This afternoon I have been reading (with much interest) about the Women In Security panel discussion at Bsides Manchester.

In a great write-up from Dr Jessica Barker, followed by a quick exchange on Twitter, I learned that only one woman submitted a paper for the event.

Why is that I wondered?

Of course we know that women are underrepresented in the industry. As Jessica wrote herself,

Some recent research from e-skills and BCS describes the lack of women in IT, with a fall in numbers at every stage of education and employment:

• Girls take 51% of all GCSEs and 44% of IT GCSEs – but only 6.5% of computer A-levels
• Women make up 55% of HE entrants – but only 35% of STEM entrants – and only 13% of computer science entrants
• There are 1.1million IT specialists in the UK – only 16% of whom are women
• Female IT specialists are paid 16% less than their male peers

In terms of IT security, research from (ISC)2 shows that only 11% of information security professionals are women [pdf].

She also goes on to mention the topic of discrimination which is, lets face it, very real (as I’m sure many women can attest to) which begins far earlier than many of you may realise.

Dr. Barker makes a valid point when she says:

“The lack of women in IT and information security is part of a much bigger problem which starts in childhood with girls encouraged to be air hostesses, nurses and secretaries and boys encouraged to be pilots, doctors and engineers.”

But that isn’t purely a parental viewpoint being imposed on children. It is one that is reinforced by the media (other than Dr. Barker, how many other female security consultants do you see on mainstream TV, or hear on the radio?).

It is also very much down to the educational system too – the figures above say much about how many girls go on to take higher level courses in computing but the reason for that is heavily influenced by the schools themselves in my opinion. In the educational borough I live in, for instance, some computer classes do not have enough PCs for every child to use one in each lesson. So how are they apportioned? By some sort of rota? No chance – the boys get to use computers whilst the girls get to use iPads and other tablets. Hows that for some positive discrimination in the school system eh?

The discrimination also rears its ugly head within the workplace too of course. When I attended BSides London recently I attended a Women in Security discussion on the Rookie Track in which it was mentioned (sorry, cannot remember by whom) that some women were obtaining promotions from technical areas into management positions, partly because they were perceived as not being capable of taking on the more senior technical roles. Shocking!

There are many ways that this sort of discrimination could be tackled though.

One I see mentioned with regularity is the idea that women should be better represented at conferences. I agree that this would indeed be a desirable outcome but I don’t think it is as easy to organise as some commentators appear to think.

To my mind (and I could be very wrong), the issue isn’t that women are being blocked or deliberately underrepresented at such events, so much as the fact that they aren’t putting themselves forward in the first place.

Now I cannot of course offer definitive reasoning as to why that is so because I haven’t spoken to enough women to be able to compile a meaningful amount of data. But one recurring theme that does crop up in the conversations I have had is the lack of confidence to stand up and talk in front of an audience.

Is that because women feel intimidated by a predominantly male audience?

I don’t know for sure but from the conversations I have had it seems to be a more general fear of talking in front of one’s peers – something that I am sure afflicts all potential first-time speakers equally, irrespective of their gender.

So, whilst I would not want to belittle the very real discrimination that women have experienced in the security industry (and, alas, will continue to meet for some time) I would like to suggest that the focus should perhaps be one of encouragement.

I know plenty of highly intelligent, skilled and articulate women – such as Dr Jessica Barker and the amazing Neira Jones – who are held in extremely high regard because of their skills, knowledge and experience. Their gender is irrelevant, and that is exactly how it should be.

But, for every Dr Barker or Neira Jones there are many other women out there with just as much to contribute. Lets encourage them to stand up and have their say, not because they are women, but because they are fellow human beings with as much right have their say and work in this industry as any man.

For an industry as welcoming and as supportive as infosec (in my experience), which I’ve seen to have a great diversity amongst practitioners in terms of ethnicity, age and range of skill sets, why on earth are we still discussing the role of women anyway? (you can find some more answers in Dr Barker’s excellent article here)

Just like Dr Barker, I will end my article by saying that she is often told that “you don’t look like a cyber security consultant.”

With that in mind, someone please tell me what a cyber security consultant SHOULD look like!!!