WiCyS founder Ambareen Siraj. PHOTO: Cybercrime Magazine.

Ambareen Siraj Works to Bring More Women into Cybersecurity

WiCyS founder on moving the industry beyond 20 percent

Wade Millward

Oakland, Calif. — May 30, 2020

The lack of women and diversity in cybersecurity is well documented enough, but we can celebrate the growing number of efforts to make the industry more inclusive.

One of the people on the frontlines of bringing more women into cybersecurity through conferences, training and career opportunities is Ambareen Siraj, founder of Women in Cybersecurity, or WiCyS (that’s pronounced “we, sis”).

Siraj recently talked to Cybercrime Magazine about starting her organization as a grant-funded initiative in 2013 and growing WiCyS into a nonprofit with more than 6,000 members.

Cybercrime Radio: Ambareen Siraj, founder of WiCyS

How it all started, role models and resources

In addition to running the organization — which became a nonprofit in 2018 — Siraj is also a professor in the computer science department of Tennessee Tech in Cookeville, Tenn.

It wasn’t long into her academic career until Siraj saw the need for an organization like WiCyS. She was among the few female graduate students in the information assurance program at Mississippi State University in the 2000s and remains among a narrow group of female cybersecurity academics. WiCyS began with a National Science Foundation grant that totaled $294,000 by 2018.

“I just wanted to do something to show someone like me that there are many others like me,” Siraj told Cybercrime Magazine. “There are wonderful role models to learn from. There are resources to take advantage of.”

Signs of progress abound in the industry in the time that WiCyS and other initiatives have sought to bring more women into cybersecurity. By 2014, women made up about 50 percent of MSU’s cybersecurity program enrollment. And the annual WiCyS conference brings in more than 1,500 attendees, including students, recruiters, veterans and active military.

Cybersecurity Ventures puts women at about 20 percent of the cybersecurity workforce by the end of 2019 — with the actual numbers of women in cybersecurity varying from source to source depending on one’s definition of “a cybersecurity job.”

With COVID-19, WiCyS has moved to offer virtual meetups for members. It has a job board with access to 1,500 resumes, a speakers network and a mentors network. It’s formed about 100 student chapters nationwide. It offers strategic partnership plans that range in cost from $15,000 to $50,000. And it counts among its founding partners Facebook, Cisco and Palo Alto Networks.

New voices in cybersecurity come with operational benefits, experts say. Women historically score highly when it comes to social intelligence and emotional intelligence, according to Lekshmi Nair, a senior managing consultant and a route-to-market leader for IBM Security.

“When we have more women in a group, the intelligence of the group increases,” Nair told CISO MAG in March. “And it’s not a case of women are better than men; it just signifies and signals that when men and women come together and work together, there are better outcomes.”

Homogeneity in cybersecurity is itself a security risk, Ann Johnson, corporate vice president of Microsoft’s Cybersecurity Solutions Group, wrote for Cybercrime Magazine in December. When a security team thinks the same, they may miss strategies, viewpoints and creative thinking to prepare for and tackle problems.

“The issue isn’t just about filling headcount,” Johnson said. “We must remember that cybersecurity is people: the cyber defenders, the people who create the technology, and the people the technology protects.”

Some solutions she prescribes are training people to move into the field from outside industries, working with hackathons for all grade levels and better employee support to avoid burnout.

Nir Kshetri, a professor in the management department of University of North Carolina at Greensboro, wrote earlier this year that companies and organizations can better recruit from universities that have majority female student populations and write online job postings to have more inclusive, gender-neutral language.

Kshetri argues that women in cybersecurity is a business imperative. Female leaders tend to prioritize important areas that males often overlook, which he credits to the 45 percent of women in information security fields who have degrees in business and social sciences. By comparison, 30 percent of men hold those degrees, he wrote.

He highlights partnerships like Microsoft India and the Data Security Council of India launching the Cyber Shikshaa program to improve the talent pool.

Josephine Wolff, an assistant professor of cybersecurity policy at Tufts University near Medford, Mass., wrote an article in March about ways to recruit more women into the field. She argued that the language and marketing for cybersecurity jobs seems focused on men. She recommends supporting competitions and scholarships for women, fair and equitable compensation for women and involving women in the recruitment process.

The industry has room to grow when it comes to mentorships, an important part of developing employees for leadership positions. Seven percent of women in cybersecurity have been mentored by another woman, according to a SANS Institute survey reported in March. About 40 percent were mentored by both men and women and 31 percent by men alone. A quarter of women in the field have never benefited from mentorship.

Diverse voices are needed to ensure fair writing of algorithms in emerging technologies such as augmented and mixed reality, brain-computer interfaces and 5G communication infrastructure, said Kavya Pearlman, founder and CEO of XR Safety Initiative, to CISO MAG.

These technologies will continue to become a part of everyday life, growing the need for more and more cybersecurity professionals, whether they know how to code or work in the industry in other roles. This is why we cannot afford to exclude potential workers, Siraj said.

“There will always be people that will try to abuse the technology,” she said. “We need more people in cyber, period.”

Wade Millward is a freelance journalist covering education technology nationwide.