More must be done to tackle sexism in cybersecurity

Among the tech-literate, knowing your stuff is enough to gain respect but, as Bridget Kenyon explains, assumptions based on gender are still too common among those making the decisions in tech firms

Bridget Kenyon’s early interest in STEM came from books. With a physics professor father and two older brothers who did Science masters degrees, her home was full of textbooks, but it was the science fiction novels left lying around which really fired her imagination.

“It started with authors like Robert Silverberg and Isaac Asimov. Arthur C. Clarke was one of my favourites because he was actually a scientist who went into writing science fiction. He invented the word satellite. He invented the concept and now they are all around the earth. When you find out stuff like that as a kid, it really blows your mind.”

“It’s not always about changing the universe, sometimes it’s just about having a really good day.”

Fitting then that Kenyon, who is now the EMEA chief information security officer (CISO) at multinational Thales, found her way into cybersecurity, a discipline particularly at home in the world of science fiction. “I sort of fell into it by accident,” she explains. While working in a “not massively exciting” role at an engineering firm, she decided to apply for the role of research scientist in the field of network vulnerabilities, and never looked back. “Cybersecurity turned out to be really interesting and very creative, because the ‘bad guys’ are always thinking of new attacks, and if you can think of them first then you can protect yourself.”

Cybersecurity respects skills, not gender

But however exciting and creative the cybersecurity industry is, Kenyon says it still has a long way to go when it comes to gender diversity, with women accounting for somewhere between 11 and 20 per cent of the workforce, depending on the survey. “It varies by one or two per cent each year and every time people seize on this tiny variation and write stories about how it’s a major improvement or a terrible disappointment. I keep having to remind myself that half of everyone on the planet is female. There may be 500 more women this year in cyber, but there are 1500 more men!”

The numbers, however, do not tell the whole story. “Part of the story is the experience of working in cybersecurity, while happening to be female” explains Kenyon. When it comes to working with people in tech, they are more likely to judge you on your knowledge than anything else. “The men I work with don’t go ‘You can’t do this, you’re female’ - at least, not the tech guys.” Instead, she says, there is a connection between people who can ‘talk tech’ irrespective of gender. “There’s a bond. You understand what it’s like to work in tech.”

Unfortunately, as she points out, the tech enthusiasts are rarely the ones making the hiring decisions. Those that do, she believes, often hire tech-literate women largely because their perceived soft skills will mean they can translate technical information to those higher up.

Why diversity conversations must include everyone

The other misconception holding women in cybersecurity back is, she believes “the perception that it’s really, really difficult being a woman in a man’s world.”

“You’re almost talking yourself into a problem,” she says. “You have groups that have quite constructive and supportive discussions with each other about how challenging it is. The problem is that it doesn’t change anything.” Women-only groups can, Kenyon posits, be counterproductive, as they exclude men from these important conversations. Not only that, but they leave no space at all for those who don’t fall into one of these two set gender groups. True progress can only come when everyone is involved and included.

So what else can be done to get people of all genders into the cybersecurity field? Make it seem normal, says Kenyon. “Don’t just hold up the leaders, the giant success stories, the tall poppies, show people who are doing the intermediate jobs too. These jobs may not set the world alight, but they are interesting. It’s not always about changing the universe, sometimes it’s just about having a really good day.”

Tackling generational misconceptions around STEM

A lot of this change will happen, however, on a generational basis. Just as it took several generations for people to accept that the world was spherical, Kenyon believes every new generation can be taught to hold fewer gender stereotypes. “We can try with the next generation - as they hit primary school, secondary school, as they see adverts, watch TV - we can try to start pulling away these veneers of assumptions.” Many of our prejudices are formed through characters on television, especially when it comes to scientists, something which Kenyon believes is harmful to all genders.

“There are so many programmes where the lead male character is an immature or unpleasant and highly scientific person - think of Sherlock or Gregory House - the idea being they are allowed to be unpleasant because they are a genius.” She goes on to explain that these entrenched stereotypes filter down throughout all aspects of work. The assumptions that men are likely to be aggressive or immature or that women are supportive and nurturing and weak are equally damaging - and, most importantly, misleading.

“I had a colleague who, very sincerely and with every attempt to protect this ‘poor feeble woman’, told me that it would be really bad for a woman to be an ethical hacker, because no one would believe her findings. Something I did not find to be supported by my later experience.” Improving diversity in cybersecurity demands that the focus be on demonstrated skills, not assumed ones, and talking to female tech leaders like Kenyon might be a good way to start.