International Women’s Day, celebrated on March 8 every year, focuses on women’s hidden contributions to society. In the information security space, women remain outnumbered. While in 2013, women represented 11% of the global cybersecurity workforce, the number increased to 20% for the first quarter of 2018. However, this percentage continues to be less than the representation of women in other fields. Focusing on diversity and inclusion means more than hiring people; it means raising voices and boosting those voices much like the Wednesday’s Women in Infosec Series.
Why It Matters to Celebrate International Women’s Day in Information Security
What is International Women’s Day?
International Women’s Day, observed since the early 1900’s, represents a collective call for gender parity. With women still earning less money and notoriety than men in many workplaces, the day raises voices to help promote women’s continued contributions.
Why is Discussing International Women’s Day Important to Cybersecurity?
The movie Hidden Figures increased public awareness regarding women’s role in creating computers. Celebrating Dorothy Vaughan, Mary Jackson, Katherine Johnson, and Christine Darden provided the first step in sharing women’s contributions to computing. WIthin the smaller niche of cybersecurity, however, women remain woefully underrecognized.
On March 5, 2018, the new Our Security Advocates Conference (OURSA) announced its April 7 inaugural conference as a response to the woefully deficient representation of women at the annual RSA Conference. With only one female keynote speaker out of twenty, the RSA Conference’s 5% representation fell short of industry representation by a full 15%.
Therefore, promoting women’s roles in the information security and cybersecurity space becomes even more critical. When industry-standard conferences ignore women’s value in this space, female workforce members remain sidelined and ignored. However, their contributions have been many and valuable through the history of the information and cyber security spaces.
How One Woman Pioneered the Information Security Space: Becky Bace
In March 2017, the cyber security family lost one of it pioneers and first Founding Mothers, Becky Bace. Her career began in the 1980’s working at the U.S. Department of Defense with the NSA’s National Computer Security Center as an early information security program manager.
As prominent as her security work, Bace’s work as mentor and friend led many to refer to her as “Mama Bear.” Her email handle “infomom” testified to her desire for nurturing start-up companies and new entrants to the security space.
While people often use the word “pioneer” indiscriminately in the technology world, many agree that Bace’s impact defined the term. In August 2017, O’Reilly Media commemorated Bace’s active, emotionally powerful career by creating the Rebecca Bace Pioneer Award for Defensive Security, presented at its annual conference.
How One Woman Helped Establish Information Security Training: Judy Novak
Everyone in the cybersecurity and information security recognizes the SysAdmin Audit Network and Security Institute (SANS) as the premier training organization in the industry. SANS certifications continue to represent the highest standard in ongoing information security education.
What many new to the industry may not realize is that Judy Novak has been working with them since 1998. Over her twenty years with SANS, she has instructed at camps, written courses, and earned the 2010 Lifetime Achievement Award. She also holds patents for target based TCP timestamp reassembly, TCP reassembly, and IP fragmentation devices and systems. With this background, she developed a majority of the SANS TCP/IP course that analysts use for certification.
As a Founding Mother in the information security space, she worked as a founder of the Army Research Labs Computer and Incident Response Team.
How One Woman Broke Security Barriers: Michele Guel
As a woman working in information technology since 1983, Michele Guel epitomizes the definition of Founding Mother. In 1983, not only was IT a new field, but women faced a lower glass ceiling than today.
In 1985, she transitioned to the National Aeronautics and Space Administration (NASA) where she founded the information security program for the Numerical Aerodynamic Simulation (NAS) facility. Her work there included testing and installing new security tools and responding to security events while also providing training to workforce members.
In March 1996, she moved to Cisco Systems to work in what later became the Security and Trust Organization. In 2010, she became one of ten female Distinguished Engineers at Cisco. She continued to inspire women by co-founding the Cisco Women in Cybersecurity Community in 2014.
How One Woman Created Bug Bounty: Katie Moussouris
Founder of Luta Security, Katie Moussouris created Microsoft’s bug bounty program in 2008. A frequent speaker at conventions, Moussouris recently addressed the U.S. Senate about data security and bug bounty programs.
Her career began in the mid-1990s as a genotyping data manager at MIT. By 1999, she was developing initial security response teams which later allowed her to transition to creating automated test suites for intrusion detection software.
A Founding Mother in the security realm, she continues to advocate both for women and information security on Twitter where she has over 49,000 followers.
How One Woman Focused on Legal Protections in Cybersecurity: Christina Ayiotis
Christina Ayiotis began her legal career working with toxic tort and environmental insurance law during the heavily litigated late 1980’s. Alway at the cutting edge of legal issues, Ayiotis transitioned from protecting the physical environment to safeguard the information environment during her time at Ernst & Young International in the late 1990’s where she was responsible for the Global Knowledge-Sharing Agreement documentation process focusing on data protection, privacy, and copyright.
In 2011, she established an independent consulting business focusing on legal issues in the cybersecurity and information security field. Her work includes strategic and operations consulting for cyber risk management and preparedness as part of her variety of services and expertise.
How One Woman Worked to Create Sustainable Ethics and Diversity in Information Security: Cecily Joseph
Like several other Founding Mothers, Cecily Joseph began her information security career working outside of the cybersecurity space as director of the Veritas Software Corporation’s legal department.
Her July 2005 transition to Symantec focused her work on developing a more diverse workforce. Her corporate responsibility report won a 2008 Ceres-ACCA Sustainability Reporting Award. Her work led to Symantec’s listing on the HRC Best Places to Work for LGBT Equality and its reputation as World’s Most Ethical Company.
Her current work in online safety education and cybersecurity skill development overlaps with her ongoing work that champions diversity and inclusion.
How One Woman Protected Free Speech Online: Eva Galperin
As technology changed, so did the face of women in cybersecurity and its Founding. Eva Galperin’s work in protecting free speech online arose out of her political science and international relations background.
In 2007, Galperin started working with the Electronic Frontier Foundation (EFF) which focuses on protecting free speech rights on the Internet. With the rise of social media beginning at the same time, her work in cybersecurity, privacy, and the internet placed her directly into uncharted territory. Her work with EFF includes writing privacy and security training materials while her published research addresses malware in Syria, Vietnam, and Kazakhstan.
Why Celebrate Women’s Contribution to Information Security?
Reciprocity dedicates itself to enabling IT, security, and compliance community members. Showcasing the superpowers of governance, risk, and compliance means showcasing those who create the community. Reciprocity’s use of its 501c3 reciprocity Volunteer Foundation to support Women in Security and Privacy is only one step to showcasing our ethical and sustainable business model. Continuing to hire a diverse team and boosting diverse voices aligns with our corporate strategy and mission.