Africa Studio -

How women can succeed in cyber security

A cyber security professional at Australia’s IAG shares her career journey and insights on how women can succeed in the field

Elaine Muir, security education and awareness manager at insurance company IAG, started her IT career in solutions marketing. But one of her managers – a female former assembler programmer – urged Muir to move into a leadership role.

That marketing manager was “the most amazing person, and very supportive”, says Muir.

Some two years later, Muir’s work morphed into the cyber security field, and she “absolutely loved it”, largely because it was even faster paced than other aspects of IT.

Training is an important part of career development, and she was fortunate in that the various companies she has worked for provided plenty of training.

But that’s not enough for someone working in cyber security, she says, adding that success requires a lot of self-sourced, self-directed training, and that “it never stops”.

If you can’t rely solely on the training provided by your employer, how do you know what you need to learn? Sometimes, the gaps in your knowledge are obvious, and you can take steps to fill them. The things you are unaware that you don’t know are another matter.

Plugging into networks of like-minded individuals who are open to sharing their knowledge is one answer. Muir joined the forerunner of the Australian Information Security Association around 2000, when it consisted of about a dozen people who would share what they had learned with each other.

“It’s not a competitive industry,” she says, instead there is a realisation that more collaboration means more success.

Similarly, much of the training provided by employers is on-the-job rather than formal, and Muir’s experience is that people in the industry are “extremely helpful” to each other.

And commercial training courses covering a wide range of cyber security topics catering for various entry and advancement points in the industry are available from a variety of providers.

A front-line cyber security worker has some days where they deal with a variety of tasks, but others – especially when an investigation calls for finding a needle in a haystack – can be monotonous, she admits.

This can be particularly true for early-career workers involved in activities such as penetration testing and vulnerability management, but those on the supplier side can also get that “two steps forward, one step back” feeling as they learn about their company’s product, its benefits, and how they align with customers’ needs. But now and again things click into place, and there’s a feeling of real progress.

So, you need persistence, but the successes in the job are very rewarding as there’s a feeling of having done something for the greater good: “Everything you do helps to beat the bad guys.”

Work to be done

It would be foolish to suggest that women in cyber security face no more challenges than their male colleagues do.

Early in her career, Muir was aware of a perception in some quarters that men were better than women in technology roles, and that “still unfortunately persists in some places and among some individuals”, she observes.

That idea seems to have taken hold in the late 80s and early 90s as PCs and client/server systems began to displace mainframes and minicomputers, and some observers attribute it to the way that boys were more likely than girls to be given a home computer by their parents. That resulted in female computing students starting their courses with – on average – less programming knowledge than their male peers.

Consequently, the lack of female representation became the norm, she says, but now people are again realising that women are just as good as men at this type of work and can be better than their male colleagues.

But “there are still these doubters out there”, says Muir, giving the example of an IAG intern who had been told by her male peers at university that her work was “not bad for a girl”.

While this sort of thinking may no longer be mainstream, that anecdote shows there is still work to be done to change such attitudes.

Employers could do more, she says, by working towards more equal representation in teams, especially in leadership positions.

People are often inclined to hire in their own likeness, which tends to manifest in a feeling that it is too risky to appoint someone ‘different’. Maybe one woman didn’t work out, but that’s no excuse for not hiring women in future, says Muir.

Furthermore, if the argument is that “no one applied” outside the dominant demographic, then what was wrong with the job advertisement that failed to attract a diverse range of applicants? And why not actively seek people with suitable qualifications or experience who would add to the team’s diversity?

After all, a heterogenous team is better placed to solve problems, Muir says, pointing out that her team of six displays diversity across age, gender, sexual orientation and culture. “You need that diversity [and experience], you need all of the above,” she says.

Another issue that disproportionally affects women is starting a family.

Perseverance, networking and support

First, there’s the seemingly inevitable question “how will you keep up with such a dynamic area while you’re on maternity leave?”

The idea that this is a problem has been “totally disproved,”, she says, pointing out that “most positive thinking organisations acknowledge and respect” the idea that male and female workers can take career breaks – whether it’s for parental leave, a sabbatical or some other reason – and be productive on their return.

Second, achieving an appropriate work-life balance can be harder in some situations than others. It helps if your manager is supportive, and if your employer has put the right structures in place, she says.

Muir says it helps that her husband also works in the IT industry, as they understand the demands of each other’s jobs.

According to Muir, success as a female cyber security professional requires at least three things: perseverance, networks and support.

Perseverance: Muir cites the slogan “you don’t have to be amazing to start, but you have to start to be amazing”. Or perhaps more prosaically, “A journey of a thousand miles begins with a single step” – and then it’s a matter of taking the next step, and the next.

Networks: Employees need to see a range of people in the various roles they might aspire to hold in 10 years or so. It’s not only new entrants that need such role models: women who have established their careers benefit from seeing others who have successfully returned from a family break. So, Muir and other women are trying to encourage their peers – just as men do – and making sure opportunities similar to those they have had are available to others.

Support: This includes finding someone who will let you vent, encourage you to keep going (perseverance, again), and help you to understand that you don’t have to put up with poor behaviour.

For women looking to enter the cyber security industry, Muir says that while meetups and other networking events are currently off the table in Australia due to Covid-19 restrictions, they are important ways of finding out what these jobs involve and what skills and characteristics are needed, and for developing the contacts and relationships that might help nurture your career.

The message is “if you want to do this, you can succeed”, says Muir.

Read more about IT careers and skills in APAC

Read more on Diversity in IT