of STEM. Nicole is also known in Cisco as the Chief Stroopwafel Officer
As people who have met her in person will attest, Nicole is very friendly and talkative, as well as quite active on social media. She also acts as the social secretary for Koala, her stuffed marsupial travel companion and conversation starter. But also she is known for being the ‘Chief Stroopwafel Officer’ #stroopwafel
 (ISC)2, Women in Cybersecurity, https://www.isc2.org/-/media/ISC2/Research/ISC2-Women-in-Cybersecurity-Report.ashx, p. 3
 For a more comprehensive biography of Mata Hari, see for instance: https://www.britannica.com/biography/Mata-Hari-Dutch-dancer-and-spy