By Rebecca Herold, CEO, Privacy Professor®
How do we get more women involved in STEM careers, information security and tech?
I took on this topic when I attended the ISACA EuroCACS conference in Copenhagen, Denmark earlier this month and gave two sessions. One was “Women in IT, Information Security & Privacy.” When researching for this session I found some interesting history, along with some of the current state of inclusion of women within various IT, information security and privacy events. Let’s dive in:
A brief history of women in STEM
As I mentioned in my earlier post, Overlooked Women in Tech Innovation History, in the late 1890’s, 58 percent of science, technology, engineering and math (STEM) students were female. So what happened over the years to the number of women taking STEM classes, and being in STEM careers? I did some quick checks to see if I could find research studies looking into this. What I found at first blush was intriguing.
- In the mid-1980s, women represented 37 percent of computer science graduates. But when personal computers were starting to gain popularity throughout the 1980s, they were marketed primarily toward boys, beginning the “bro-grammer culture.” Theories are that families were then much more likely to buy computers for boys, and not girls, “even when the girls were really interested in computers.”
- The research also states that in the 1990s, many women seemed to lose confidence that they could succeed in a field where all the early dot-commers were male graduates of prestigious universities, and where generally all those who founded the companies were men. The premise is that the lack of women tech company founders made it seem like women were not cut out to lead tech companies.
- Between 2000 and 2008 there was a 79 percent decline in women majoring in Computer Science.
- Correlating to this was that the numbers of women studying computer science continued to shrink by almost one-half from a high in the mid-1980s to just 18 percent in 2015.
- Another theory is that women encountered subtle discrimination that caused them to avoid going into the STEM fields. An example of this is the observation in one study that teachers at schools reward female students for the appearance of their work not its content.
- Computerworld reported that 52 percent of women dropped out of technology fields in mid-career in what was described as a “fight or flight” response to permeating “machismo” in the work environment, and due to 63 percent of women in STEM experiencing *** harassment.
- These hypotheses seem to be supported for computer programming (now more commonly referenced as coding) by a late 2014 National Science Foundation research results graph, shown in Figure 2. This same report also points to the rise of PCs correlating to the decline of women generally in STEM, and particularly in computer science.
- In 2015 ISC2 took a poll of nearly 14,000 information security professionals in developed countries. They found that only 10 percent were women. That is down from 11 percent when they did the poll two years earlier.
These few findings are intriguing and motivate me to do more research into this topic in the coming months.
Tiny fraction of speakers and forum experts are women
I speak at a lot of events. I’ve been invited to speak as a keynote, and for additional sessions, all over the world in not only the U.S., but also in Bogota, Colombia; Singapore; Melbourne, Australia: Ireland, and most recently Copenhagen at the beginning of this month, just to name a few.
In January of this year I received an invitation to deliver a keynote about my Internet of Things (IoT) security and privacy research at an IT conference in the summer. I accepted the invitation, but I did not hear from the conference coordinator again for several months, so I got back in touch with her. She told me, “Oh yes, that. We decided that a man would be a bigger draw than a woman. Men are just considered to be more knowledgeable, and to be the experts, than women for that topic. Nothing personal. We may be able to use you for another conference, though, in some way.” Hmm. Well, no you won’t. I’m not going to attend your upcoming conferences. Nothing personal.
A few days before my session in Copenhagen earlier this month I did a quick online search for “information security,” “conference,” and “speakers” to see how many of the top four returned searches included women. Here were the results for the conferences:
- Cyber Security Summit 2015: 1 out of the 26 speakers is female
- RSA Conference Abu Dhabi 2015: 4 of the 58 speakers are female
- 2015 Chief Information Security Officer (CISO) Leadership Forum: 1 of the 14 “top executives” is female
And the next one returned for the search was actually for an online forum:
- Data Security Experts Reveal the Biggest Mistakes Companies Make with Data & Information Security: 1 of the 30 experts they asked to contribute to this article is female.
So, the tally results in 7 of 128, or 5 percent, of the speakers/experts were women.
- We need more conferences to invite women to be speakers. There are many women in tech who are outstanding in their professions. They have much valuable information to share.
- We need more women to submit proposals to be speakers. I know many don’t because they’ve been rejected so many times that they feel it will just be a waste of time to keep writing proposals that will get rejected any way. I personally no longer submit proposals for certain conferences specifically because of that. But, I really do need to submit anyway. And so do more women.
