- Security TWENTY
- Women in Security
Author Jane Frankland
Review date 16/01/2019
No of pages 348
Publisher Rethink Press
Publisher URL http://www.rethinkpress.com/
Year of publication 02/11/2017
The UK private security industry regulator the Security Industry Authority (SIA) seeks to raise the number of women in the sector, to reflect wider society and because some roles - think for example searching women on entry to a pub and club, or at an airport - are not only better done by women than men, but may be simply unethical for men to carry out. From the tech sector, come calls for more women to become programmers, to do coding, by taking up (and keeping up) STEM (Science, Technology, Engineering and Mathematics) subjects at school and university. It may come as no surprise, then, that Jane Frankland makes a call for cyber-security to have more women. She spoke on that subject at the Kaspersky Next conference in Barcelona in October 2018; her book INSecurity sets out her case at greater length.
She began writing in 2015, as she explains in the introduction. A report by the IT security association (ISC)2, titled ‘Women in Security: Wisely Positioned for the Future of InfoSec’, found that only one in ten were female. To make matters worse, that percentage was actually declining year upon year despite cybercrime, public awareness, and growing demand for more cybersecurity people. "As a woman who’s built a successful career in cybersecurity that’s spanned two decades and knows lots of other women in the industry, I was shocked. I just thought women were doing what they normally did – keeping a low profile, not making a fuss, and getting on with the job. But, I was wrong, and I knew something had to be done about it, so I set about writing."
As a speaker, besides in this book, she makes her case why women should be working in cyber, and what the cyber sector and plenty of others besides - teachers and career advisers, parents and journalists, recruiters, even Hollywood - ought to do. "As women make up about half of the workforce in the world, the industry has failed to harness a massive amount of the prospective talent pool." Cybersecurity, she suggests, has an identity problem and is misunderstood. "It’s viewed as being incredibly technical, yet it’s inherently interdisciplinary and diverse. It involves knowledge in technology, psychology, finance, business, risk, law, and regulation. Whether a person is skilled with people, administration, management, education, or technology, there is something for everyone."
In other words, there's a link here with the larger identity problem that private security has. It's seen generally by the public as standing on a door or a gate, telling people they cannot come in. While that does happen, just as cyber people do work at a desk and in front of a screen, there's actually plenty of chances to have an intellectually satisfying and rewarding career. As I put it to her in a conversation at Kaspersky Next, 'join cyber and see the world'. She agreed, while making the sage point that even there, employers and recruiters can enforce one rule for women, and another for men. If you're a woman and a job requires plenty of overseas travel, if you're a working mother (and Jane Frankland is a mother of three), the assumption all too often is that the job is not for you - because of childcare. Men who are fathers are never asked the same question.
But back to the book. She points to the tendency in cyber-security to rely on technology, 'and it’s often been used as a silver bullet to try to eliminate cyberattacks and compliance failures. Whilst people have been used to implement the technology and develop processes to support it, there’s been a fundamental failure'. You indeed only have to listen to the news of data breaches. Having the same types of people within cyber-security has limited our thinking capacity, and made us more siloed, she argues. Meanwhile, cyberattacks have become more creative, and hackers have become more collaborative and business-like in their approach. To counter them, we need people who can see things in different ways. While her book is about gender, her case is for more diversity in workplaces - for that 'can enable more creativity, more diligence, and tenacity. Simply interacting with those who are different forces people to prepare better, anticipate alternative viewpoints, and expect that reaching consensus will take effort. It encourages people to search for novel information and perspectives, leading to better decision-making'. As that suggests, Jane Frankland isn't only calling for more cyber women because it's right, but because it makes business sense ultimately.
A possible quibble about the book is no fault of hers - will someone making sexist or plain inaccurate assumptions about women (they take time off to have children, and maternity leave is a cost; then women take more time off to deal with children's woes) give an hour or two to this book, demolishing prejudices in the workplace?! The book does have an element of idealism - and why not, as authors need something to drive them to write. She writes for example, early on: "Cybersecurity is a young profession, and we have a real opportunity to create something special." But time and again she makes the business case for women to have a fair go alongside men. Because one of her many points is that to bring on more women is not somehow to threaten men; all will benefit.
What readers may find depressing - besides her point that the fraction of women in cyber is actually faltering, calling into doubt any belief in progress - is that outrageous and plain illegal practices still go on, thanks to office culture. She recalls a 2014 interview by one of the world’s top ten accounting and advisory firms about heading their cybersecurity practice. "When the interviewers discovered I had children, they asked what my childcare provisions were. Having started my career as a recruitment consultant, I was outraged by the director who’d asked the question. Knowing that he’d previously worked in recruitment, I thought he should have known better. Since 1975 it’s been illegal to ask these questions in the UK."
As that story shows, the villain at least there isn't so much cyber itself (a tolerant and fun profession', she writes later) but those doing the recruitment. In fact we may all be unfriendly to women's progress, if we use such terms as 'knocking on the door’, ‘storming the citadel’ or ‘smashing the glass ceiling’, and so on. Jane says: "Phrases like these undermine women’s efforts, as they imply that women have to break down barriers"; that women being 50-50 in a sector is not natural.
The book is peppered with stories from Jane's own life and that of people she's met, besides famous and inspirational women. She covers plenty of ground - personal branding (to help ensure your talent isn’t overlooked - which indeed applies to men as much as women), and how to improve 'male-dominated' tech culture. The best compliment I can pay to this well-written book on an important subject is that men can read it with as much pleasure and profit as women.