Security Innovation operates in an industry with a job shortage approaching 3.5M* qualified professionals. Part of the gap is due to the specialized skills needed in the security space, however, the majority is due to an inordinately small percentage of women and minorities:
- Various industry groups recognize the female cyber workforce representation as approximately 11%
- Only 6% percent of STEM workers are African American compared to an overall 11% of the US workforce
- Hispanics comprised only 7% of the STEM workforce while making up 15% of the US workforce.
To help address this gap, Security Innovation exerts influence where we can to affect change – serving in advisory and Board of Director positions with BoSTEM, International Consortium of Minority Cybersecurity Professionals (ICMCP) and Women in Security & Privacy (WISP); hosting women-only events for RSA Security, WISP, Day of Shecurity, and others - but progress has been slow. It feels like last week one of our engineers wrote a blog with a few suggestions for having better conversations with other people - especially women - in information security, but that was 2.5 years ago.
However, a recent event occurred which encouraged me that the work we are doing is starting to pay off. For years, Security Innovation has donated our CMD+CTRL cyber range to OWASP, Executive Women’s Forum, and others to help make security more approachable, especially for minorities and women. Last month, we did this again at two conferences in India: SACON and OWASP Seasides, where over 150 players competed. While the conferences were open to everyone, it was the women who took our cyber ranges by storm with higher-than-average participation and performance:
At SACON, the winner was a woman, as were 6 of the top 13 finishers; at OWASP Seasides, women represented 2 of the top 3 and 8 of the top 10. While a few were initially unsure about their hacking skills, once they got into the zone, there was no stopping them - especially the winner, who came from behind to top the leaderboard in the last 30 minutes of the competition.
This is especially encouraging with current and emerging security talent in India. Beyond the prevalence of impressive female “hackers” there are a few other highlights that will stick with me:
- One woman was hesitant to participate. She said she worked on her company’s vulnerability management team, so was vulnerability aware, but “didn’t know how to hack.” This is a theme that repeats itself in the cybersecurity world – interest tampered by doubt. With a little encouragement, you never know what you might uncover… or in this case unleash. She came in 13th place out of 100 participants! That is the power of a cyber range and simulation training – it removes the intimidation factor and allows people to try their skills in a safe sandbox.
- One winner was more concerned about getting a Top Finisher certificate than she was the gift card for a top 10 finish – her pride in learning and being recognized was her reward.
- At OWASP Seasides, undistracted by the beautiful venue and nearby ocean, women took place in a web application pen testing training hosted by Vandana Verma. Most of these women had no prior knowledge of pen testing or security, but were eager to learn. This preceded Security Innovation’s CMD+CTRL cyber range contest and… WOW!! did Vandana give them just enough ammunition! Once again, the women dominated. We sent our own Melissa DeSilva DeCunha to share her experience in the high tech security space and to give encouragement to the newly minted hackers. This also shows how a little guidance and training can help improve confidence and skills exponentially.
- The women at these events were proactively seeking advice and careers in cybersecurity. A few women had previously interviewed with our local Pune office last year, but didn’t get the job. However, during the past year, they took it upon themselves to learn new skills on their own. When our Managing Director saw their motivation and achievements in the CTF cyber range, he gave them advice on areas of improvement and encouraged them to reapply after additional skills development. My hope is, that their strong performances gave them the confidence to realize they WILL get there.
I will wrap up with this inspiring quote from one of the CTF players at SACON:
"I really enjoyed the Hackathon organized by Security Innovation. It was my first Hackathon experience and it turned out to be awesome. It got me very keen and interested to move ahead with more such testing. I had absolute fun! A must recommendation for those interested in assessing their true skills”
- Supraja Ramakrishnan (Sony India Software Center Pvt Ltd)To read more about Security Innovation’s community work, please visit our community site: https://www.securityinnovation.com/about/community/