In an exclusive interview, SafetyDetectives had the privilege of sitting down with Lynn Dohm, the Executive Director at WiCyS (Women in Cybersecurity). With a passion for fostering women’s growth in cybersecurity, Lynn sheds light on WiCyS’s impactful mission, the hurdles women confront in the industry, and the innovative initiatives aimed at drawing more young women into the dynamic world of cybersecurity, and more.
Can you briefly overview WiCyS and its mission to recruit, retain, and advance women in cybersecurity?
Women in Cybersecurity, or WiCyS (pronounced “We-Sis”), was established in 2013 by our founder, Dr. Ambareen Siraj, who was then at Tennessee Tech University. She sought seed funding from the National Science Foundation (NSF) to create the first-ever conference for women in cybersecurity.
The inaugural conference was held in 2014, and we transitioned into a nonprofit organization in 2018. Back in 2014, Dr. Siraj reached out to the NSF for seed funding because of the underrepresentation of women in the cybersecurity workforce, only 11% at that time. She found this statistic reflective of her own experience within the circles of industry, academia, and government.
Dr. Siraj’s vision was to unite that 11% of women in cybersecurity for a technical conference. This conference would provide an opportunity for these women to grow, learn, and advance in their careers collectively. The conference has seen substantial growth from a humble beginning of 350 attendees in the first year and 550 in the second. By 2023, we reached maximum capacity within half an hour of opening registration, with 2,100 attendees.
WiCyS is unique among cybersecurity conferences, as we ensure equal representation of industry professionals and aspiring or underrepresented professionals, irrespective of gender. Our mission is to recruit, retain, and advance women in cybersecurity. Therefore, for every regular registrant, we provide a scholarship to an aspiring or underrepresented professional. We also strive to have equal representation of industry, academia, and government sectors at our conference.
In 2018, to accommodate the growth of the conference, we transitioned into a nonprofit organization. Now a global organization, our mission remains the same: to recruit, retain, and advance women in cybersecurity. Today, we have 8,100 members from 85 countries, 60 professional affiliates, and affiliates programs across continents. These programs are located in Africa, Australia, Canada, France, India, Pakistan, Norway, Israel, the UK, and the US.
We also have corporate affiliates, such as WiCyS Mitre and WiCyS Lockheed Martin, as well as specialty affiliates in fields like AI, BISO, Critical Infrastructure, Cloud Security, Pride-LGBTQ+, Colors of Inclusion, Latinas in Cybersecurity, Neurodiversity, Deaf, Military, and DevSecOps.
Moreover, we have a robust student chapter initiative, boasting 220 student chapters globally. This initiative is generously funded by Microsoft Philanthropies. Our ultimate goal is to create a more robust, gender-diverse community within the cybersecurity industry.
What are some of the biggest challenges women are facing in cybersecurity?
One of our most significant challenges right now is cultivating a culture of inclusion and shifting the responsibility for driving change in the workforce. Rather than this burden falling solely on individuals, we are making it more of an industry-focused initiative.
We understand that numerous initiatives are aimed at diversifying the workforce and building the pipeline in cybersecurity. And while we excel in this area, since our mission is to recruit, retain, and advance women in cybersecurity, we also focus on ensuring women remain in their careers and have opportunities for advancement.
In order to broaden the conversation, we have shifted away from simply diversifying the workforce to exploring what inclusion actually looks like. Sometimes diversity becomes a sort of feel-good metric because it’s quantifiable. Organizations can implement diversity, equity, and inclusion (DEI) initiatives, particularly early career initiatives, and measure the outcomes. If there’s even a slight growth in diversity, companies can pat themselves on the back, believing their DEI initiatives are working.
In contrast, inclusion is far more complex. Inclusion is a feeling, and it’s only genuinely felt when you’re excluded. At WiCyS, we have tried to illuminate what the state of inclusion looks like by quantifying experiences of exclusion for women in cybersecurity.
We believed it was crucial to raise awareness about inclusion among cybersecurity leaders. However, the higher leaders ascend in their careers, the fewer experiences of exclusion they tend to have, so inclusion might not be on their radar.
To address this, we carried out a state of inclusion assessment. The findings were quite revealing. 57% of participants identified career growth and advancement opportunities as a primary source of exclusion, which resulted in them feeling less included in their cybersecurity careers. There also seems to be a glass ceiling for women in cybersecurity around six years into their tenure with an organization. It’s essential for industries to be aware of these issues and develop programs to overcome these challenges.
