Finding a voice as a woman in cyber security

Article by Charity Wright, Cyber Threat Intelligence Advisor at IntSights

cyber securityWorking as a woman in any industry, including the cyber security industry can be incredibly challenging.  We frequently need to prove that our intelligence and knowledge is valid to be respected and have our voices heard. 

Strong and resilient women before us have ensured future generations have the ability to overcome discriminatory obstacles, but a history of patriarchal rule means that we still have a long way to go in ensuring an equal and fair workplace, without gender discrimination. For instance, The Pipeline’s Women Count 2020 report shows that out of the FTSE top 350 companies, only 14 are led by women, and 15 percent of companies have no female executives at all.

The cyber security industry also shows a larger gender gap. The NCSC and KPMG UK recently published their first annual Decrypting Diversity report which highlighted that there was “a lack of inclusivity across gender, sexual orientation, social mobility and ethnicity” within the industry, and female representation in UK cyber security companies is only 31 percent. Both reports highlight a need for more inclusivity and female representation in both the cyber community and in organisations in general. Without equality in the workplace, we cannot expect future generations to join an industry where the facts and figures suggest they do not have a place there.

There are, however, many women who have made a name for themselves and have succeeded in what is a predominantly male run industry. Cyber security offers a range of exciting opportunities, and every day is different which brings a personal diversity to a working day. There are many ways in which women can get into cyber security and become engaged in all that it has to offer.

Hungry to learn?

There are two predominant routes into the cybersecurity industry: the military and university.  However, they are not the only pathways. Many industries require the same skill sets that cyber security also requires. From law, to data analysts, and even business risk jobs, the skills used in jobs such as these are easily transferable to cyber security. If there is curiosity, a willingness to learn and the hunger to understand technology and how it is used in our world today, then the components needed to succeed within this industry are already there.

Skills and qualifications

With that said, cyber security recruiters will always be looking for a set of qualifications when considering hiring someone. While having the personal behaviours and attributes to work in cyber is important, so are qualifications because it shows a willingness to put in the work to learn and improve. For example, a degree in International Studies or in International Relations creates an understanding of the global issues affecting society today as well as establishing a better understanding of different nations and cultures. This aids a career in cyber security because this knowledge helps apprehend a nation’s, or a cyber attacker’s motives and possibly their behaviours according to differences in culture, ideology, and long-term goals.

Certifications also show that candidates are willing to put in the hard work to learn important skills. Security+ is an excellent starting point because it provides the foundational skills needed to pursue a career in security; from threat intelligence, to cryptography, vulnerability management and even physical security, there are numerous paths that can be taken in order to progress in the cyber security industry. Many people that are exploring cyber security as a career use the Security+ certification to help discover which area appeals to them the most.

Mentoring - how to know who is the right mentor for you?

Finding a mentor is also an important step to creating a successful career in cyber security. Reading thought leadership pieces or looking at research from seasoned cyber professionals is a great, free way to learn, and the information out there is unlimited. It’s also worth connecting with these individuals on LinkedIn and expressing an interest in the work they do by asking them questions.  Mentors usually look for individuals who already know the direction they would like to take in their career and who are taking proactive steps to start their journey in cyber by taking classes and learning about the industry. This demonstrates an eagerness to learn and progress so potential mentors are more likely to invest their time.

Once you find a job, find a female mentor within the company. Shadowing is a good way of finding out how females in a company work within the industry and within their space. Often, women find it difficult to speak up in a meeting or express how they are feeling about a certain topic or action at work, so it is important to ask a female mentor how they do it, or simply ask to observe a meeting where women are attending and contributing. For example, how do they go into a meeting room full of men and express their ideas and input? Where do the women sit at the table? Do they allow men to talk over them and interrupt them or do they respectfully insist on being heard?  Learn by shadowing a female mentor who demonstrates courage and strength and manages to assert herself in scenarios such as these.

Looking into the future…

There will be challenges in any working environment and career, but gender should never be one of them. With a drive and passion for wanting to get into cyber security, taking the steps to begin a career in the industry is straightforward. Whether learning from a mentor, from a qualification, or from a certification (or ideally all three), the power to succeed is there. With more women feeling able to enter a career in the cyber security industry, we should expect future diversity reports to show more equal figures and, hopefully, a rise in female leadership roles.

Charity WrightAbout the author

Charity Wright is a Cyber Threat Intelligence Analyst at threat intelligence company, IntSights.  She has over 15 years' experience at US Army and the National Security Agency, where she translated Mandarin Chinese. Wright now focuses her attention on dark web cyberthreat intelligence. She enjoys the dynamic threat environment of cybercriminal communication and networks and thrives on providing relevant, timely intel to her customers at IntSights.

Charity Wright featured

Inspirational Woman: Charity Wright | Cyber Threat Intelligence Analyst, IntSights

Charity WrightCharity Wright is a Cyber Threat Intelligence Analyst at threat intelligence company, IntSights.  She has over 15 years' experience at US Army and the National Security Agency, where she translated Mandarin Chinese.

Wright now focuses her attention on dark web cyberthreat intelligence. She enjoys the dynamic threat environment of cybercriminal communication and networks and thrives on providing relevant, timely intel to her customers at IntSights.

