An impressive group of 30+ women converged at the Gartner Security & Risk Summit Women in IT networking event last night. Their focus was personal experience in the cybersecurity industry, and the meeting was in contrast to a full day of statistics, frameworks, analytics, automation, plus Michael Chertoff as conference keynote.

Meeting fascinating security practitioners in any scenario is a treat, and my table of three new introductions (bright, talented women that have been working in the industry for 10+ years) dove right in to the good, the bad and the ugly of “women in security” stories. We laughed, cringed, and commiserated over the course of an hour on topics ranging from bosses, mentors and colleagues to interviews and promotions. Thank you, S, S and H for allowing me to summarize our conversation. Here goes:

  • In our 70+ years of combined work experience, not one of us has worked for a female CISO. (A recent statistic states that only 13% of females hold this title. Quite an elite few.)
  • We all found our way to security via different paths, yet none us started out focused on the industry:
    • One studied Information Systems, landed an internship, and eventually found a job as security auditor.
    • One went returned to school as an empty nester, discovered security as an interest later in life, and is now a Security Officer.
    • One worked through government agencies, ascending through the ranks to become a Security Architect.
    • And me: graduated with a degree in French, and saw a niche in security as job security when other tech jobs were going overseas, did graduate work in computer science, and became an entrepreneur.
  • Each of us learned lessons – the hard way – about self-promotion. Our happiness factors at the workplace might not be the same as those of our peers, we learned. Mentors and bosses may lift us, however, we are ultimately in charge of our future. The message for advancement was clear: Stay engaged, map out a plan, and market yourself in the right areas for personal success.

  • It’s still a painful pill to swallow when we hear stories of other (minority) women in security not recommending the hiring of another qualified (minority) woman due to the “perception of being submissive.” Holy smokes.
  •  We also heard some generational differences. There were many years when no one lifted or advanced any women in a highly competitive environment. Self-limiting is a roadblock, and women still have problems trusting each other. We are all in works of progress, but perpetuating these practices will perpetuate the status quo, and women will never rise above that 13% CISO status. To paraphrase Ghandi, we need to be the change we wish to see.
  • Do male or female bosses make the best mentors? On the topic of men vs women bosses, the youngest of our group confirmed that she has had nothing but wonderful experiences with all of her male bosses. Each have taken an interest in advancing her career. Ah….positive change is on the forefront!

For me, hearing these stories sparked reminders of what I need to do to facilitate the changes I want to see, and I encourage you all to map out your plan as well:

  • Don’t be afraid of failure.
  • Stop with the negative self-talk.
  • Make yourself available to others.
  • Be open and flexible to the newer generations ideas and thoughts.