Thank you, Ms Wajer, it is an honour to have the opportunity to conduct this interview. To begin with and to set the scene, could you briefly give us an overview of how big the gap between the number of male and female cybersecurity professionals is? What is the extent of the current women’s scarcity in cybersecurity?
Anecdotally, women are awfully scarce in the cybersecurity field; except for a limited set of countries (Sweden, Romania, and Poland come to mind), it’s quite rare to run into a female colleague. To a large extent, I guess, this is a remnant of traditional gender roles, but the STEM field is unfortunately also still considered largely devoid of human interaction and therefore slightly boring by many – a stereotype that continues to require a lot of effort to shake off.
The STEM field is unfortunately also still considered largely devoid of human interaction and therefore slightly boring by many – a stereotype that continues to require a lot of effort to shake off.
Would you say girls’ reluctance to go for a job in cybersecurity is also linked to the perception of this field that you’ve just touched upon? What is the perception of a girl going to work in cybersecurity nowadays?
From experience I’ve noticed that girls see everything/everybody as equal before they reach the age of 12. There is no difference between boys and girls. However, when it’s time for decisions, of course the people that are close to you, parents, have a great influence on them. If the parents are in IT, the perception of cybersecurity is positive and viewed as a normal job you can get. If the parents aren’t IT versed, then it can somehow be painted in a way that is not close to reality.
In your opinion and based on your experience, what are the main causes of women’s underrepresentation in cybersecurity and ICT sectors? Did you personally encounter any obstacles when it comes to embracing a career in these fields?
The main obstacle does seem to be the gloomy reputation of the IT industry in general as a bit of an old boys’ club that involves lots of screen-staring and very little interpersonal contact. This stereotype is of course far from generally applicable, and many companies are doing their utmost best to be different. On the other hand, I have encountered actual difficulties in advancing my career because of organisational issues in dealing with people that don’t fit in with the establishment, so I do understand the hesitation of new entrants into the field.
The question on how to attract and retain individuals in the IT or cybersecurity sphere often regards young people leaving their country to work abroad. I would like to ask you the same question but referring to women. How can we make this field attractive and encourage women to pursue a career in it?
In my opinion, the only way to do this is to lead by example: women, and especially young people about to decide on their post-secondary education path, need to be able to see plenty of role models that show IT to be the exciting and rewarding line of work that it is. Of course, for such role models to exist, the industry needs to step up its efforts at inclusiveness, and there is also much work that remains to be done at the primary and secondary education levels to prevent women from prematurely tuning the STEM field out. But in general, people need to be shown, not told.
Women, and especially young people about to decide on their post-secondary education path, need to be able to see plenty of role models that show IT to be the exciting and rewarding line of work that it is.
Do you believe that educating young children (under 12 years old) in cybersecurity and computing technology would help with reaching out to more girls and break the stereotypes in the field?
You can’t start young enough. A girl can wear a princess dress or be dressed as an alien, it doesn’t matter, she can still crush the stereotypes. Teaching them at an early age what is possible with computer technology just tears down these perception barriers other people are putting up that these jobs are only for men.
What goals, in terms of workforce diversity, would you like to see companies striving toward? What concrete measures could be implemented?
Every company that is serious about workplace diversity should continuously be identifying the obstacles that keep minorities from making practical use of the theoretical options available to them, and then work on removing those as much as possible. Although the exact process will vary by company and even department, I’ve found that mentoring and internship programmes at every level (allowing people to get comfortable with job roles that they may not have considered before) and explicit career ladders (that do not rely on insider knowledge of the available options or lots of negotiation) are helpful in this regard.
Every company that is serious about workplace diversity should continuously be identifying the obstacles that keep minorities from making practical use of the theoretical options available to them, and then work on removing those as much as possible.
What are the effects of women’s underrepresentation in cybersecurity in ICT, or in other words what are the advantages of gender diversity in a cybersecurity team?
Both my own personal experience and numerous studies have shown that a diverse workforce performs better. This is especially true for cybersecurity, where insights from team members with dissimilar backgrounds frequently lead to identifying threats that had been previously overlooked or allow use cases to be addressed that are specific to non-mainstream user groups.
