Women are slowly increasing their numbers in cybersecurity-related jobs across Canada.
Still, Gayleen Gray, the assistant-vice-president and CTO of McMaster University was stunned at the response to her recent job posting for director of information security at the Hamilton, Ont. institution.
“Of 100 applications, just one woman,” she told the Canadian Women in Cyber Security conference in Toronto this week. “That’s awful…Something isn’t working right.”
The conference attracted about 500 people, mostly women, for networking and encouragement. They had the opportunity to hear over a dozen women on panels as well as individual presenters who hold senior positions in public and private organizations in Canada. That surely was evidence that women are increasingly accepted in the overwhelmingly male-dominated cybersecurity profession.
The panel on increasing diversity in the workplace that Gray appeared on was an example.
With her were Debbie Speight, associate vice-president from TD Bank; Allison Atkins, leader of a cybersecurity risk management team at Scotiabank; Sheri Munro, assistant vice-president for access governance at insurer Manulife; and June Leung, leader of the identity and access management team at payment processor Moneris.
Other panels had women with similar titles.
No speaker had a real horror story about how she’d been treated over the years. Many mentioned that early in their careers they were the only woman in their networking class or on their team once hired. Several of them spoke of having very supportive managers. A few mentioned that rarely — until recently — were their managers women.
Instead, they hinted at obstacles. During a panel on careers. Mary Siklis of healthcare provider Point Click Care of Mississauga, Ont., said when one of her mentors offered her a higher position a vice-president asked her boss if he was sure she could do the job. (He did).
On the other hand, one TV show had a CS department with five young white guys and I thought, ‘Oh no, not again.”
Cat Coode, who has a combined degree in computer and electrical engineering, worked for RIM for years before founding Waterloo, Ont., privacy consulting firm Binary Tattoo, recalls watching a police TV show where a firm’s cybersecurity department was made of “five white 20-year-old guys.” These stereotypes, she said, “are in media,” and when women see programs like that it’s easy to understand why they conclude “there’s no role for me there.”
Panellists spoke of the challenge of finding and hiring women, the need to be assertive when positions open up as well as the need for women who get leadership positions to meet the public.
“It’s important to get out at meetings so women hear why it’s important to be in a field that is dominated by men, to build up their courage,” said Siklis. “As females we tend to step back when we get into a career that’s very challenging.”
Saminah Amin, a cybersecurity consultant at PwC Canada, noted there are few academic credentials needed to have a cybersecurity career. “A lot of people build skills on their own,” she said. Abby Daniell, Virginia-based senior manager of technology business development at AWS, noted her company offers on the job training and certifications.
“Companies need to lower the bar in what they’re looking for in education to get people into cyber,” said Coode, who said hiring managers often demand masters and bachelor’s degrees. “They want five to 10 years experience in a field that isn’t five to 10 years old,” she added.
Asked to give women career advice, the panellists’ responses were interesting (and not necessarily strictly for women).
“Identify where you want to go, visualize yourself there, and have conversations with people who are where are where you want to be,” said Daniell.
Take time to look at the breadth of cybersecurity-related roles, said Coode, because there’s probably a niche thing your company’s not covering that you might be interested in. “If someone opens the door for you take that challenge,” said Siklis.
“Aim high,” said Sherry Rumbolt, a senior information security officer at the Department of National Defence. “Always go to two steps higher than you think you’re actually qualified for and start setting your goal towards that.”
“It’s still about who you know,” she added.
At the panel discussing the importance of having a diverse workforce Gayleen complained that the IT industry has “some antiquated ideas. Even in job descriptions we’ve created for IT positions we look for people with a computer science or STEM degree, but … I find a lot of us didn’t come from an IT background, and it’s important to remember that when we mentor others.”
On the other hand, June Leung of Moneris said when recently recruiting for a co-op position was surprised to learn Univerity of Toronto applicants had no cybersecurity y training as part of their computer science courses.
Sheri Munro of Manulife, who said she’s always been treated “as one of the boys” (except early in her career when she was usually asked to get on the floor to re-arrange cables because she is tiny) said diversity is lacking in upper management. “I think we still have a long way to go.”
The advantage of a diverse workforce, said Scotiabank’s Atkins, is the ability “to turn the box upside down and look at it from the back and think differently” to solve problems. You get a more fulsome product as well, noted TD Bank’s Speight.
In an interview after the conference, Gayleen Gray pondered why only one woman applied for that job. “If we want diversity we need to be able to have a diversity of applications to chose from to make sure we’re getting the right fit. If we’re not bringing women into cybersecurity and finding opportunities to develop and advance, we’re not going to see women equal [in numbers].
“I’m optimistic,” she added, “because I think conversations are happening.”
The conference was organized by SiberX, a Toronto-based training and skills development platform.