Women in security: Cultures, incentives that promote retention

While women remain in the minority in security positions, they are positioning themselves for success in the future of InfoSec.

In order to attract and retain highly qualified candidates who possess a combination of emotional and technical intelligence, enterprises need to look at their corporate cultures and offer more than monetary incentives. Women in security are inclined to stay in positions where the enterprise encourages a healthy work-life balance, offers equal pay for equal work, and provides mentor programs.

The 2015 r (ISC)2 report, Women in Security: Wisely Positioned for the Future of InfoSec, found “pairing new InfoSec hires with mentors, and, as the survey described, adapting compensation plans and training to better align with the flexible working arrangements and diverse training options women expressed as important in retaining and engaging InfoSec professionals.”  

The field of information security traditionally has been dominated by well-educated and highly technical men. The study, however, found that because the future of InfoSec will demand an increased need for managing business risk, “Women, therefore, have positioned themselves wisely in an InfoSec profession that should not be defined by sheer headcount, but in the roles of those that are shaping the future practice of InfoSec.”

[ ALSO ON CSO: 10 tips to attract women to infosec jobs ]

In order to redesign corporate culture and offer a more diversified incentives programs, enterprises need to first understand the obstacles women in security encounter in the workplace.

“The first obstacle they will face is a lack of women in security. It’s a field that has grown out of IT, which is a field that’s been strongly dominated by men. That lack of diversity can be a blocker in terms of communication,” Chris Brazdziunas vice president of engineering, LogRhythm said.

Men and women communicate differently, and in an environment that is dominated by men, it is easier for men to communicate with each other and build relationships more quickly.

As a result, “Women have to step in and do something they are less comfortable with and they are not assimilating as fast or understanding rules and options as quickly as men do,” added Brazdziunas.

These realities impact the internal health and harmony of an enterprise. At LogRhythm, Brazdziunas said the company is trying to promote diversity for reasons of better listening and social awareness within the organization. "We have a very low percentage of women in our organization. As a result, we have a commonality that doesn't have that need to be more socially aware."

A male dominated workforce also impacts the way the culture is motivated. Where a male dominated work environment traditionally thrives on individual success, women tend to value team efforts.  Brazdziunas said, “For women there is a desire for harmony and working as a team.”

Rather than comparing one person’s success against another's, a culture that encourages team success over individual success is a better structure for women, said Brazdziunas. “Women thrive in the workplace that is results oriented where goals have a high degree of clarity and there is recognition for achieving them.”

Many women succeed in places where people work well together.

“I like harmony, and part of that is because I’m a woman. In general I have found it to be an asset in the workplace. One of my strong skill sets is getting people to work together to make difficult decisions,” said Caroline Wong, security initiative director, Cigital, a software security firm

Some of the obstacles that offset that harmony in the workplace are “either biases of a particular person or inconveniences of biology,” said Wong.

“These days when I go to work onsite, I’ll ask if there is there a mother’s room or wellness room where I can pump,” said Wong who is a new mother of a six month old baby. “People are usually very accommodating, but sometimes the logistics are a little bit complicated.”

[ALSO ON CSO: Myths and truths about employing women in Infosec ]

Depending on the physical layout of an office space, the wellness room can be on a different floor or on the other side of a building, which creates an inconvenience of biology for working moms who are nursing.

While they can’t redesign office spaces, there are things that women can do to affect positive changes in culture.  

Wong said, “When I arrived, I realized there are not a ton of women, so I worked with HR to create a group of women at Cigital. We wanted to create ways for women at Cigital to have a purposeful community with each other.”

Through an email list, the women in Cigital offices all over the world are able to communicate with each other. “We get together virtually for book clubs and are able to hang out and talk about the topics relevant to women that relate to life and work,” said Wong.

Wong said the initiatives to improve corporate culture for women continue to evolve. “In the new year we are planning to feature women at Cigital for a speaker series. We will have one event per month where we get to hear from our fellow women about how they got to where they are,” she continued.

Julie Peeler, director, (ISC)2 noted, “Women in security is not a gender parity issue, it’s in everyone’s best interest to bring as many human beings into security.”

While highly valued by women, consistent and effective training will improve corporate culture across genders.  

In order for women to advance in their careers and grow into the leadership positions of the future, they need mentors and role models from whom they can learn.

“When you come into an organization as a woman and there aren’t a lot of other women, there aren’t a lot of role models. Men find role models easier. For women, it’s like finding a needle in a haystack made of needles,” Peeler said.

Having a mentor is extraordinarily important, Peeler added. “You need to see where you are headed. There are so many soft skills related to advancement that you are not going to learn in a text book. That person provides you with an objective perspective of your skills and can provide internal political coverage.”

Tina Stewart, vice president of market strategy, Vormetric, also spoke of the value in training programs. “Providing mentors and role models leads to high level of collaboration and having the ability to see how leadership works,” said Stewart.

As far as overt programmatic approach that will attract the best qualified person for the job, Stewart said, “There is a shift in the new generation. Everybody is not necessarily tied to their desks. In the land of security and start up everything is able to be accessed remotely now.”

Having the flexibility to work when and where inspiration strikes rather than the fixed hours at a desk in an office proves to be helpful in allowing women to achieve a better work/life balance. Offering the flexibility for employees to work remotely is an attractive perk for men and women alike. “We’re not worried about how many hours you spend on vacation as long as you get the work done,” said Stewart.

While monetary perks are attractive, “Women are more consistent with finding a job that fits,” said Stewart.  

Join the CSO newsletter!

Error: Please check your email address.

More about CSOLogRhythmVormetric

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Kacy Zurkus

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place