Tell us a bit about yourself, background and your current role

My career started in the US Army in 2005, when I enlisted as a Chinese Linguist. I was assigned to the National Security Agency for four years where I collected and translated foreign intelligence and earned a degree in Mandarin Chinese. In 2015, I decided to go into cybersecurity as a Cyber Threat Intelligence Analyst. I have worked for a variety of companies in the private sector, including a secure cloud hosting MSSP for a global hotel chain, a “big four” accounting firm, and currently, for IntSights Cyber Intelligence, a vendor of intelligence services.

In my current role, I serve as a cyber threat researcher and advisor to our customers on their cyber threat intelligence (CTI) programs. I mostly enjoy collecting intelligence from illicit criminal underground forums (the dark web) on how hackers conduct their operations and who they are targeting. I also consult with major news outlets around the world on strategic, state-sponsored threat groups and their tactics, tools, and procedures.

Did you ever sit down and plan your career?

I learned early in my military career that career development is a personal responsibility. Advocating for yourself and setting goals are essential, and it is something I still practice. I strongly believe that everyone has talents, gifts, and skills that are valuable, but it is equally important to find a career that you love and are good at. I planned on having a successful 20-year Army career and when that was no longer possible because of physical injuries, I had to pivot to a new career where I could use my skills and experience. I found cybersecurity through LinkedIn and the military veteran community, and I am so glad I did! I still get to serve people and companies by helping inform them of cyber risks and threats, and every day is a new adventure or puzzle to solve.

I strongly believe that we are all presented with opportunities every day that can either open up our careers to success or can stifle our dreams. I made up my mind a long time ago that if a good opportunity presents itself, I will not say ‘no’ due to fear or imposter syndrome. Instead, I say ‘yes,’ and then I figure it out along the way. I don’t always know where I want to end up in five or ten years’ time, but I know I don’t want to be limited from reaching my potential—and that is why I say yes and walk through those open doors. Each opportunity and challenge I face provides me with new skills and perspectives on what I am capable of.

Have you faced any career challenges along the way and how did you overcome these?

I have faced many challenges in my career. The biggest one was surviving sexual assault in the military. I had many dreams and goals for my Army career, but they were all put on hold when the incident happened. I had to step back from my leadership roles and extra responsibilities to focus on my mental and physical health. My command (my bosses in the Army) did not understand why I could not handle both my wellness and the wellbeing of seven other soldiers and were not as supportive as I hoped they would be. This was devastating for me as I saw my career goals crumbling. I decided it was time for me to leave the Army and move on to the civilian sector. I used that situation to be a better leader than those I had in that command. I developed empathy for victims and survivors of sexual assault and harassment and feel that I am a better leader now because of the experience. I am resilient, can share my survivor story, and I ended up finding a more fulfilling career in the private sector!

What has been your biggest career achievement to date?

Conquering my fear of speaking in public. I was invited by my friend, Rob Lee to speak at the SANS CTI Summit in Arlington, Virginia in early 2018. They assigned me to a mentor, Rick Holland, and he helped me with the finishing touches to my presentation. I went up to speak, faced my fear and left all of my insecurities on the stage. After that, I started receiving requests to speak at other conferences, podcasts, and on TV, and now I am a natural!

What one thing do you believe has been a major factor in you achieving success?

Networking. I use LinkedIn, Twitter, local cybersecurity meetups, and conferences to meet new people and introduce colleagues to each other. When you help other people in their careers, people will want to help you too! My network has helped me find great opportunities in my career.

What top tips would you give to an individual who is trying to excel in their career in technology?

Learn from those around you. Ask your co-workers if you can ‘shoulder surf’ or shadow them for an hour or a day and ask them questions about what they are doing. You would be amazed at what you can learn from people - a free source!

Do you believe there are still barriers for success for women working in tech, if so, how can these barriers be overcome?

Yes, there are still barriers to success for women in technology. It is very apparent in the US today that there are still barriers for people because of their skin colour too, so that means there are significantly more challenges for women of colour. Most women I know still face issues in the workplace with men shutting them out of meetings, stealing credit for their work, and keeping them from being promoted. My suggestion to women who are dealing with these challenges are:

  1. Speak up when you recognise discrimination. Do not play it off as a joke, because no one will then understand the seriousness of the offense.
  2. Be bold and courageous and ask for the raise or promotion you deserve.
  3. Say yes to good opportunities, even if you are afraid.
  4. What do you think companies can do to support to progress the careers of women working in technology?
  5. Ask them for feedback on their experience at your company. Inquire about sexual discrimination, harassment, or assault experiences.
  6. Assure them that they are valuable to the company and contribute in a unique way.
  7. Pay them what they are worth (are you paying her male counterpart more even though their experience, skills, and education is the same? Why?)
  8. There is currently only 17% of women working in tech, if you could wave a magic wand, what is the one thing you would do to accelerate the pace of change for women in the industry?

Put more women in management, C-Suite, and board positions.

What resources do you recommend for women working in tech?

WeAreTechWomen has a back catalogue of thousands of Inspirational Woman interviews, including Professor Sue Black OBE, Debbie Forster MBE, Jacqueline de Rojas CBE, Dr Anne-Marie Imafidon MBE and many more. You can read about all our amazing women here