A FOD-less future?

Being a woman in information security, I made my peace a long time ago with being a FOD. I first heard this when Shonda Rhimes used it at the 2015 Massachusetts’ Women conference to characterize her career where she was often The First, the Only, the Different – the “FOD”. It certainly captured my early career.

Being a FOD meant for many years, I was the only woman on the information security team, the only woman on the course or one of a handful of women in a meeting room or a conference floor. I have been lucky to work with many great male colleagues and managers who were unequivocal supporters and champions. I’ve also dealt with my share of ignorant comments, asinine assumptions and, at times, outrageous behaviour. Mostly, I ignored those incidents as I figured blowing past them was the best strategy for me. I now tell those stories about those incidents to garner a laugh and to highlight how far things have come. However, my optimism in thinking “those” days were over has been shaken.

I recently finished a Masters in my field and was stunned when classmates in one course discussed how lucky they were to not work with women; they were just too emotional. It continued with the latest survey from ISC2 showing the disheartening fact that women continue to avoid my field (we held steady at only eleven percent of global InfoSec professionals being female – the same number as in 2013). The added injury? The surveyed female information security professionals were paid less than men at every level and half of those women experienced discrimination at work. It screamed from a newsstand with The Atlantic’s April cover asking, “Why is Silicon Valley so awful to women?”. It was an uncomfortable truth in a "so funny it hurts" New Yorker cartoon that asked, “I’ll do what everyone does – sell this startup just before we have to hire a female employee”. It loomed large in a firsthand account of a female software engineer's tenure at Ub?r.

Information security is facing a crippling shortage of qualified professionals with some estimates seeing the shortfall being 1.5 million by 2019. We can’t afford to ignore any group that could fill this gap. We need to overcome the barriers keeping so many women from entering our field if we ever want to tap a huge and relatively untouched talent pool. I would suggest we...

get aware. Look at your team and your hiring practices for any inherent bias. If you notice you’re only hiring men, ask why and resolve to recruit differently. Look at your team’s salaries and make it right if you’re paying your women less. Ensure everyone has a turn at taking minutes or handing out cake at your meetings – make sure you’re not falling prey to “…but she’s good at taking notes” or “she always does such a nice job with the cake.”

get excited. When I supervised CISSP exams, I loved signing in female candidates. I would tell them how great it was for me to see a woman in writing the exam and wished them luck (the same luck I wished the male candidates by the way). Look for those opportunities and acknowledge them. More women will stick with the field if they don’t feel so alone.

get visible. I was lucky enough to hear Lizz Winstead (she was one of the co-creators of the Daily Show) address a women’s conference in March. She told the audience, that just by being you, you let girls and young women know and see the possibilities. I took that to heart. I’ve resolved to get more involved both at work and across the field. My hope being the more women practitioners are seen, the more women will consider information security as a career.

I love what I do and think information security is an amazing field for anyone with the interest, the aptitude and the desire to continuously learn and grow. I’d be interested in hearing your suggestions on how information security can continue to diversify and deliver on the promise of a truly FOD-less future for everyone.