In the month of February, I was part of a few events that were cybersecurity related. The first was a panel about “Women in Security”, hosted at Splunk. Another was my own talk at “Test Automation Day – Melbourne” on Test Automation and Cyber Security. And as a third, I had the opportunity to speak as a guest at the all hands meeting of SecurEyes. There was a general theme in these events about what kind of people can work in cyber security, as well as a broad curiosity about what space women in particular may have in this field. So here are some thoughts about the topic.

If you’re in Australia, you probably have heard of the “Hi Mum” scam, where people receive a text addressed to “Mum” saying the phone is broken and asking for money. Apparently people have lost $7.2 billion to this scam. I can imagine the eyerolls about the gullibility of people being taken in by such scams, and the shrugs accompanying statements that “people need to be more aware”. I have also recently heard the idea espoused that banks should not cover mistakes like this where people are “careless”. But is victim-blaming what we need here? What are we as the collective IT community, or specifically the cybersecurity community, really doing to address scams like this?

Now imagine if you were a woman working in cybersecurity. You might have been more suspicious of the email – noticed some subtle clues that it was fake: maybe the tone was too formal or informal for your boss; maybe there were some spelling or grammar errors; maybe the account number was different from the usual one. You might have also been more aware of the psychological tricks that hackers use to manipulate their victims: creating urgency, invoking authority, appealing to greed or fear. You might have checked with your boss before making any transactions or reported the email to your IT department.

These are not just stereotypical feminine traits; these are essential cybersecurity skills that can give you an edge over hackers who rely on exploiting human weaknesses. Skills like these are needed to create a more comprehensive map of types of threats that a system may be vulnerable to. This wider understanding of threats can then help teams create effective strategies to protect against them –  from creating effective awareness campaigns to fine tuning intrusion detection systems and email quarantine tools.

So ladies (and gentlemen), if you’re interested in pursuing a career in cybersecurity (or advancing in one), don’t let anyone tell you that it’s not for you. Cybersecurity needs more minds from different fields – women with “stereotypical feminine traits”, testers who are trained to sniff out the weak spots in a system, people who can communicate and bring technology teams closer to the users of the systems – to bring diversity of thought and experience to this challenging and rewarding field.

This blog was wrriten by our Head of Quality Assurance Tanu Parial.