The prospects for women in cybersecurity in many countries are promising, but progress in Canada is disappointing, says the founder of International Women in Cybersecurity Day.
“Within Canada there appears to have been limited observable change in bolstered support for women-led cybersecurity initiatives throughout the past year,” said Lisa Kearney, B.C., based founding executive director of the Women in Cyber Security Society.
International Women in Cybersecurity Day [#IWCD2023] is observed today in many countries, celebrating the achievements of women and bringing awareness to the issues they face in the industry.
Among the events is an online bash at 1 p.m. Pacific time. Register here. There’s also an event on Sept. 29 at Vancouver’s Simon Fraser University.
“Significant progress has been made in events like International Women in Cyber Day, as they have consistently garnered substantial attention and involvement from key players in the industry year after year,” Kearney said. “These events elevate consciousness, offering a platform to showcase the accomplishments of women in this domain, exchange their stories, and spark inspiration for the forthcoming cohort of female professionals in cybersecurity. Observing the active participation of the community and the broader acknowledgment of the necessity for gender parity and representation within the cybersecurity realm is genuinely heartening, mainly emanating from significant corporations and women-centric cybersecurity collectives spanning various nations across the globe. This aligns with our mission and that of the United Nations Sustainable Development Goal #5, gender parity for women and girls.
“We need to investigate further to determine the factors contributing to the shortage of women-led cybersecurity initiatives. A significant example of this discrepancy becomes apparent when we compare Canada and the United States. The degree of support these initiatives garner from industry and government, especially at the federal level, differs significantly. Recent announcements from the Biden administration about their National Cyber Workforce and Education Strategy incorporating women in cybersecurity nonprofits and organizations supporting women and diversity are a solid contrast to the support we have in Canada, which I hold hope for change in the future.”
Securing funding, resources, and support for nonprofit organizations like Women in Cyber Security Society is vital, Kearney added. “Over the past five years, we have been dedicated to community service, working to uplift and sustain the participation of women in the cybersecurity sector. But, she says, to effectively capitalize on opportunities and broaden co-operative ventures, her group requires investment and partnership from the Canadian federal government, CEOs and industry leaders. “This commitment is vital in addressing the growing demand for training, bridging skill gaps, and fulfilling job openings.”
Cheryl McGrath, Ottawa-based area VP and country general manager of Optiv Canada, notes one small ray of hope: “There’s a broader view [in organizations] to looking at women — and men — that have not just STEM backgrounds [science, technology, engineering and math] but those with STEAM backgrounds [science, technology, engineering, arts and math] to round out what’s required in the cyber world.”
But, she added, many infosec pros still feel that if you aren’t a programmer or an engineer, you can’t do cybersecurity.
“I don’t have a STEM background,” McGrath said. “I figured it out through hard work and continual learning. Others can do that, as well. But I still think there’s a bias.”
Women can overcome that by sharing their success stories and by helping lift each other, she said. Governments and higher education institutions can help by offering skills upgrading programs, she added, particularly for women who have had to leave their jobs to raise a family.
Being a woman in the profession today “can at times feel like a lonely place,” said Nicole Sundin, CPO at Axio, “but this makes it all the more important for women to stand tall. Our voices matter so much because they are different and they add diversity of thought to innovations and solutions. I may often be the only female voice in a room, but that adds value to my organization. Increased organizational spending on cyber tools and budgets has not resulted in a decrease in attacks, contrary to what one may think. New and diverse voices are needed to combat the ever-growing threat landscape, whether within security teams or in security product development.”
Making this situation better is analogous to changing an organization’s risk landscape, she said. Identify the problem by hiring more diverse voices, put in controls to make sure you are accounting for the issues identified, and work against a plan to increase diversity.
It also helps to close the pay gap between men and women in cybersecurity, she added.
In 2021 a European cybersecurity research think tank called Sparta issued a best practices guide for attracting and retaining women for cybersecurity teams. Among its recommendations: Make sure women in the organization are visible. “The lack of role models in the industry, related to the lack of visibility of women working in cybersecurity leads to less involvement of pupils in the field. We urgently need to put female cybersecurity professionals in the spotlight through news, podcasts, interviews, meetings, speaking at conferences and so breakdown the stereotype that cybersecurity is a man’s job.”
With more than two decades of experience in cybersecurity, Kearney says she maintains an optimistic yet pragmatic outlook. “This view signifies my hope for change while acknowledging the gradual progress made through heightened male advocacy, assisting women at different junctures of their careers. Nonetheless, substantial effort is needed to secure the financial resources and backing required to bring about notable transformation for women in the Canadian cybersecurity landscape.”