Bad Representation is worse than Under Representation
You can't throw women under the bus of under-representation just to improve your stats.
Leadership Moment: Throwing Shade at Representation
At the recent Blackhat conference, Palo Alto Networks threw shade at women in the cybersecurity industry, as attendees at their party were greeted with this sight:
It’s 2024, so you could be excused for wondering if that was an AI hallucination. Nope. Palo Alto was quick to apologize, and I hope that they’ll learn a lesson, but I worry that this is a minor symptom of an even greater problem in the cybersecurity marketing industry: not recognizing how bad representation is actively harmful to all people in the industry.
A common criticism from women in cybersecurity is how they’ll often not be approached as if they’re technical, especially at conferences. This is a form of prejudice that they’re experiencing: because they are women, they are prejudged to be non-technical. Why, in this day and age, do people assume that on a conference floor, that would be the case? After all, 25% of cybersecurity degrees are issued to women, 17% of analysts are women, and around 10% of CISOs are women. While those numbers are still low, they aren’t low enough to support a belief that “women aren’t technical.”
But cybersecurity technologists aren’t the only people at a conference. Marketers are a sizable proportion of attendees (depending on where you are at a conference, as high as half of the attendees you’ll see are marketers), and marketers are around 65% women. In most booths on a show floor, around half of the staff that will greet you are marketers … and, if so, that means 3 out of 4 women you encounter won’t be that technical.
Representation matters. I’ve painted marketers with a broad brush in that last sentence (as non-technical), but it gets even worse. At many events, marketing teams hire external staff to work the front of their booths — their job is often just to scan badges for the database, and then direct you to a marketing person if you ask a question, who might then direct you to a sales engineer or rare developer deep in the booth. Those external staff are almost always women — and they are rarely briefed on anything about your company other than the name.
These are the women that companies are showcasing. It doesn’t matter how often you get your talented women on stage, or featured in magazines, or any of the other ways they show up for your brand. The women that most members of the cybersecurity community see most often aren’t seen as their peers. It’s no wonder that prejudice against women isn’t dying down, when we keep providing bad examples that maybe that prejudice isn’t entirely unfounded.
So, companies, start thinking about how you’re representing women, not just in your boardroom and ranks, but wherever you put your logo.
Appearances
Recent
July 16, blogpost: The Vulnerability Strikes Back (Incident Response Scenario, with Opus Security)
Aug 6, CISO Series Podcast: We Make Threat Actors Read Our Resiliency Policy Before Attacking Us
Aug 13, CISO Series Podcast: Why Are Fortune 500 Companies Swiping Right on 3-Person Startups?
Upcoming
Aug 21: Security Leadership Social w/ Grip Security (Treehouse Brewery, Tewksbury, MA)
Sep 12: ASPM Book Roadshow (Boston, MA)
Sep 24: HOU.SEC.CON
One Minute Pro Tip: Bend the Gender Narrative
Keep reading with a 7-day free trial
Subscribe to Duha One: Leadership in minutes to keep reading this post and get 7 days of free access to the full post archives.