Innovate for Equity

Bringing diversity into cybersecurity to protect everyone.

In the month of February, I was part of a few events that were cybersecurity related. The first was a panel about “Women in Security”, hosted at Splunk. Another was my own talk at “Test Automation Day – Melbourne” on Test Automation and Cyber Security. And as a third, I had the opportunity to speak as a guest at the all hands meeting of SecurEyes. There was a general theme in these events about what kind of people can work in cyber security, as well as a broad curiosity about what space women in particular may have in this field. So here are some thoughts about the topic.

Cybersecurity

Scams

If you’re in Australia, you probably have heard of the “Hi Mum” scam, where people receive a text addressed to “Mum” saying the phone is broken and asking for money. Apparently people have lost $7.2 billion to this scam. I can imagine the eyerolls about the gullibility of people being taken in by such scams, and the shrugs accompanying statements that “people need to be more aware”. I have also recently heard the idea espoused that banks should not cover mistakes like this where people are “careless”. But is victim-blaming what we need here? What are we as the collective IT community, or specifically the cybersecurity community, really doing to address scams like this?

Cybersecurity event
Cyber Security attack

CyberSecurity

People as the vulnerability point

Cybersecurity education asserts that the primary objective of all cyber security efforts is to protect human lives and health. The security of systems, data, premises comes only after the people. However, the broader field of cybersecurity doesn’t really embody this particular value. While discussions on vulnerability acknowledge that people can be the biggest vulnerability for intrusions, I have not noticed a lot of actual effort spent on addressing this vulnerability – beyond messages about safe password practices and 2FA.

cybersecurity

Stereotypes

When cybersecurity is mentioned, there is an automatic picture in the mind of a hacker in a hoodie, working from somewhere in a basement, whose attempts are only being thwarted by another hacker (an ethical or “white hat” one this time) who is WFH in his own basement. Yes, “his”. Be honest, none of us pictured a 45 year old woman in either of these roles. Or even a 25 year old woman. But what if I told you that women have some unique skills and perspectives that can make them great cybersecurity professionals? And what if I told you that the biggest threats to cybersecurity today are not limited to sophisticated malware or zero-day exploits, but include something much more human: social engineering?

innovate for equity

Social Engineering

Social engineering is the art of manipulating people into doing things they wouldn’t normally do, such as giving up their passwords, clicking on malicious links or downloading infected files. Social engineering attacks often rely on exploiting interpersonal relationships, emotions and trust. The “Hi Mum” scam is one example of this. Another common attack is sending urgent sounding emails to a (usually female) executive assistant, spoofing the identity of their boss who is a senior executive – asking to urgently pay an invoice, or purchase an expensive gift to be shipped to an employee as a surprise.

innovate for equity

Competitive Advantage

Now imagine if you were a woman working in cybersecurity. You might have been more suspicious of the email – noticed some subtle clues that it was fake: maybe the tone was too formal or informal for your boss; maybe there were some spelling or grammar errors; maybe the account number was different from the usual one. You might have also been more aware of the psychological tricks that hackers use to manipulate their victims: creating urgency, invoking authority, appealing to greed or fear. You might have checked with your boss before making any transactions or reported the email to your IT department.

These are not just stereotypical feminine traits; these are essential cybersecurity skills that can give you an edge over hackers who rely on exploiting human weaknesses. Skills like these are needed to create a more comprehensive map of types of threats that a system may be vulnerable to. This wider understanding of threats can then help teams create effective strategies to protect against them –  from creating effective awareness campaigns to fine tuning intrusion detection systems and email quarantine tools.

innovate for equity

Careers in Cybersecurity

So ladies (and gentlemen), if you’re interested in pursuing a career in cybersecurity (or advancing in one), don’t let anyone tell you that it’s not for you. Cybersecurity needs more minds from different fields – women with “stereotypical feminine traits”, testers who are trained to sniff out the weak spots in a system, people who can communicate and bring technology teams closer to the users of the systems – to bring diversity of thought and experience to this challenging and rewarding field.

This blog was wrriten by our Head of Quality Assurance Tanu Parial.

March 08, 2023

Embracing the art of giving feedback

Embracing the art of giving feedback

Embracing the art of giving feedback Navigating the uncomfortable in personal and professional spaces This morning, on my way to work, a kind lady at the tram stop informed me of a minor wardrobe malfunction. I thanked her profusely, but she was very apologetic about...

AI Bias and Ethics

AI Bias and Ethics

AI Bias and Ethics What's Hot in Tech - A vicict4women eventTopic: Intelligent Systems: Automation, AI and ML Digital Innovation Futures 2023 Opening Cyber DebateTopic: The cyber risks of using AI tools like ChatGPT outweigh the benefitsIntelligent Systems:...

Gameplay To Create Team Cohesion

Gameplay To Create Team Cohesion

Gameplay to create team cohesion Agile Musical Chairs Workshop presented at Agile Prague 2023.Agile Musical ChairsAgile Prague 2023This week I had the great privilege to run an Agile Musical Chairs gameplay workshop at Agile Prague 2023. Prague is a beautiful city,...

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *