WOMEN IN CYBER SECURITY
– BY MARIYAM CHOWDHARY.
When Britain was clueless about the importance of computers as engines of growth and men felt lazy about machine work, they hired women as “low-level drones” in the technology industry during the World War II through to the 1960s. This segment of the female workforce cracked enemy codes, ran large electro-mechanical computers, and worked out military logistics. They were considered the largest trained technical workforce in that period until they could no longer be given managerial roles and were pushed out of the race when the power of technology became more and more apparent in the 1970s.
Is it a surprise that a book like ‘Programmed Inequality: How Britain Discarded Women Technologists and Lost Its Edge in Computing’ was waiting to be written in 2017 when the tech culture was as sexist as ever? If one were to study the Bois Locker Room case in Delhi, the tech industry’s gender-discrimination problem might be exacerbating online misogyny like never before.
India’s IT industry may have hired many more female engineers over the last decade for gender diversity optics, but very few enjoy leadership roles and most are victims of the pay gap, early exits, and subsequent career stagnation. Such inequities might be starting to manifest their dangers in the world of cyber-crime. Can a greater feminization of technology prevent worrying cyber-security threats like the Bois Locker Room where a group of boys from upscale Delhi schools allegedly shared photos of underage girls with deeply misogynistic remarks, even vindicating sexual assault?
“We cannot expect to protect the rights of women if we don’t have women leaders to voice women-specific concerns in the law-making process. We have made a beginning with women representation on corporate boards and at the panchayat level but the conventional mindset of our people and society as a whole needs to change. That change can come by engaging more women in the regulatory and policy-making process of cybersecurity, as in other fields,” says Karnika Seth, cyberlaw expert and visiting faculty to National Police Academy and National Judicial Academy, CBI Academy and National Investigation Agency.
Highlighting the gendered nature of memes, and unequal distribution of power in anonymous online forums and other social media, Nirali Bhatia, a cyberpsychologist, says technology has moved beyond conventional definitions of algorithms and coding and delves into debates around artificial intelligence and machine learning. “It is time for the big-tech industry to open up and accept newer perspectives from women. We need women in technology to share their journeys to influence policies. Because they have a better psycho-social understanding of things,” says Bhatia.
In the realm of cybercrime, greater awareness-building around online etiquette is the need of the hour to arm women with greater agency. “The societal stigma and judgment faced by women reporting abuse is an age-old phenomenon, which has transcended into the online world. Women are often scared to report such instances for the fear of defamation, lack of family support and lack of knowledge about cyber laws,” says Poonam Muttreja, executive director at Population Foundation of India (PFI) which has worked with adolescents in several states especially in the area of Adolescent Reproductive and Sexual Health (ARSH). “There is an urgent need for greater awareness of cyberbullying in educational institutions and workplaces. Targeted campaigns are needed to familiarize women with cyber threats, safety protocols as well as procedures of filing a complaint at the cyber cell,” says Muttreja.
Perception, awareness, and bias
The low representation of women in internet security is linked to the broader problem of their low representation in the science, technology, engineering, and mathematics fields. Only 30% of scientists and engineers in the U.S. are women.
The societal view is that internet security is a job that men do, though there is nothing inherent in the gender that predisposes men to be more interested in or more adept at cybersecurity. Also, the industry mistakenly gives potential employees the impression that only technical skills matter in cybersecurity, which can give women the impression that the field is overly technical or even boring.
Women are also generally not presented with opportunities in information technology fields. In a survey of women pursuing careers outside of IT fields, 69% indicated that the main reason they didn’t pursue opportunities in IT was that they were unaware of them.
Organizations often fail to try to recruit women to work in cybersecurity. According to a survey conducted by IT security company Tessian, only about half of the respondents said that their organizations were doing enough to recruit women into cybersecurity roles.
Gender bias in job ads further discourages women from applying. Online cybersecurity job ads often lack gender-neutral language.
Good security and good business
Boosting women’s involvement in information security makes both security and business sense. Female leaders in this area tend to prioritize important areas that males often overlook. This is partly due to their backgrounds. Forty-four percent of women in information security fields have degrees in business and social sciences, compared to 30% of men.
Female internet security professionals put a higher priority on internal training and education in security and risk management. Women are also stronger advocates for online training, which is a flexible, low-cost way of increasing employees’ awareness of security issues.
Female internet security professionals are also adept at selecting partner organizations to develop secure software. Women tend to pay more attention to partner organizations’ qualifications and personnel, and they assess partners’ ability to meet contractual obligations. They also prefer partners that are willing to perform independent security tests.
Increasing women’s participation in cybersecurity is a business issue as well as a gender issue. According to an Ernst & Young report, by 2028 women will control 75% of discretionary consumer spending worldwide. Security considerations like encryption, fraud detection, and biometrics are becoming important in consumers’ buying decisions. Product designs require a trade-off between cybersecurity and usability. Female cybersecurity professionals can make better-informed decisions about such trade-offs for products that are targeted at female customers.
Attracting women to cyber-security
Attracting more women to cybersecurity requires governments, nonprofit organizations, professional and trade associations, and the private sector to work together. Public-private partnership projects could help solve the problem in the long run.
A computer science teacher, center, helps fifth-grade students learn to program. AP Photo/Elaine Thompson
One example is Israel’s Shift community, previously known as the CyberGirlz program, which is jointly financed by the country’s Defense Ministry, the Rashi Foundation, and Start-Up Nation Central. It identifies high school girls with aptitude, desire, and natural curiosity to learn IT and helps them develop those skills.
The girls participate in hackathons and training programs and get advice, guidance, and support from female mentors. Some of the mentors are from elite technology units of the country’s military. The participants learn hacking skills, network analysis, and the Python programming language. They also practice simulating cyber-attacks to find potential vulnerabilities. By 2018, about 2,000 girls participated in the CyberGirlz Club and the CyberGirlz Community.
In 2017, cybersecurity firm Palo Alto Networks teamed up with the Girl Scouts of the USA to develop cybersecurity badges. The goal is to foster cybersecurity knowledge and develop an interest in the profession. The curriculum includes the basics of computer networks, cyberattacks, and online safety.
Professional associations can also foster interest in cybersecurity and help women develop relevant knowledge. For example, Women in Cybersecurity of Spain has started a mentoring program that supports female cybersecurity professionals early in their careers.
Some industry groups have collaborated with big companies. In 2018, Microsoft India and the Data Security Council of India launched the CyberShikshaa program to create a pool of skilled female cybersecurity professionals.
Some technology companies have launched programs to foster women’s interest in and confidence to pursue internet security careers. One example is IBM Security’s Women in Security Excelling program, formed in 2015.
Attracting more women to the cybersecurity field requires a range of efforts. Cybersecurity job ads should be written so that female professionals feel welcome to apply. Recruitment efforts should focus on academic institutions with high female enrollment. Corporations should ensure that female employees see cybersecurity as a good option for internal career changes. And governments should work with the private sector and academic institutions to get young girls interested in cybersecurity.
Increasing women’s participation in cybersecurity is good for women, good for business and good for society.