Elena Elkina, Co-Founder of Women in Security and Privacy, was interviewed by Aviva Zacks of Safety Detective. She asked her how WISP helps women succeed in the cybersecurity industry.
Safety Detective: What motivated you to co-found this organization?
Elena Elkina: Seven of us were all working in the privacy and information security field. Some of us were lawyers, and some of us came from an IT background. At some point, we started talking about the intersection of privacy and security and how you cannot be a subject matter expert in one of the industries and ignore the other one. Since we’d all been doing privacy and security for a while, we thought about that how the industries had changed over the previous ten years and how, when it used to be privacy or security, now the line was getting blurry and blurrier, and we thought about how we could combine our forces and help each other to be better experts in privacy and security field. We looked at different organizations across the globe, and we couldn’t find an organization that did both.
In addition, we knew that we were women and minorities, and we thought about how hard it is for women to enter the information security field and how hard it is to find resources because the information security club is mostly made up of men.
We wanted to organize something that could help other women enter the fields and help them grow and do something they really enjoy. We also wanted to combine privacy and security into one organization because nowadays you can’t do something well by ignoring the other side.
That’s how Women in Security and Privacy or WISP was born. It was surprising to see how many women felt the same way. There were many organizations that were focused on diversity and inclusion or generally provided knowledge for information security or privacy professionals. We didn’t want to reinvent the wheel. We wanted to combine those two industries in one.
SD: How does WISP help empower women to succeed in the cybersecurity industry?
EE: We have a few main areas that we focus on. We provide practical workshops. We focus less on presentations such as panels and discussion and more on practical knowledge where people can apply what they’ve learned during the workshop or they have a chance to take something home with them. So, we focus on practical workshops as education.
We also have leadership training where we offer an opportunity for people to either practice their presentation or share their career path and inspire others to follow or join.
We also have a mentoring program. We developed a peer-to-peer mentoring program called Tandem where we connect peers who have an opportunity to serve in both roles. We don’t have a mentor and mentee, per se, because we believe that every person has something to learn and has something to share. We connect two people who are looking for skills that the other person can share and looking to learn something that the other person can provide.
We started locally. We wanted to make sure people could connect with each other in person in the Bay Area, but then we expanded globally, and now our Tandem program is a global program where we connect women around the globe.
We also have a scholarship program that started with a couple of organizations giving us scholarships to conferences such as DEFCON.
About five years ago we shared the news that we were sending ten women to DEFCON, and we received ten scholarships. We were able to send ten women, and we wanted to share the news and congratulate them. People started responding and asking if they could sponsor one more woman, help with a flight, or hotel cost, etc. In the end, we sponsored about 75 women. It all happened because individuals and companies were providing us with help, helping support women and it has a butterfly effect that more organizations stepped in. And since that day, every year we sent about 100 women to DEFCON and about 20 to Black Hat.
With the amazing support of the community, our scholarship program had grown, and now we work with many organizations that provide scholarships. For example, just today we’re going to announce that we have ten scholarships from the IAPP, the International Association of Privacy Professionals. They are supporting ten women to get certification of either security, information, IT, project management, program management for privacy, European Union privacy certification—wherever they choose, the IAPP will support them. We have developed a great relationship with RSA who has been donating scholarships every year for the last 3 years.
In 2020, Craig Newmark Philanthropies helped WISP in our endeavor to support the #ShareTheMicInCyber community and cover training, certification, and education costs incurred by Black security and privacy practitioners with a $25,000 grant! During the #ShareTheMicInCyber campaign, WISP initiated a fundraiser to raise funds to pay for Practitioner’s training and certifications — and the response exceeded expectations. With the funds from this effort, we hoped to support other Practitioners in the #ShareTheMicInCyber event with training and certifications, as well. We are now hoping to be able to cover each and every certification and training cost needing coverage in the #ShareTheMicInCyber group!
We are working with the #ShareTheMicInCyber group to add up the fund size needed and currently with this $25,000 grant plus the $19,000+ donated by WISP sponsor individuals and corporate sponsors, we will be able to cover each and every education, training, and certification needed so far! We couldn’t be more excited. Thank you to Craig Newmark Philanthropies and each and every sponsor, we absolutely would never be able to make this happen without you.
SD: What do you feel are the worst cyberthreats out there today?
EE: In my professional career, I’m a partner at Aleada Consulting. We are a privacy and security consulting. We focus on our organizational piece of both privacy and security risk, and we work with technical partners to address more on the technical side. From what I’m seeing, because of the work from home situation, many companies have been challenged with building appropriate infrastructure and creating a system to monitor critical systems. Information security and IT teams have had to rethink their approach to work-from-home models, from policies and procedures and having appropriate controls such as VPN, BYOD, and everything else that aligns with it.
Social engineering remains one of the risks because this year either because people are working from home or just people are stressed, and the social engineering attacks have increased.
And another thing that is not directly related to attacks is that companies are struggling with creating processes because there is a lack of talent in the information security and privacy field. Organizations struggle to find people to help them. Just to be on top of all the possible threats and new requirements from the information security side or privacy side, it’s very hard to be on top of it. I think that continues to be a big problem for an organization—how to bring appropriate talent to their team to protect the company.
That’s why WISP is committed to finding opportunities to advance knowledge and experience and bring more people into the industry so we have no shortage of talent and provide more opportunities to others to grow and join the forces.