Innovate for Equity

Bringing diversity into cybersecurity to protect everyone.

In the month of February, I was part of a few events that were cybersecurity related. The first was a panel about “Women in Security”, hosted at Splunk. Another was my own talk at “Test Automation Day – Melbourne” on Test Automation and Cyber Security. And as a third, I had the opportunity to speak as a guest at the all hands meeting of SecurEyes. There was a general theme in these events about what kind of people can work in cyber security, as well as a broad curiosity about what space women in particular may have in this field. So here are some thoughts about the topic.

Cybersecurity

Scams

If you’re in Australia, you probably have heard of the “Hi Mum” scam, where people receive a text addressed to “Mum” saying the phone is broken and asking for money. Apparently people have lost $7.2 billion to this scam. I can imagine the eyerolls about the gullibility of people being taken in by such scams, and the shrugs accompanying statements that “people need to be more aware”. I have also recently heard the idea espoused that banks should not cover mistakes like this where people are “careless”. But is victim-blaming what we need here? What are we as the collective IT community, or specifically the cybersecurity community, really doing to address scams like this?

Cybersecurity event
Cyber Security attack

CyberSecurity

People as the vulnerability point

Cybersecurity education asserts that the primary objective of all cyber security efforts is to protect human lives and health. The security of systems, data, premises comes only after the people. However, the broader field of cybersecurity doesn’t really embody this particular value. While discussions on vulnerability acknowledge that people can be the biggest vulnerability for intrusions, I have not noticed a lot of actual effort spent on addressing this vulnerability – beyond messages about safe password practices and 2FA.

cybersecurity

Stereotypes

When cybersecurity is mentioned, there is an automatic picture in the mind of a hacker in a hoodie, working from somewhere in a basement, whose attempts are only being thwarted by another hacker (an ethical or “white hat” one this time) who is WFH in his own basement. Yes, “his”. Be honest, none of us pictured a 45 year old woman in either of these roles. Or even a 25 year old woman. But what if I told you that women have some unique skills and perspectives that can make them great cybersecurity professionals? And what if I told you that the biggest threats to cybersecurity today are not limited to sophisticated malware or zero-day exploits, but include something much more human: social engineering?

innovate for equity

Social Engineering

Social engineering is the art of manipulating people into doing things they wouldn’t normally do, such as giving up their passwords, clicking on malicious links or downloading infected files. Social engineering attacks often rely on exploiting interpersonal relationships, emotions and trust. The “Hi Mum” scam is one example of this. Another common attack is sending urgent sounding emails to a (usually female) executive assistant, spoofing the identity of their boss who is a senior executive – asking to urgently pay an invoice, or purchase an expensive gift to be shipped to an employee as a surprise.

innovate for equity

Competitive Advantage

Now imagine if you were a woman working in cybersecurity. You might have been more suspicious of the email – noticed some subtle clues that it was fake: maybe the tone was too formal or informal for your boss; maybe there were some spelling or grammar errors; maybe the account number was different from the usual one. You might have also been more aware of the psychological tricks that hackers use to manipulate their victims: creating urgency, invoking authority, appealing to greed or fear. You might have checked with your boss before making any transactions or reported the email to your IT department.

These are not just stereotypical feminine traits; these are essential cybersecurity skills that can give you an edge over hackers who rely on exploiting human weaknesses. Skills like these are needed to create a more comprehensive map of types of threats that a system may be vulnerable to. This wider understanding of threats can then help teams create effective strategies to protect against them –  from creating effective awareness campaigns to fine tuning intrusion detection systems and email quarantine tools.

innovate for equity

Careers in Cybersecurity

So ladies (and gentlemen), if you’re interested in pursuing a career in cybersecurity (or advancing in one), don’t let anyone tell you that it’s not for you. Cybersecurity needs more minds from different fields – women with “stereotypical feminine traits”, testers who are trained to sniff out the weak spots in a system, people who can communicate and bring technology teams closer to the users of the systems – to bring diversity of thought and experience to this challenging and rewarding field.

This blog was wrriten by our Head of Quality Assurance Tanu Parial.

March 08, 2023

Cybersecurity Partnership

Cybersecurity Partnership

Cybersecurity Partnership with SecurEyes Technical expertise with industry insight Cybersecurity Partnership with SecurEyes Technical expertise with industry insightCybersecurity partnershipBuilding a secure futureAccuteque is proud to announce a strategic...

Learning: Many heads are better than one

Learning: Many heads are better than one

Many heads learn better than one Learning better togetherLast week, I had two very powerful experiences in the theme of learning. The first one was at work. At Accuteque, we are encouraging our team to engage in the space of Cyber Security, and many in the team have...

The Power of Metaphors

The Power of Metaphors

The Power of Metaphors Navigating Life through Diverse ImageryThe metaphors that govern our understanding of the world are not merely linguistic ornaments or poetic embellishments; they are fundamental tools for the human mind to understand and conceptualize complex...

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *