When Unicorns are the Majority: The power of positivity when it comes to diversity in cybersecurity

Women in Cybersecurity

From academia to government to now industry, I’ve never worked in a field with more than 20 percent women, and that is being very generous. That is why it felt extremely strange to sit in a large room with over 700 women working in or studying cybersecurity a few days ago at the Women in Cybersecurity Conference. With so many competent and impressive technical women across the room, the myth of the unicorn was quickly dispelled. You just need to know where to look.

Sure, we had the obligatory discussion of the low and possibly further regressing level of female participation in cybersecurity (seriously, it went from 10 percent last year to 8 percent this year, according to several speakers). But the best part of the conference was that the theme mirrored what I felt initially: that though the numbers of women are small, we are doing some remarkable things, and this is an exciting time to be in the field. This positivity is what we need more of in media, pop culture, and academic portrayals of cybersecurity. It could go a long way toward dispelling the erroneous negative perception of the field (that it’s innately militaristic, and best suited to loner male socially disconnected types) that continues to serve as a barrier to entry — as well as retention.

With that in mind, I’ve pulled together key themes from this year’s Women in Cybersecurity Annual Conference. I hope they’ll serve as reminders as to why we stay in the field, and that they could encourage others to pursue cybersecurity careers.


The Diversity Within: It’s not just about gender or race. — The conference was a great reminder that when we talk about diversifying the cybersecurity industry, we’re talking about much more than demographic differences. Within the predominantly female group at the conference, there was a phenomenal depth of professional backgrounds (industry, academia and government), generations (students of all levels, mid-career, and seasoned professionals) and disciplines (anything from computer science to theoretical mathematics to anthropology). Keynote presenters included a cryptographer, business professionals, and an incident responder. None of them were dark, shady characters in hoodies, but super-smart and enthusiastic women changing the industry.


Communication is key — and it’s not just about code. — The ability to write and communicate clearly surpassed any programming languages as the top recommended traits for success in cybersecurity. From proposal writing to meeting with a board to working on a team, the ability to communicate technical aspects to non-technical audiences is essential now, and will only become more important as the field expands. Experts also pointed to a solid foundation in math as a bridge-builder skill — meaning that it could enable a variety of career paths within cybersecurity.


The mission is powerful, and unique. — Both national security and the social aspects of cybersecurity were frequently noted as key drivers and motivators that keep women in the field. This resonated for those working in industry, academia and government, and was complemented with the challenging nature of the work. Want to find a good challenge and have a big impact, cybersecurity is the way to go.


No ‘manels’ in sight. — It is possible to have panels full of women talk about and inspire through their technical acumen and not their gender. Despite complaints by numerous conference organizers that they can’t find women to populate panels, these women exist — and this conference was proof of that. Here’s to hoping that panels full of men — a statistically unlikely occurrence absent conscious or unconscious bias — will someday be a distant and funny memory, like the #bindersfullofwomen meme.


That said…we still need men to hear and deliver these messages. — As almost every personal story noted, male allies are a crucial component to moving beyond single digit female representation in the industry. Fathers, colleagues, mentors, and friends all play an essential role and must be active participants in encouraging women to pursue or stay in the industry.

After explaining complex aspects of encryption, Yael Kalai of Microsoft conveyed another empowering message. We women are in a position ofpower. The industry needs us, and not the other way around. In other words, women are not token diversity hires, but are essential for organizations to achieve greater creativity and innovation, and an enhancedbottom line. That means if your company isn’t supporting you, move on. The demand is high, the supply is low — the math is on our side.


Andrea Limbago is the principal social scientist at Endgame.

This post was originally published by New America as part of Humans of Cybersecuritya dedicated section on Context that celebrates stories of the people and ideas that are are changing our digital lives. It is part of New America’s Women in Cybersecurity Project, which seeks to dramatically increase the representation of women in the cybersecurity/information security field by fostering strategic partnerships with industry leaders, producing cutting-edge workforce research, and championing women’s voices in media. This is a project of New America’s broader Cybersecurity Initiative, which aims to clarify and connect the often disjointed debates and policies that surround the security of our networks.