- We need to start highlighting the percentages of speakers at all STEM conferences to highlight imbalances in gender representation where they exist. Sooner (hopefully) or later conferences will change after they’ve consistently been reported to be so far out of gender balance.
- We need more online forums to recognize more of the many women who are exceptional in their professions and ask them for their opinions to add to the predominantly male views.
- We need BOTH men and women to purposefully include women in events and forums whenever an opportunity arises.
A small fraction of IT writers are women
I’ve had 17 books published so far, and several of them have been published by CRC Press / Taylor & Francis. I checked with my publisher there, Rich O’Hanley, and he indicated that for 2013 and 2014, 10 percent of the IT books they published had women as the sole or the primary author, and that it was also the same percentage for business and management books: 10 percent each year. Some women, me and a handful of others, were repeat authors; we each have written more than one book. Rich indicated, “It’s not that we reject proposals submitted by women, but that we don’t receive proposals from women.”
Women, we need more of you to write. Writing is a powerful way to demonstrate your capabilities, strengths, and expertise. Writing also shows that women are just as capable and possess as much expertise as their male counterparts who are doing 90 percent of the writing.
Comments from conference session attendees
I covered the following topics in my Copenhagen “Women in IT, Information Security & Privacy” session:
- Dealing with various types of challenges throughout your career: things I’ve learned.
- Know the many types of opportunities that exist, and are emerging, within the IT, information security and privacy career space…it’s not just about laws!
- Know the steps to succeed in a IT, information security and privacy profession
- Answer, “Is it too late for me?” Can you make the move into new areas of IT, information security and privacy after being in the workforce for 20+ years?
- Gaining experience and knowledge in ways other than going back to school; volunteer opportunities lead to professional growth
- Know how to get it right from the start – what courses should you be taking at the university level to prepare yourself for an IT, information security and/or privacy career?
- Why mentors can be great or not great: knowing when to use mentors, and finding the mentor that is right for you.
- Learn by example by hearing about some successful women in the IT, information security and privacy space and what they do
I was happy to see several men in my session. I received some interesting comments, during my session as well as after the session. Here are four that stood out for me:
- A man in the audience during the session: “I am surprised, and enlightened by this information! I had no idea about many of these issues. This session should have been advertised as required attendance for men! I don’t think most realize many of these challenges that women face.”
- One woman in the audience during the session said, “But what can I do to make changes right away? Why should I continue trying? I am the only woman on my information security team, I work longer hours, and I have done more volunteering (one of the actions I suggested) than any of the rest of them, and I have provided contributions recognized as very valuable. But I have not gotten raises or promotions while all the other team members have. Why should I keep trying?”
- Another man asked, “Help us men understand, then. What would you say are strengths that women have for tech work that men should know about?”
My answer to him, “I don’t think there are any types of STEM professions or activities better suited to women than men; in the same way that there are no STEM positions or activities for which men are better suited. What an individual can do best depends upon his or her own personal strengths, capabilities and drive. Men, and women, need to recognize that individuals each have their own strengths. Women and men equally have the same strengths and weaknesses for working in STEM careers. What everyone needs to understand is that each person must be considered for his or her own unique capabilities and strengths, and that consideration should not be impacted by opinions of what men or women are, or are not, capable of doing.”
- From a woman who attended and came up to me after the session, “I joined a long-established engineering organization as the only woman in the IT area. All the others, men who were all 10 years and more older than I, had worked there a long time, were clearly friends, and they often went out golfing together, and having lunch together. I was never included, but I just thought it was because they were all such longtime friends. And then I started seeing that business decisions were being made outside of the business environment; when they were golfing and socializing. And then one of those business decisions involved an idea that the group said they had been considering for a long time, but was actually an idea I had proposed and described at a recent IT meeting. I received no recognition for my contribution. It is hard to find success, or even recognition, in what they refer to themselves as the ‘old boys’ club’.”
Changes are needed, recognizing there is no simple answer
There is a lot of discussion online, at meetings and conferences about how to get more women involved in STEM careers in general, and in information security and tech in particular. Looking at the history of women in STEM, and also the current inclusion or exclusion of women in conferences and online forums, helps to highlight actions that can be taken now for women currently in colleges and workplaces. We also need to provide the same opportunities to girls from the youngest ages, both at home and in schools and clubs.
Making just one change will not make an impact. But making many changes throughout the entire stages of life and professional careers will start making noticeable changes. It is time to do so.
Additional Resources and more information:
This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.