Cybersecurity is top of mind for almost everyone right now. From the Equifax breach that saw almost 150 million Americans’ data stolen, to the recent Facebook data being used for political campaigning scandal, no one seems to be safe from data breaches and privacy lapses. In an increasingly digital world, the need for strong cybersecurity tools is constantly growing — especially as threats evolve. Gone are the days when a firewall was sufficient. Today, tools like blockchain, multi-factor authentication and VPNs are only a few of the smart steps a business should take to keep its data private (and one step is never enough; multiple safeguards should be in place).
Because women are more prone to cyber violence, many must be well-versed in internet safety, which gives them a head start on coming up with ways to avoid, counter, and block cyberattacks. Luckily, there are many talented, passionate women working in cybersecurity despite the overall lack of representation in tech. The cybersecurity industry is booming, so there’s plenty of room for more women to join and help make our shared digital world safer. With cyber attacks coming from all sides, including governments, the internet is only becoming more and more unsafe. There is great need for skilled cybersecurity experts to push the field further and faster than those trying to infiltrate it.
A history of creepy crawlies on the web
Cybersecurity is believed to have been born in 1988 when Robert Morris, a grad student at Cornell, created and released a worm on ARPANET (an early version of the internet) with the intention of measuring the size of the network. By design, the worm self-replicated and (not by design) clogged servers to the extent that the entire global system essentially shut down. Morris was apparently entirely motivated by intellectual curiosity, but he was the first person convicted under the 1986 Computer Fraud and Abuse Act. (He did not serve any jail time.) Ultimately, h exposed a very real flaw in worldwide networks.
With online threats growing and evolving, businesses must be able to adapt and prioritize the safety of their data.
Since then, hackers have become both more malicious and more sophisticated. Businesses have had to evolve as well to protect themselves and handle the breaches that do happen. For instance, the way consumer data broker ChoicePoint handled its data breach in 2004 has improved how other businesses handle their privacy practices. Rather than disclose outright that around 160,000 people’s data had been compromised, ChoicePoint only informed 35,000 people initially. Under media scrutiny, they finally revealed the true extent of the breach and paid a total of $15 million in fines and consumer redress. Though, time has apparently not been an effective teacher, since Equifax essentially made all the same mistakes.
With online threats growing and evolving, businesses must be able to adapt and prioritize the safety of their data. Diversifying security measures is important, but making sure they are up to date and functioning properly is absolutely crucial. Using AI and machine learning can remove some of the guesswork, but users are also responsible (multi-factor and risk-based authentication can help). And if there is a breach, immediate communication to those affected must occur so they can take independent action. Antivirus and firewalls are simply not enough anymore.
Today, governments are launching organized attacks against rival nations and data breaches are reaching unprecedented levels. Now, more than ever, the cybersecurity industry needs fresh minds and eyes to help protect against future threats.
This is where skilled cybersecurity experts come into play, and women have the opportunity to offer their expertise to further the cybersecurity industry.
Women: Killing their own internet spiders
Reports vary, but women make up somewhere between 11 and 20 percent of the cybersecurity workforce. According to the Society for Human Resource Management, cybersecurity jobs are expected to increase to about 6 million positions globally by 2019 (with about 1.5 million remaining unfilled). Despite the abundance of need for cybersecurity experts, women are still underrepresented. But the opportunity is absolutely there, women just need to seize the resources available to them and create a space for themselves. Many women have done it, and are helping other women do the same.
The women who are currently in cybersecurity are powerhouses who are both making huge contributions to the industry and building communities to uplift and welcome other women into the field. Many women are in high-power positions in the cybersecurity world. The U.S. Department of Defense’s Acting Chief Information Officer, for instance, is Essye B. Miller, who was previously the Director of Cybersecurity for the Army CIO/G-6. Similarly, in 2017, there were 83 female CIOs in Fortune 500 companies, compared to 75 in 2016. While not large progress, it’s still progress.
We’ve compiled a list of influential women in cybersecurity to celebrate their contributions to the community. This is by no means an exhaustive list, so we’d love to hear about more amazing women in this space.
Former security incident response team lead at Motorola and current principal threat hunter for Dragos, Inc., Lesley Carhart is an expert in digital forensics and incident response. Her current work for Dragos, an information cybersecurity software developer, allows her to use her digital forensics skills to fight internet threats.
Elezari is a cybersecurity researcher, speaker and analyst. Some of her past work has involved researching the effects of hacktivism (hacker activists, a in groups such as Anonymous) on global politics and national security. She is an advocate of hackers and hacker culture as a “force for good” by exposing flaws and threats in order to create better cybersecurity solutions.
As a cybersecurity analyst for the U.S. Air Force, Feola is the resident subject matter expert on cloud security, mobility security, supply chain risk management and cybersecurity subscriber providers. Before that, she was the chief of cybersecurity for the C3I Infrastructure Division of the Air Force, where she was responsible for securing all assets of the Air Force Cyberspace Defense, Air Force Intranet Control, and Cybersecurity Control System as well as developing and implementing information security governance and management frameworks.
