In cybersecurity investigations, the faster you detect the problem, the easier it is to solve. The gender imbalance in the cybersecurity industry is another matter entirely. The lack of women in the sector is highly visible, and yet the solution is far harder to come by.
At Stroz Friedberg, I am proud to say we are making progress. Our cyber associates program in both the U.S. and the U.K. is attracting more women to the field than the norm. In the past three years that we’ve administered this program, women have represented an average of 32% of the associates. Our most recent incoming class is made up of 41% women. That’s a proportion significantly greater than the industry average of just 11%.
Awareness of the jobs in this field is a significant barrier to entry. As my colleague Robyn Brooks wrote in a blog post celebrating International Women’s Day, “I often talk to women who weren’t aware that cybersecurity was even a career path. Just as we teach children they can become a doctor or lawyer, it is important to introduce cybersecurity as a career option early on.” One way that Stroz Friedberg is working on this issue is by actively supporting women-led organizations like the Women in CyberSecurity (WiCYS) conference, Women’s Society of CyberJutsu, and programs like Girls Who Code.
In recruiting cyber associates, we look for candidates with a curiosity and passion for the field, analytical and problem-solving abilities, including the ability to think outside of the box, and strong writing and communication skills, along with technical aptitude. The women and men in our cyber associates program are being trained not only to excel in the industry, but to stay in it. We ensure that our recruiting process includes female leaders, as role models and mentors for potential new hires. This is our approach to creating the leaders of tomorrow.
Each cyber associate is immersed in three specializations before having to decide where to commit for a career: digital forensics, incident response, and proactive security services. In this program, our cyber associates are not only watching and learning about theoretical solutions to cybersecurity threats, they’re working on actual client matters, alongside other technical experts. The cyber associates are regularly exposed to internal and external practitioners and the wide scope of career opportunities in cybersecurity. Day-to-day responsibilities include: preserving data from electronic data sources and repositories; helping to develop protocols for client matters; searching, comparing and analyzing data; and testing new processes or tools to support the practice and client needs. When cyber associates decide to join a practice group, they have more awareness than most of us have had when selecting our career paths—and it’s expected that they’ll be assigned a permanent role in our company in their chosen field.
Awareness and training is a challenge in recruiting women to the leadership ranks, too. Given the relative newness of this industry, many top contributors at Stroz Friedberg started out in other fields. Previous to Stroz Friedberg, I was a cybercrimes prosecutor in the U.S. Attorney’s Office in Los Angeles. My colleague Judith Branham, a Managing Director in Minneapolis, had been an attorney with Faegre & Benson, LLP. Having non-traditional and non-tech experience has only enhanced our careers. Stroz Friedberg shows their forward thinking by recruiting women like us and ensuring we can be just as successful as those from more traditional, technical backgrounds. Cybersecurity firms that want to retain top-quality professionals must also provide better incentives for staying and growing with the organization. Whether male or female, all cybersecurity professionals need to have mentoring, good corporate benefits, policies supportive of work/life balance, and regular training and continued education to keep skill levels and morale high. Leading companies (like Stroz Friedberg) have a duty to bring attention to the varied career paths that advance associates into leadership positions and success in cybersecurity, especially for women.
To that end, women in the field of cybersecurity should do their part to serve as role models and give back to the community. For example, speak at events to encourage awareness of cybersecurity careers and promote equitable workplace policies and practices; bring other women along to serve as co-presenters or to participate in events; speak openly about the challenges of being a woman in the cybersecurity industry and what can be done to solve it. We know that being a woman in a male-dominated profession is not easy, but it is our hope that ten years from now the graduates from our cyber associates program will be part of the solution.