RSA Conference 2022. PHOTO: Cybercrime Magazine.

Diversity Advice From RSA Conference’s Equality Lounge

Visible representation has helped Deloitte Cyber build a cyber culture that women feel “has their back”

David Braue

Melbourne, Australia – Jul. 8, 2022

Stephanie Salih may have majored in engineering at the University of Florida, but it didn’t take long before she realized that her social personality meant that she was keen to do more business-oriented work — so when a friend told her about an opening in network security at business consultancy Deloitte, she didn’t hesitate.

That was back in 2004 — and even now, 18 years later, Salih is still with Deloitte, where she works as director of Global Cyber after a career path that has wended its way through the global consulting giant’s Cyber Risk Services, Office of Confidentiality and Privacy, and now Cyber Risk Services.

Early days in network security, as it was known then, were highly technical but Salih recalls finding a theme that resonated when the organization was partnering with a government agency that dealt with cases of identity theft.

“I got to read some of the letters that were sent into that agency about getting their identity stolen,” Salih told Cybercrime Magazine on the floor of this year’s RSA Conference, where she and several colleagues had joined the Deloitte-sponsored Equality Lounge to catch up with peers and fly the flag for Deloitte’s global Women in Cyber awareness campaign.

Cybercrime Radio: Women In Cyber

Stephanie Salih, Deloitte Cyber

“For me, that changed it from being a technical security and compliance type of job to a role that was actually protecting somebody from getting their data stolen [and] having harm done to them.”

“And I always try to keep that in mind as I’m working with clients — about how this is going to help both individuals [and] society.”

As one of several hosts at Deloitte’s RSA lounge, Salih had the chance to meet with many women who were exploring their interests in cyber, sitting with them to explain the many leadership opportunities the sector provides for technical and non-technical women alike.

Engaging with tomorrow’s cybersecurity leaders is a big part of the ethos at Deloitte, she said, where the organization is committed to “making sure that we take time to coach young women at the beginning of their careers, and giving them opportunities to lead certain aspects” of their roles — including client engagements, company investments in cyber, or myriad other opportunities.

“We’re giving them the ability to be creative, but also to own a good part of the work and interactions with the client,” Salih said, “and challenging them to take on more.”

Closing the gap, one woman at a time

Active engagement with women has become a top priority for Deloitte as the skills-based company works to expand its global footprint and stares down the implications of the ongoing global shortfall in cybersecurity staff.

With demand increasing faster than supply, the number of unfilled cybersecurity jobs has exploded in recent years — from one million in 2013 to 3.5 million last year, according to Cybersecurity Ventures.

Despite making big strides to expand their profile in cybersecurity and industry — there are dozens of women-in-cyber associations, hundreds of women-owned cybersecurity firms and thousands of high-profile cyber specialists active on Twitter — women still held just 25 percent of cybersecurity jobs and just 17 percent of Fortune 500 CISO positions in 2021.

Improving the industry’s gender equality is therefore a logical way of closing the gap — and providing ample opportunities for both sponsorship and mentorship, noted Deloitte partner Christine Cederberg, is crucial to building on the “far too slow” progress to date.

Cybercrime Radio: Women In Cyber

Christine Cederberg, Deloitte Cyber

Whereas a mentor is someone to help guide women in their career and point them in directions that align with their goals, Cederberg said, sponsors are “where you have a more senior female leader who has a more junior person under their wing, and is the voice for that person when they’re not in the room.”

“It’s really someone that will help to ensure that doors are being opened for me, and that I’m being given opportunities that I maybe don’t even know exist.”

That guidance and support can make all the difference for someone like Cederberg, who professes a lifelong technical interest. “I was super interested in taking apart our television and anything electronic that broke,” she said.

“Women, men, girls, boys are equally interested [in technical subjects],” she said, “but unfortunately, girls have not been exposed to the same degree in school.”

That translated into heavily skewed gender ratios in the workplace — Cederberg recalls being one of just four women in her university’s electrical engineering program “and that did not change when I started my first job.”

“It’s not until more recently that we’re seeing that gender parity go up,” she said, “but we’re not there yet. It is ticking upwards, far too slowly.”

Setting the example

Ultimately, Deloitte’s engagement with its own cybersecurity leaders — and its partnerships with inclusion-focused organizations like The Female Quotient Alliance — are enriching the company’s culture and setting an example for other companies that are keen to bolster their ranks by improving their engagement with women.

The key, Cyber Risk Services partner with Deloitte Canada Megan Brister said, is ensuring that the organization has a clear, visible and ongoing commitment to the representation of women in cyber-related roles.

“Representation has a huge impact on making sure that women see themselves in roles in cyber,” Brister said, noting that when she started her career 20 years ago she was the only woman in her IT leadership team and one of three women in her office.

Cybercrime Radio: Women In Cyber

Megan Brister, Deloitte Cyber

Since then, women’s growing visibility has dramatically changed those dynamics. Women “have not only joined cyber,” she explained, “but they’ve sustained power in cyber. And I think that representation has really shifted over the last 20 years.”

That shift in representation was evident from the RSA floor, where the Equality Lounge hosted a steady stream of women cybersecurity leaders, panel sessions, career retrospectives, case studies, and more.

By showcasing women cybersecurity leaders to highlight what’s possible in a diversity-focused organization like Deloitte, Brister said, diversity advocates will be able to move the needle increasingly quickly as they work towards a culture of equality.

“What I love about Deloitte is that we have a really great cohort of female cyber leaders,” she explained, “but also more broadly, female leaders in technology.”

“This is a cohort I really rely on to be inspired, to bounce questions off of, to work through problems with. And that crew of female leaders is available to our most junior people as well as our most senior.”

“Being part of that crew, and looking out for each other, has been a really big part of women being able to grow up through the firm and feel that support — and feel like someone has their back.”

David Braue is an award-winning technology writer based in Melbourne, Australia.

Go here to read all of David’s Cybercrime Magazine articles.