Despite the scarcity of women representatives in the field, we can notice that, compared to men, a higher percentage of women cybersecurity professionals are reaching positions such as chief technology officer (7% of women vs 2% of men), vice president of IT (9% vs 5%), IT director (18% vs 14%) and C-level / executive (28% vs 19%).[1] Would you say that there is no glass ceiling in the digital sphere or maybe that women finally broke it?
In my opinion, the lack of career advancement for women in IT in general is more of a supply-side issue than an actual glass ceiling, with the situation slowly improving over time. Given that cybersecurity is a relatively recent specialisation, it’s quite plausible that women got in on the ground floor on a more equal basis, and that this has resulted in a naturally more diverse executive suite. It will be interesting to see whether these numbers hold and to what extent they can be replicated in other IT sectors.
What women role models can you think of, to inspire young girls and women?
Youngsters nowadays use YouTube and Instagram a lot. Until recently it was more Snapchat (that is still being used but less popular). The role models would come from this industry like vloggers and photographers. Mind you, the best role models for these young girls would be their own parents. They have been around them for a lifetime and discuss life and jobs constantly. Hence I guess, besides educating the kids, it’s also key to engage the parents too if they are not in IT yet.
Nowadays, there is no doubt that women’s participation in cybersecurity, STEM, and ICT has to be fostered. Could you briefly explain to our readers what the purpose of Cisco’s Women in Cybersecurity group is? What concrete results did you achieve?
Informal groups are an important part of Cisco culture and are quite helpful for both newcomers and long-time employees to navigate the opportunities available in such a large organisation. As with other groups (such as Early in Career Network and the more general Women in Tech), the focus with Women in Cybersecurity is on sharing experiences and information. I’ve been present at several coffee talks about the opportunities within the security field, as a result of which several people have applied for new positions within the company. External presentations are typically more general but have convinced at least a few women to settle on a STEM study they had been considering.
Another question related to perception of the IT and cyber spheres again. Why do we have the image of hacker as a man, and how to make things change?
Have you ever seen a house burglar as a woman? This is probably the same reason hackers are thought of as men. Yet there are loads of examples of famous women that hacked major systems. Mata Hari is a good example of a spy[2] yet nobody expected this from a woman. The same goes for Cyber Hacking – one does not simply expect that a woman would do such a thing. In order to make this change we must go into the gender-neutral stage. In the Netherlands, for example, the announcements in the train are nowadays gender neutral – I still have to get used to it, as when I hear the little announcement sound before the voice starts to speak, I automatically wait for “ladies and gentlemen”, yet now they say “dear traveller”. Again, it will take time before no one notices the difference anymore.
Finally, if you could give advice to the cyber-enthusiast women reading us, what would it be?
Go for it! Cybersecurity is a relatively new and exciting field with lots of opportunities and great demand for resources across all disciplines, be it architecture, sales, implementation, support, or engineering. Don’t be afraid to ask around, and if you can find someone willing to mentor you, use the opportunity.
Questions by Faustine Felici
Bio:
Nicole is based in Amsterdam, The Netherlands and has a global role for the security part of SDA (Software Defined Access) and SD-WAN in the Enterprise Networking team as a Technical Solutions Architect (IBN Security). She graduated with a degree in Computer Science from the Amsterdam University of Applied Sciences and specializes in Security,the Internet of Things (IoT) and IPv6.
Her career in Cisco started in Routing and Switching and Network Security, but since fighting spam and malware turned out to be in her DNA since her first day on the Internet, a move to Content Security was an obvious progression. Recently she joined the Enterprise Networking team to continue her Security passion. Some side activities Nicole is the EMEAR lead for the Women in Cybersecurity trying to get as much female talent attractive into the world of STEM. Nicole is also known in Cisco as the Chief Stroopwafel Officer
As people who have met her in person will attest, Nicole is very friendly and talkative, as well as quite active on social media. She also acts as the social secretary for Koala, her stuffed marsupial travel companion and conversation starter. But also she is known for being the ‚Chief Stroopwafel Officer’ #stroopwafel
The article is an announcement of the upcoming issue of the European Cybersecurity Journal (ECJ), which will be published soon!
[1] (ISC)2, Women in Cybersecurity, https://www.isc2.org/-/media/ISC2/Research/ISC2-Women-in-Cybersecurity-Report.ashx, p. 3
[2] For a more comprehensive biography of Mata Hari, see for instance: https://www.britannica.com/biography/Mata-Hari-Dutch-dancer-and-spy