By Joshua Scott
Nearly 100 people were in attendance for an event all about the need for women in cybersecurity.
Some in attendance were studying or working in the industry, but most were curious about the field and how diversity can change it for the better.
When event moderator Rushmi Hasham, director of training at the Rogers Cybersecure Catalyst, asked who was considering pursuing a career in the field, most hands raised. “This is the start of a wave,” she said.
As a woman in cybersecurity, Annegret Henninger is in the minority. Henninger studies business technology management and serves as a research assistant at Ryerson’s Cybersecurity Research Lab (CRL). Initially, she “had no idea that [she] would be interested” in cybersecurity.
For Henninger, it took an encouraging push from her eventual boss, CRL director and Ryerson professor Atefeh Mashatan, who was also a panellist at the Oct. 24 event.
The event consisted of career-focused panel discussions of cybersecurity and women in the field, followed by audience questions and a networking period. The event ran nearly an hour past its allotted time as attendees connected with the speakers and other cybersecurity professionals, including women who are investigators at the Toronto Police Services’ cybercrime unit.
According to a 2017 report by Cybersecurity Ventures, there will be 3.5 million unfilled cybersecurity jobs by 2021. Women currently make up 20 per cent of the workforce. This compares to 11 per cent in 2013.
The cybersecurity sector is growing rapidly, but the male-dominated sector needs workers and it needs diversity.
“As digital media is becoming more prevalent in our daily lives, our exposure to cyber-attacks and information security and privacy threats is going to grow bigger, which means we need to protect ourselves more,” said Mashatan.
“There is a shortage of cyber talent and that’s just going to grow exponentially,” said Royal Bank of Canada (RBC) senior director of cyber ops Laura Evertsen. “The hackers will just stay ahead of us, especially if we don’t have more people who think differently from all different backgrounds, who grew up with different biases,” she said.
Evertsen emphasized the value diversity has in the cybersecurity industry. Based on RBC’s cyber remediation team, where half of the management team have no cyber background, she said it’s about bringing in “different people…[for] different problems that need different solutions.”
When Evertsen wanted to shift roles at RBC, her long-time mentor suggested she consider cybersecurity. At the time, she thought to herself, “I’m a geek, but those are kind of like the super-geeks. I didn’t really think I’d be qualified.”
She decided to give it a try anyway. “I’m so grateful because it was the best decision I ever made,” she said. “There’s never a dull day.”
Shawna Coxon, Toronto Police Deputy Chief of Priority Response Command, followed a traditional career path in policing. She began by answering 911 calls and then went into investigative work in Toronto Police Service.
As a result of Coxon actively trying new things, she was put in charge as the team lead of Operation Reboot, a project that looked at technology in policing.
Coxon spoke about the growth of online-based crimes, and what it means for potential workers. “Crime is changing dramatically. The nature of crime is not that it’s going down, it’s that it’s moving from in real life to in real life and online.” This shift presents “a tremendous opportunity for all of you in this room.”
But another aspect of diversity and having more women in cybersecurity is the barrier to entry.
According to a report by ISACA, an international professional association focused on information technology, 51 per cent of women in the industry experienced some form of discrimination and that workplace bias is both real and endemic.
The report goes on to highlight that the bias against women is subtle, from being overlooked in meetings, to having ideas dismissed to later be usurped by a male colleague.
Mashatan’s opinion is that the perception most have of cybersecurity is all wrong. “The perception that most people have, not just of cybersecurity, but of most technical domains, is that there’s this geek in their basement, and if you’re not a programmer, there’s no need for you,” she said. “And that’s wrong.”
“This space has a lot of career opportunities that have nothing to do with science or technology,” said Coxon. She highlighted the fact that computers can’t replicate the human components behind solving problems, which often take improvisation and skills.
Henninger doesn’t see a lot of women in her workspace. But in her personal experience, she’s never encountered any barriers.
“If there’s a job, it’s mine,” Henninger added, with a laugh. “Out of my way.”
Getting more women into the field begins with targeted recruiting. This encompasses those who will begin entry-level jobs in a few years as well as giving them experts in the industry to have as mentors and contacts. According to the panellists, through the discussion and networking period, the panel and the event opened opportunities for women to start considering the options of a future in cybersecurity.
At the end of the panel portion, Hasham took another poll from those in attendance.
“Did we successfully change your perception of cybersecurity?” she asked. Judging by the number of hands raised, the answer was yes.