Las Vegas - Walking around the hallways of the Mandalay Bay Convention Center at this year’s Black Hat event was a familiar experience. As a woman who writes about and attends security events, I continue to be in the minority at the gatherings. This has been the case since I first started covering the industry nearly 15 years ago.
Figures show that people identifying as women are still solidly the exception, not the norm, in information security. A recent Frost and Sullivan survey finds women comprise a mere 11 percent of the infosec workforce.
But also at Black Hat, I noted many initiatives and sessions to foster diversity in information security. One thing that surprised me was an on-site daycare offered this year where attendees could drop kids to attend sessions. Several other booths and groups along the floor were promoting women in infosec. As much as women are still few in number, there is movement and gains to increase their ranks in security.
One session featured security professionals from Korea, Japan and Taiwan who shared success stories about building a thriving network of cybersecurity communities for women. Asuka Nakajima, Suhee Kang, and Hazel Yen, all founders of female security groups in their regions, presented examples from their home countries of building these infosec communities, and also provided concrete proof of success as each have grown over the last several years.
“When I was in [my] university infosec club SISS (Sookmyung Information Security Study) six years ago, it was a total disaster and few women were learning to hack,” said Kang, founder of a women’s hacking contest called Power of XX CTF, in a pre-session interview. “At the time, it was really hard for women to survive for several reasons, so a lot of female students either [gave] up on their degree or changed courses in the middle. That's why we made our community: to cultivate women researchers and hackers.”
Nakajima said in her experience, there are three prevailing attitudes among women that put them off pursuing infosec opportunities. She summarized them the following way:
- "To me, it is difficult to fit into a workshop because most of the participants are men."
- "Because most of the security engineers are men, maybe infosec is not for women."
- "I really want to start learning infosec but I don't know where to start, and I don't have friends to ask about that kind of thing."
“The first step to break the barriers is to make a female community and hold workshops for women,” she said
Based on what I observed in the presentation, much of the success of all communities included in the session has to do with consistency and opportunity. Each group held regular workshops, gatherings, and capture-the-flag style hacking events for women to both use their skills and socialize and network with like-minded women in their regions. Each community, Yen noted, began simply with tech-savvy women who wanted to offer opportunities to others who might be interested. Each noted their numbers grow annually.
“When it comes to talking about the most need for communities, my opinion is that we need to be telling girls that we are here at the early stage,” she said. “Whenever I start a community, I always tell my members that we are not behind the rest of the infosec field; everyone is good at something. I think what we need to remember most is, "self-trust is the first secret of success.”