The hotel ballroom is humming with activity. Amidst the quiet fizz from diet cola bottles being popped open (it is a warm day in Munich) there is an undercurrent of excitement. It is ISACA’s Euro CACS. ISACA boasts more than 130,000 members from different streams within risk and cyber security. A look at the three-day agenda and the concurrent running workshops and talks suggests everyone is here to imbibe. And it is not just beer at the ‘Bavarian Fest’ at the end of Day 2.
However, as I walk to one of the meeting rooms, I realise that there is, once again, a lack of women at the conference. Lack of gender balance is nothing new to technology, however, it becomes starker at gatherings of IT and technology practitioners. ICASA organisers pin women attendees at 15 percent this year. Attendee numbers can vary between 10-20 percent, at the ISACA events held globally. For a far-reaching conference of practitioners, the skew in numbers is alarming.
It is exactly this lack of diversity that I sit down to talk about with Jo Stewart-Rattray. Jo is a board member at ISACA and director of information security and IT assurance at BRM Holdich (Australia). She is also a founder and on the Board for the ISACA women’s initiative ‘Connecting Women Leaders in Technology’.
Teiss.co.uk: Lack of women in IT is nothing new, but it looks terrible in cybersecurity?
Jo: It is stark.
It has been quoted to me as 7 percent- the cyber workforce in North America is 7 percent women. This is frightening, really. We have had a similar issue around technology where women are sorely underrepresented.
We have just spent a day discussing how this situation came about. There are gender imbalance, clear unconscious bias and a lack of role models. Women like to see a similar face. They don’t want to walk into a room and not see anyone like them. Although some would say it is what shaped us to be who we are today… But the reality is that you talk to younger women and they don’t like that sensation.
Because this has become such an issue, you need to create a pipeline so they [younger women] are coming behind us. We are currently seeing a decline in women taking and finishing technology related university courses. Having said that, globally, there are more women finishing university courses.
For women aspiring to leadership, it is a long, hard path in front.
The lack of buddies really fazes some.
If you see a product on the shelf- one bottle- people don’t take it. If I am the only woman in the room, it feels uncomfortable.
Teiss.co.uk: As a membership body, are you doing anything to address the imbalance?
Jo: Connecting Women Leaders in Technology is our initiative to attract women into technology. We are targetting our global communities to get more women to come into the fold.
The 80-20 rule applies to how men and women apply to roles.
If a man looks at a job description and thinks he can do 20 percent of it, he will go for it. If a woman looks at it and sees she can only do 80 percent she will be reluctant to apply.
It isn’t always about holding themselves back- it is also about not wanting to put themselves into the firing line. Holding yourself back can be a protective mechanism. Again, it is about encouragement. Women generally need to be encouraged and because they are currently under-represented, that doesn’t help the situation either. It goes back to the same question of: Where are the role models? Who can I look towards? Who are the shining lights?
Teiss.co.uk: Why do you think there is a skills shortage in cyber security? Weird that more people aren’t jumping in given how lucrative it can be...
Jo: There is a specific skill set that is required although the field pays. It isn’t as easy for people without appropriate skills and certifications. We provide research, training and development opportunities- having a platform of skills-based certification.
I have been in security for close to 20 years. This is not a new phenomenon. Skills gap has existed for a long time- finding the right professional has always been very difficult.
Supply and demand have always been skewed. The needs of the workforce are not being met, and it is getting increasingly difficult to assess what quantity we are looking for. The gap is close to 1 million across the globe- whilst it is not new, it is now quantified. Security is a different beast to what it used to be.
Teiss.co.uk: How would you say information security has changed?
Jo: It was very simple. It was about protecting the network from external threats. About protecting the perimeter. Now it is all about protecting the data that resides within. Because now the thinking is that the perimeter will definitely be breached.
Some of the things are now cyclic as well. After Wannacry, security training is being considered as very important. Corporations are interested in finding out what risky online behaviour looks like. We were having the same discussions 5, 10 and 15 years ago.
Teiss.co.uk: Now that InfoSec is out there, everyone is talking about it, how does that change the climate?
Jo: The climate is ever changing. There is more regulation- that’s the big change. So we will continue to keep seeing the change in the landscape.
We have to see how we can be as secure as we can be. Where does technology begin and end? We have Internet of Everything, digital transformation, smart cities… Organisations often say we are not particularly reliant on IT. REALLY?! Every corporate entity is reliant on technology, from telemetry to moving vehicles.
I don’t know what business in technology looks like anymore. We cannot afford to sit still.
Data and information are so important.
Organisations have a thirst for data and they are getting greedy. They want more and more and more. Of course, data makes for better decision making at the highest level but we cannot sit still and hope everything is okay.
Teiss.co.uk: Is it because the climate is ever-changing that people are put off with getting into the field?
Jo: It is very similar to being a doctor- there has to be continuing professional education all the time. Continuing education is important so certifications are current. If doctors don’t do that, they won’t be able to reregister. This isn’t new in tech, if you want to work in IT or security, you need a good professional base and through a body of choice get your certifications in order. It may put some people off but they will still have to stay up to date.
Teiss.co.uk: What is the mood at this conference been like? What are the biggest concerns of the women you have been speaking to?
Jo: They want the opportunity to network with peers and decision makers. To move upwards in their career paths. They want to get ideas and fresh notions from other people. Ultimately, all have a concern about a lack of female faces- which goes back to under-representation.
Teiss.co.uk: IS ISACA doing anything special for women?
Jo: We have noticed that we tend to lose women during the child-rearing phase. They often don’t come back because they feel they have lost their edge. There are some initiatives across the world that helps with that, like in the UK, there are ‘Keeping in touch days’.
We are looking to providing professional development via webinars that women could take the course across a period of 12 months.
We would want them to do this in their: Own time, own place, own space.
Once you have had the baby off to childcare, you have a period of time to go on the course to keep your own professional edge.
Teiss.co.uk: Are you specifically targeting women who have fallen out of step after having children?
Jo: We are looking at providing women opportunities across their professional lifespan. So, from the time they are at university to retirement because women have different needs at different stages of their careers. One of these groups is the re-entry group. But we also want to attract women to the field. Because we do need people to enter the workforce.
I will eventually retire and so we need younger women to take our place. We need female faces coming up behind us to take this forward.
We need to encourage and raise awareness in all our constituents specially men because often they are not aware. They say ‘I didn’t realise women were facing these issues. Had no idea that there was unconscious bias’.
We need to bring them into the fold and get allies and champions for the cause.