Joining the security industry was not an intentional choice for me. Within my job quest, my interest in programming led me to become involved in all aspects of the Software development lifecycle (SDLC) and infrastructure support world. Over the next few years, I realized that I was good at software testing, quality reviews and attention to details. The professional in me became passionate about application security reviews, testing controls related to applications and advising people on SOX 404 compliance, I shifted to consulting and advisory roles, which could leverage my technical skills and the compliance mindset.
Before I knew it, I stumbled into being a cybersecurity professional!
Soon after, having a career in security became the next big thing. There was always something happening and something new to learn. The industry was growing as was the demand for security professionals. These are some reasons to think the excitement of being a security professional is here to stay:
- Security cuts across more than one skill. This profession leverages one’s knowledge in technology, processes, communications and business acumen
- It’s NOT just about security, but a bigger story about an industry where security is closely intertwined to the fabric pf business. Knowing industry is essential to resolve the security problems that impact business
- Everyday smarter people create threats. This, in turn, drives you to be smarter
- There is a warrior spirit in cybersecurity jobs. We are fighting cyber crimes every day.
My entrance did not guarantee me a seat forever. I had to build my credibility through professional certifications and continuous learning. I did so by adding at least one new skill every year.
There’s a major dearth of people in security. Unfilled cybersecurity jobs are expected to reach 1.8 million* by 2022, up 20% from 1.5 million in 2015, according to the Center for Cyber Safety and Education. To address some of the most complex issues in the cybersecurity field today, we need people with a wide range of skills such as business knowledge, analytics skills, cultural diversity, education and cultural backgrounds.
We talk about women more in the field of diversity because that is where we have more supporting data available. When I started my security job, I was the only female in my whole team other than my upline who was the CISO then. As I moved up in my career, I remained the ONLY female in most of the teams that I have worked for and I saw very few women in senior cybersecurity jobs. There’s a welcomed change in the last couple of years where several women are choosing security as their career option, although the numbers are not enough. The recent research shows that women are just 20% of the overall security workforce. The education sector, government and commercial organizations are taking a proactive approach to solve the skills-gap issue, by providing education and personal development opportunities in cyber security. This allows security talent to grow organically.
Is it enough? No, but it's a start. We need more women in the decision-making roles who’ll bring diverse points of view onto the table.
How can we bring more women to the forefront?
- Encourage more women to take up cybersecurity education and certifications
- Be conscious: For any cybersecurity job, evaluate an equal number of profiles from all genders before taking a decision about the most suitable candidate
- Go beyond traditional choices: empower students and professionals to take unconventional paths. We can always support them with the right information and insights in their decision-making process
- Security is an acquired skill. Encourage industry experts to be part of the security journey who could acquire security skills. This will support better identification of real threat vectors to business and effective problem solving.
Empower students and professionals to take unconventional paths. We can always support them with the right information and insights in their decision-making process.
Identifying that there is a gender gap is just the beginning, but taking actions to bridge them is a true gratifying journey. There is no better place than IBM to drive this agenda to wider audience. Here’s how I am doing my part to bring more women into the cybersecurity workforce.
University Ambassador Program Leader: The University Ambassadors program provides opportunities to IBM employees, to share their knowledge about a topic they know well and are passionate about with university students, through delivering lectures on the subject matter. We are collaborating with universities in India to introduce cybersecurity into their curriculum as well as provide mentoring and internship opportunities to them. We covered over 20 institutions in the past year and have plans to cover more institutions this year too.
Chair and Leader of Women in Security Excelling Program (WISE): IBM’s Women in Security Excelling program (WISE) was established to bring education, awareness and provide mentor ship opportunities internally. It also developed the #Cyberday4girls initiative, which aims to increase awareness of cybersecurity as a career option among middle and high school girls. This focuses not only on the security skills gap, but also the gender gap. Since the #Cyberday4girls launch back in 2016, the community has run over 70+ events across 6 continents.
Today we have more than 80% * workload to move to cloud and less than 10% data digitized, yet 22 billion* things to secure. The number is only set to increase as the threat landscape changes rapidly.
Those who are passionate about making a difference to the world, cybersecurity is ‘the’ career choice to save the world from cyber criminals.
