Diversity in Cybersecurity is a topic which, very often, seems to be neglected. Especially in light of the current talent shortage, our industry is well advised to change this fundamentally. Which is why we’re especially thrilled to have had the chance to interview Vandana Verma, whose initiative Infosec Girls aims to promote women in their careers in cybersecurity.
Cybersecurity Magazin: What was the motivation for setting up this community – could you single out a specific event or was that something you felt needed more support for a long time?
Vandana Verma: We started InfosecGirls with the idea of giving a safe space to women where they can start getting interested in the information security field, kick start their infosec career and be comfortable to integrate with the large infosec communities. The motivation behind setting up this community was bringing women to lead from the forefront and provide them a platform to explore and showcase their mettle in the field of Cybersecurity. There is an age old myth revolving that women can’t make a difference in the workplace whereas it has always been women bringing about the change in mindsets of mankind right from the mythological era. To burst the so-called myth with all the grace and glory was the intent and foremost motivation behind setting up this community.
Cybersecurity Magazine: The IT industry in general is not particularly known for its diversity – why focus on Information Security?
Vandana Verma: First,there exists a lot of diversity in IT although it has not been brought to book enough and has not received it’s due. Second,there can be no IT without the internet because all the data raw or processed cannot be used or churned without the same because data is the new oil. Hence protection of the internet should be the prima facie of all the businesses before anything else,hence safeguarding the same is what makes Information Security very important for one and all. To bring a change in the mindset of mankind by imbibing a Security acumen is the reason behind focusing on Information Security.
Cybersecurity Magazine: What can companies do to ensure more diversity in the IT industry?
Vandana Verma: To ensure more diversity in the IT industry organisations should handpick candidates with diverse backgrounds and acumen so that there can be enough business ideas and innovations, flourishing in the organisation thereby contributing to its diversified growth.
As a Hiring manager below are the things I seek from the candidates or a hiring manager can look for in a candidate
- We should actively seek out people, lot of amazing people are hesitant to accept their capabilities
- We should look out for people who have diverse educational backgrounds and skilled enough to be in the organisation. we need to apply diverse background into consideration
- We don’t need to lower our criteria for an interview, grill people the same way as someone might write 6 months exp and say I am excellent. The other person might say that I have the same experience but I am average.
- Extroverts would have higher chances of getting jobs, however Introverts might be equally skilled enough but unable to express like extroverts
Company leaders might feel like hiring a diverse workforce is impossible. But every hiring manager can make an effort to hire and retain the most diverse workforce possible for the company.
We should look for inquisitive minds for a Security acumen and make sure we preach about the benefits of being in the Security business enough to people so that they also are interested in making a career in the same.
Cybersecurity Magazine: In Germany, there is a discussion about enforcing a quota for women in leadership positions – will regulations like these help create a more diverse industry or possibly even hinder diversity?
Vandana Verma: I am not going to say anything on the regulatory systems but One of the reasons, people don’t put effort into having diverse teams because not having diversity in a team doesn’t impact it at a level which could hamper performance immediately, but it helps in getting better results.
One of the arguments/points at certain places that I hear often is we are a merit based system, whosoever falls under merit, we will hire them because they have already proven themselves. But this is more like hiding from addressing the issue. Merit is good, people have put in a lot of effort and now they got the opportunity. But If we only give them the opportunity, we are only at a skill shortage. Only having the merit based system is leading to skill shortage. The people who are new and want to part, they are not getting opportunities to prove themselves. I understand and advocate for a merit based system always. Even the keynote I have been asked to do today is based on my experience or work and effort that I put in for the community
One of the areas I work in and I like to keep myself busy is getting new people from various backgrounds to start in infosec and get comfortable in the community to learn and participate in all the forums. Merit is good but it’s restraining Diversity. First people need to start equality.
Cybersecurity Magazine: What can we as a society do to ensure more diversity in the infosec industry – should information security (not only for diversity reasons, but also in general) be taught in schools and colleges by default?
Vandana Verma: I would definitely second that the disparity traces its roots back to school.I have often heard people preaching that “Tech is for men and kitchen is for women”. On the contrary I have witnessed some unparalleled men in the baking business and women in the tech space. It has nothing to do with gender. It is not just women in particular but everyone in general who needs to be enlightened. Not much has been done about educating students about cybersecurity. I believe there has to be a separate program for bringing up cybersecurity awareness amongst the kids. The pros and cons of cyberspace needs to be assimilated deep down into their roots right from the start. This is how we can make a change and our nation cybersafe. One more approach other than the awareness programs would be giving them exposure to unmediated scenarios in the form of game or challenges. This will catch their attention and make them brainstorm about the importance of security of their device and their data. This is how they would use their gadgets in a safe manner.
Cybersecurity Magazine: The infosec industry globally is male dominated – but there are obviously differences for every country. Does one country or region serve as a role model for other countries/regions? Which cultural differences across the regions make it harder (or easier) to ensure diversity in the long run?
Vandana Verma: We all know that the Women are underrepresented in the IT sector. In IT, a certain number of engineers graduate a year but there are only a few of them, and the number of women who join information security is even less. Now if I talk about India, as per one of the research, there are only 10% of women in IT. Now out of this 10%, we will find 0.5% in InfoSec that’s how the stats are more or less. The ratio in the security team is really dim and this is widely recognised.
On top of it, There are cultural differences around the world and these differences do influence the field. At the same time, balancing the family with kids, family taking out time for a meet could be a bit tricky. We as Women always want to be 10 on 10. Everything is well at home, husband to be in the best space, child to have the best life which leaves very little space for ourselves to think about our own aspirations. Weekdays are hectic and weekends are even more hectic to think about anything else other than family.
To talk about role models, the field lacks the Female Role Models. How many Infosec Women Champions are there especially when we talk about India. Only a handful of them. Role models do help in shaping up career, it doesn’t depend upon country or region or any geography.
Cybersecurity Magazine: What are your objectives for infosecgirls and what do you wish for pertaining to the future of infosecgirls?
Vandana Verma: It is a community which is always working hard to support, encourage and help infosec enthusiasts in all the possible ways. The core aim of Infosec Girls is to encourage women professionals and students to participate and stay in the field of Information Security.
We started infosecGirls with the idea of giving a safe space to women where they can start getting interested in the information security field, kick start their infosec career and be comfortable to integrate with the large infosec communities. We want to make sure the community is Sustainable for the next 10 years.
We have More Chapters around the world
❖Host free conferences for the community
❖Encourage participation of candidates from unsung areas
❖Focus on educating underrepresented category
We are here to lead and stay.