Speaking your mind won’t hurt your cybersecurity career, women were told in an online conference this week.
“I’ve learned the really hard way if you don’t speak it won’t help you,” Karen Nemani, who until recently was director of enterprise risk and compliance at Waterloo, Ont., based OpenText, told the siberXchange conference Aug. 12. “If you speak quietly it won’t serve you so you may as well speak up.
“It’s very unfortunate that often there’s only one seat for women at the table, so it’s like a prize you’re trying to attain and it fosters competition and undermines us. It’s great to have that seat, but you really need to be heard.”
Nemani described the pattern she has discovered when women approach a conversation with confidence.
“I’ve noticed a lot of women in cybersecurity lower the pitch of their voices,” she said. And it doesn’t work, she added. Better, she advised women, is to speak your mind.
Nemani was speaking on the third day of the siberXchange 2.0 conference, a week of online sessions with every day devoted to a topic. Wednesday’s topic was women in cybersecurity.
She was part of a panel on women in leadership roles that included Helen Oakley, a security manager for financial services products at SAP Canada; Lydie Ngo Nogol, chief information security officer at PricewaterhouseCooper for francophone Africa; and Sailaja Vadlamudi, director of security and data privacy at SAP Labs India.
Several spoke about the challenges of being a woman in the field.
Asked about how easy it is for women to be transparent, Oakley said that in leadership one has to be true to one’s self and principles. Lead by example, she said. “We have to change the status quo by being open and transparent.”
But sometimes, she added, that means having “uncomfortable conversations” with someone who makes a cutting remark about diversity in the workplace.
Ngo Nogol acknowledged that initially being a woman in cybersecurity was challenging. “I had to learn to speak. If you don’t ask something the answer will be no,” she said. “You need to bring people to understand what you want to do, and how you want to do it.”
However, she added, it becomes easier if you know what you’re talking about. In perhaps what is gender-neutral advice she said employees need to adapt their messages where others are coming from and to be aligned with the goals of the business.
Don’t get emotional, added Vadlamudi, or make discussions personal. That will burn bridges with colleagues. “When people trust you its easy to tell them, ‘This isn’t going to work.'”
Women are sometimes afraid to fail because they are a minority in the profession. That can be a big weight. Nemani recalled at one point feeling like she “twisted into a pretzel” at one organization, and trying to be what everybody else wanted her to be.
“It took failure for me to understand I’m great as I am,” she said.
People from an organization she worked for said she didn’t have the technical skills for her job. “I heard it, I internalized it, and that was a huge failure on my part, to believe that I needed to be one of the guys and needed to act like them and that my voice didn’t have a place because I wasn’t technical enough.
“It took me a while to remember that cybersecurity brings together people, process and technology … and that is a lens that is gender-neutral.”
Failure in work is understandably worrisome because cybersecurity is an essential service in any organization, said Nemani. “But if you as a leader are supporting your team and are in the know and if you are integrated with the team … you’re going to build a team that feels okay with coming to you and saying, ‘I think i screwed up.’ And you say, ‘We’ll fix it.’ It’s not the blame game, it’s about collaborating and leading by example. I tried being ‘Trumpish.’ It just instills fear.”
There are language issues in IT as well. Nemani said she has trouble with “penetration tests” and women being accused of being “emotional” instead of “passionate.”
Asked how a cybersecurity leader can make sure teams are diverse and minorities feel safe, Vadlamudi said it comes down to leadership. “People try to follow you when they see you as a role model.”
There was also valuable advice for women in other sessions:
- Be curious, adaptable and open to change, said Andrea Frost, a senior software security engineer at Dell (who took her first programming course when she was 31).
- “You’re the captain of your career,” said Noreen Njoroge, a cybersecurity consultant at Cisco Systems. “Learn as much as you can, find an area you like and become a subject expert, get a mentor. Networking is key. Always be prepared for an opportunity.”
- “Growth and comfort do not co-exist,” said Heather Ricciuto, who leads academic outreach for IBM Security. When someone else in your organization sees promise in you and suggests a jor or a project, trust their judgment, she added.