Photo by Howard Solomon
Photo by Howard Solomon

There are more women working in IT today than in the past, with some having satisfying careers.

Six of them headed a panel on gender balance in information security Wednesday at the annual SecTor cyber security conference in Toronto, talking about men who helped encourage and advance their careers. One mentioned how she was able to get back on the managerial track after taking time off to have children.

But they also said IS is still an overwhelmingly male occupation that often displays sexism.

“It’s a field that’s designed by men with a male culture and a set of values, and that’s what women are walking into,” said Karen Nemani, lead IT security risk manager in the Ontario government who has also worked as a risk manager for major consulting firms, told the overwhelmingly male conference.

“We’re the interlopers in that culture … We have an idea and we’re ignored. Or we go into a meeting and we’re continuously interrupted and not heard.” As a result women feel their career progression is not on their merit, and have to be better than men to succeed.

Andrea Stapley,left, Karen Nemani and Alexis Lavi. Photo by H. Solomon
Andrea Stapley,left, Karen Nemani and Alexis Lavi on the gender balance panel at SecTor. Photo by Howard Solomon

“I often feel in my work I have to know 10 times more (than a man) to be able to be seen as a subject matter expert, and I can’t make a mistake because that mistake will drive how I’m understood. “Women working in tech aren’t considered tough to make those tough decisions we need to make every day.” At the same time, she said when women speak their minds they’re seen as aggressive, not assertive. “That needs to change.”

Julie Leo, a relationship manager for security consulting in the Royal Bank’s IT risk centre of governance, agreed, saying sometimes she feels intimidated in a room full of men. “Sometimes my intimidation gets the best of me. I’m reluctant to speak up. I’m afraid someone might challenge me, I second guess my ability to respond.” Sometimes she wonders if she should move to another industry or field, “especially if people say to you ‘We really need to have a women on the team to bring soft skills.’”

Leo recalls women telling her of being afraid to put their careers on hold to have a family their employers will forget them. It’s important women be told that’s not true today, she added.

That was endorsed by Andrea Stapley, now director of security architecture at Sun Life Assurance of Canada, who said she took several years off to have a family when she was at Rogers Communications, and within 12 months of returning was a manager.

But there are telling numbers: Women are 47 per cent of Canadian workforce and hold 31 per cent of seats on publicly traded boards, but account for only 10 per cent of those working in information security,

“We can set up this expectation that girls can do anything and grow careers,” said Nemani “but it’s not going to mean anything if there’s no where to grow once they’re in the workplace.”

Several spoke of the reluctance of women to go into IT or IS, and the importance of being mentors.

Stapley recalls advertising for jobs and having no women apply. That may be because women look at a list of desired qualifications, see one they don’t meet and give up, said Marilyn Blamire, manager of information security at TD Bank. To men she said, “we need you to help women look at the job as a whole and to look at the skills they’ve got and take a risk.”

Stapley recruits women in non-traditional ways, including looking for summer students where she works. “It talks a lot of mentoring to build up their confidence and tell them over and over that I see something in them.”

Alexis Lavi, now senior advisor for cyber security at Fortalice Solutions, an American consulting firm, said she was a waitress during a recession after graduating with a master’s degree in public police and international security when she applied to be a technology risk manager. “I took an opportunity. My boss saw something in me.” Eventually she rose to managing the U.S. Department of Homeland Security’s supply chain risk management program.

She urges women “to take that risk … “When you see an application and it doesn’t have all those marks (that apply to them) give a second look and try to see what kinds of skill sets are needed for the team. “because you might pass over something that you never thought you were going to get.”

As for why employers should look for women in IS, Blamire argued they will help meet the shortage of infosec pros. Women bring many skills including the ability to communicate, influence people without being powerful, a willingness to collaborate and can be teachers and mentors.

“You’ve got a big untapped resource pool with a set of skills that are pretty necessary — and by the way women can be very technical as well. You have chance to really diversify your team, add to your skills and better represent society.”