Irwin is the head of security at Tendermint, a platform that allows blockchain-based transactions to circumvent hubs (like cryptocurrency exchanges) by distributing blockchains. These networks are broken up into smaller, less easily detectable blockchains to streamline transactions and increase security. She advocates for human-centric security that keeps people safe without requiring a large amount of technical knowledge to implement.
Former security manager at Slack, (and former technology fellow at the ACLU), Honeywell is the co-founder of Tall Poppy, a company that hopes to empower and inform users to protect themselves against online harassment. She is an advocate for immigrants and immigrants’ rights, having organized the Never Again Pledge in 2016. Honeywell herself is a Canadian citizen working in the U.S. and works on issues related to internet privacy regulations.
Miller is the SVP of engineering at Bank of America, where she protects consumers and platforms from online threats. She is an expert in designing and implementing real-time risk prevention and detection systems. She is also a board trustee of the Center for Cyber Safety and Education, where she leverages her expertise in information security and risk management towards the mission of creating a safe internet for everyone through research and education.
Essye B. Miller
As the Acting Chief Information Officer for the US Department of Defense, Miller holds arguably the highest cybersecurity position in the United States government. Her normal role is the Deputy Chief Information Officer, but she was appointed the acting chief by the Deputy Secretary of Defense effective Dec. 8, 2017. She is responsible for coordinating cybersecurity standards, policies and procedures with all other federal agencies and coalition partners. Previously, she was the Director of Cybersecurity for the Army CIO/G-6.
Narula is the director of the Digital Currency Initiative at MIT Media Lab, which seeks to further develop cryptocurrencies through research and support of open-source cryptocurrency communities. Previously, she was a senior software engineer at Google, where she designed Blobstore, a system for securely storing petabytes of immutable data, and worked on NativeClient, a platform to run native code securely through a browser.
Currently the director of advisory chief information security officers at Duo Security, a software company that creates single sign-on and other security platforms, Nather leads a team of CISO strategists. She and her team contribute CISO insights to seemingly non-security related functions such as product design, sales, marketing and support. She has also worked as the research director for the Retail Cyber Intelligence Sharing Center and was previously the research director of enterprise security practice at 415 Research.
Rousseau is the senior malware researcher at Endgame, which provides businesses with endpoint protection and threat intelligence software, where she focuses on dynamic behavior detection on Windows and OSX platforms. She is skilled in reverse engineering malware, designing dynamic behavior algorithms and deploying automation for data analysis and security research, which helps her stay on top of the ever-evolving world of malware.
Other women making waves in cybersecurity
Donna Dodson, Deputy Cyber Security Advisor at National Institute of Standards and Technology
Jeanette Hanna-Ruiz, Deputy Chief Information Officer at Georgetown University
Amy Howland, Chief Information Security Officer (CISO) at CSRA, Inc.
Resources for women in cybersecurity
Women in CyberSecurity (WiCyS) is a community for women students, faculty, researchers and professionals in cybersecurity throughout academia, research and industry. WiCys provides its members with a platform to share knowledge and experience as well as networking and mentoring opportunities.
Australian Women in Security Network (AWSN) provides support, collaboration and connection for women in security across Australia and abroad.
Executive Women’s Forum (EWF) attracts, retains and advances women in information security, IT risk management and privacy industries.
Women in Defense (WID) engages, cultivates and advances women in national security.
Women in Security and Privacy (WISP) helps women achieve the education and skills necessary for them to excel in security and privacy positions.
Women’s Security Society (WSS) provides women in security with networking opportunities and community forums.
Women’s Society of Cyberjutsu (WSC) is a nonprofit to help women to succeed in cybersecurity.
She Secures is an organization based in Lagos, Nigeria, for women working in cybersecurity.
Women in Tech Fund aims to help and empower women in technology and security, by providing assistance with entry tickets to cybersecurity-focused conferences.
“A podcast all about the world of security, privacy, compliance and regulatory issues that arise in today’s workplace. Co-hosts Bryan Brake, Amanda Berli, and Brian Boettcher teach concepts that aspiring information security professionals need to know, or refresh the memories of the seasoned veterans.”
Silver Bullet Podcast women in cybersecurity series
“Over the past year, Synopsys’ Gary McGraw has hosted 12 women making an impact on the security industry in his monthly Silver Bullet Security Podcast. The podcast features in-depth conversations with security gurus. Past guests include technologists, academics, business leaders and government officials.”
Uniting Women in Cyber Podcast
“The Uniting Women in Cyber Symposium was created to celebrate the success of women thriving in today’s cybersecurity ecosystem and to identify and address issues that may be preventing more women from reaching critical roles in today’s industry.”
Who are the hackers? Playlist
“Some hackers wreak havoc online, but others are working to create a better internet. Sociologists, journalists and hackers themselves speak up.”
Women In Cybersecurity is a quarterly publication that reports on important trends and statistics concerning women in the cybersecurity industry.