Is there a shortage of women in cybersecurity or there’s a shortage of women being hired in cybersecurity?
Yes, there is a shortage of women in cybersecurity, and it has a lot to do with women being not really being aware of cybersecurity. There are several reasons for this. Historically, cybersecurity has been a male-dominated field and is often perceived as lacking support structures for underrepresented groups to thrive.
Our state of inclusion report also highlighted that women tend to hit a “glass ceiling” about six years into their careers. We want to drive more action towards encouraging women to pursue cybersecurity careers, and that requires increasing awareness.
We need to ensure that women currently in the industry are visible and recognized. It’s hard to aspire to be something you can’t see, so raising awareness about the existence and success of women in cybersecurity is crucial. Cybersecurity is a thriving, heavily engaged field offering incredible opportunities for problem-solving and career growth. It offers women the chance to support themselves and their families, and there are numerous educational and certification programs available.
One challenge with cybersecurity is that it’s not a clearly defined career path, so navigating it can be daunting. At WiCyS, we have implemented programming efforts to create an entry point or gateway into the field. These programs are designed to help individuals reskill, upskill, or even consider a career in cybersecurity in the first place.
What are the professional development programs offered by WiCyS and how do they support career growth?
Our professional development programs, which we call Skill Development Training Programs, were launched in 2020 and continue to grow. These programs create accessibility and opportunities for individuals to dive into the field of cybersecurity.
For instance, our Security Training Scholarship, funded by Google, Meta, Bloomberg, and Craig Newmark Philanthropies and run in partnership with the SANS Institute, is designed to uncover hidden talent. Many programming efforts focus on top performers and help them advance their careers, but our programs are structured differently.
We have tiered our programs so that at the initial stages, everyone is included and involved. Participants are placed in a cohort and community, provided with technical mentors, and then we look for those who display determination and grit. We consider how advancing in their careers would change their lives and why cybersecurity is of such interest to them.
While we do assess some performance metrics, we are more interested in the determination of the participants. We consider how many times they revisit challenges and what it takes for them to move forward with certain Capture The Flag (CTF) type challenges.
From there, we layer on cyber aptitude IQ assessments and start guiding them towards more advanced cybersecurity certifications. These certifications also come with career placement assistance.
What sets our programs apart is the wraparound services we offer. Anyone can pursue a certificate, but it can be incredibly challenging, especially when balancing a full-time job, family responsibilities, and other obligations. Having a support structure in place is crucial to making these achievements attainable and successful.
Could you share some insights into conferences organized by WiCyS, the topics that are covered, and what attendees can expect? How often do these events occur and where?
WiCyS started as a conference, which continues to be a vital part of our initiatives. In terms of accessibility, half of the attendees join us on scholarships that we issue.
The conference covers a range of topics, focusing on current technologies, trends, challenges, and future perspectives in cybersecurity. We are a technical conference, but we also involve students in the program. The conference is held annually, with the next one, which marks our 10th anniversary, slated for April 2024 in Nashville. For the first time, we’ll be offering a hybrid component to our conference, adding a virtual dimension to our programming efforts.
The conference is instrumental for professionals advancing their careers, offering a rich technical landscape for career advancement. At the same time, we’re committed to building the pipeline for aspiring cybersecurity professionals. A significant part of the WiCyS conference involves fostering career growth and success for women in cybersecurity. This includes creating a mentorship-rich environment, enabling networking connections, and providing recruiting opportunities. It’s like a career village dedicated to setting women up for success in their career growth and advancement.
In your opinion, what are some effective strategies or initiatives that can be implemented to attract more young women into STEM, including cybersecurity, at a younger age?
There are several effective strategies and initiatives. For one, organizations like WiCyS and other nonprofits are making good strides by increasing accessibility. However, industry professionals also need to be more visible, especially female professionals, showcasing their talent and accomplishments.
In terms of initiatives, one impactful approach is to directly engage high school students, not losing momentum with STEM programming efforts. We need to present cybersecurity in a creative way, not as a strictly technical field, but as an arena for problem-solving that piques interest and encourages students to delve deeper into challenges.
Everyone has unique strengths, and if individuals have creative or analytical tendencies, guiding them toward the cybersecurity workforce is a great place to start. It’s about tapping into those strengths and steering them toward this diverse and dynamic field.