How Can Women Advance? Let Them Fail Creating an InfoSec Environment that Offers Opportunities
How Can Women Advance? Let Them Fail
Mischel Kwon, Eugene Spafford and Chenxi Wang
Letting women make mistakes, as men are allowed to do, could help grow the female IT security workforce from its current level of less than 30 percent. That's a conclusion of a panel of IT security experts assembled by Information Security Media Group.

Learning from mistakes is a key component of innovation, a necessary ingredient in building effective IT security solutions.

"We'll have males in the field who will do stupid things, or not know information, or not be very good, and it's kind of dismissed," says panelist Eugene Spafford, a Purdue University computer science professor. " ... Sometimes they're even promoted. When it's with women, they get much harsher criticism.

"They're not given the freedom to fail occasionally, to make mistakes. As a result, it makes some of them more hesitant. They don't get promoted as often because they're not able to exert that kind of innovation, and some of them leave the field because the criticism is very harsh for doing basically what some of their male colleagues do."

The other experts participating in the roundtable discussion include Mischel Kwon, former director of the United States Computer Emergency Readiness Team, known as U.S. CERT, and Chenxi Wang, vice president of market intelligence at Intel Security. The roundtable discussion, moderated by Eric Chabrow, was produced by Megan Goldschmidt, both editors at ISMG.

Changing Workplace Culture

The panelists say the workplace culture - especially among the more technically skilled IT security practitioners - must change, and that can be accomplished through mentoring. Kwon says leaders, when mentoring, must assign women to work in areas where they can take risks. "That's one of the biggest things that makes any person much more valuable," she says, adding that taking risks enables staffers to "learn how to walk that line of innovation."

Wang says a significant cause of the problem is a culture in which many men continue to view women not as equals but as "booth babes," those attractive women who market IT security wares at trade conferences to mostly male security practitioners. Though such marketers can be found at trade shows in many industries, Wang contends it's among the worst at IT security gatherings. And, it sends the wrong message. "The culture in this industry is not too friendly to young women entering the computer science field," says Wang, who taught a decade ago at Carnegie Mellon University. "When I was at CMU, it was very uncomfortable for me to go into a meeting with a roomful of men and it hasn't changed since the time I was there."

In the roundtable discussion, the panelists also discuss:

  • Where women excel and where they don't within the IT security field;
  • How to get leaders in the field to change its culture; and
  • Why, despite a culture that can be discouraging for women, opportunities are ripe for women to enter and excel at the profession.

Spafford, a member of the Cybersecurity Hall of Fame, is executive director of Purdue's Center for Education and Research in Information Assurance and Security that takes a multidisciplinary approach to information security.

Kwon, who heads her own IT security consultancy, Mischel Kwon and Associates, served as deputy chief information security officer at the Justice Department before becoming director of U.S.-CERT, which is a Department of Homeland Security entity.

Before joining Intel Security, formerly McAfee, Wang served as vice president of research and principal analyst with Forrest Research, where she covered enterprise mobility, cloud computing security and application security.

Around the Network