Women in Cyber 2024: Key Themes from AT&T’s Inaugural Conference

Earlier this week, SecurityScorecard had the pleasure of sponsoring AT&T’s inaugural Women in Cyber conference. From folks earlier on in their career to more seasoned professionals with 20+ years under their belt, there was a diverse group of 750+ attendees who were all interested in learning more about the cybersecurity space.

We were fortunate to have some amazing panelists – each of whom has made their mark in the field – share their insights. At the end of the day, there were a few recurring themes.

Addressing the Talent Shortage: Cyber Needs a PR Campaign

Many of the panelists wove it through their stories, but the struggle in building and maintaining the talent pipeline is a core issue. Since we’ve been talking about the lack of talent in cybersecurity for well over a decade now, it’s clear that we need to rethink our approach to addressing both the talent shortage as well as the lack of diversity within the pipeline that does exist.

Role models – sources of inclusion and inspiration – are incredibly important. In popular culture, the “Scully Effect” drove positive awareness around the idea of women pursuing careers in STEM. To date, cybersecurity hasn’t had a similar figure that’s “made it” into the lexicon, and that certainly doesn’t help. Beyond awareness, while there are organizations that run more hands-on STEM programs, getting cyber activities into the hands of children is still a work in progress.

Something that’s a little more in our control: making job descriptions more inclusive. That goes beyond taking “warrior” and “ninja” out of the post. 

Learning from the Journey: Career Development

A little less glibly, it’s worth double-clicking on the need for job descriptions to be better framed to attract candidates.

A key theme to take away from panelists and attendees alike: a formal degree in cybersecurity – or even a related field – is not required for a career in cyber. None of the panelists of the day had what you’d consider a “traditional” cyber background. A 4 year technical degree followed by a climb up the cybersecurity corporate ladder was not a thing. In light of that, the abundance of job descriptions with a laundry list of technical skills (that can be learned), a formal degree, and certification requirements is all the more frustrating.

The key – for hiring managers as well as candidates – is to focus more on transferable skills. Chat to Gen Z, and while they might not consider themselves as having “cyber” skills, they’re digital natives who’ve grown up in a world where managing data, privacy, and trust is built into their daily lives. In many of these cases, framing of the necessary skills in question results in a very different answer. 

“Make mistakes and own your mistakes” ~ Patty O’Boyle

More broadly, attributes that helped the panelists succeed are not unique to a career in cybersecurity. Being the person who takes on new projects, works hard, and figures it out generally works, with a few caveats. To that end, there are a few more actionable pieces of advice:

• Be open: you’re not always going to be able to handle everything, so that’s when you need to be clear about what projects you’ll lead and which ones you’ll rely on others to take point on, and that’s perfectly okay. Life happens.
• Be good: corporations don’t have souls, so the people in them need to compensate.
• Be self-aware: own your space (everyone has a job they do, and this should be their area of expertise), but don’t lose sight of the bigger picture (make sure you can pull your head up to make sure you’re actually helping solve for the problems you see).

As an individual contributor, consistently performing well generally means that the domain you work within and the folks you work with are known elements. You’re part of the team and you know how it works.

“There’s a club, and you realize you’re not in it.” ~ Sue Gordon

When your career progresses, especially into leadership, there are new dynamics to navigate. This is where allyship – regardless of gender – empowering one another is key. Mentors, sponsors, and networks can all help provide valuable perspectives to help you grow and lead within your career, but you do need to help them help you (be self-aware, be open).

Maintaining An Inclusive Culture: Reward the Right Behaviors 

Of course, that also requires being a part of an organization that has an inclusive culture.

Jennifer Link put it well in her keynote; while culture can seem like a very ephemeral concept,  there are solid components that a team can examine and improve upon. The four components that were discussed included decisions, rituals, stories, and signs. An organization runs on decisions that are discussed, communicated, and actioned on. When we talk about rituals, it’s not just habits or processes; think about the recurring meetings that consistently stay on the calendar because they consistently serve a purpose. The actual physical “signs” people keep and maintain in their work spaces are not nebulous or abstract concepts.

It’s worth pulling out the “stories” component because the concept of recognition in an organization seems particularly important. Behaviors that are rewarded are behaviors that leadership is incentivizing and reinforcing. (In an ideal world, it’s the day-to-day, proactive maintenance that should be encouraged, not the fire fighting that tends to drive attention because something was left to languish and break. Jennifer referred to this as wanting more of the regular garbage collection done and less of the fire fighting, and there were a few nods in the audience because we have all been here.)

Achieving Work-Life Harmony: Purpose Matters

At this point, no work conference would be complete without a discussion on how to achieve work-life balance.

“I burned the word balance.” ~ Michelle Jordan

There were three things that resonated. First was burning the word “balance” and replacing it with “harmony” – the former comes along with pressure that doesn’t always serve a particularly productive outcome. Second was establishing boundaries. Third was being true to yourself and/or your purpose.

This last one in particular was echoed across the panel; knowing your “why” and being present where you are (work at work, family with family) seemed key to finding purpose and being fulfilled in your career and life more broadly.

Aiming for Progress Over Perfection

Ultimately, cyber does have a long way to go in order to be more inclusive of women and minorities. 

In essence, key themes (and potential next steps) highlighted throughout the day included:

• taking steps to build the talent pipeline earlier on
• nurturing career journeys
• maintaining an inclusive culture, and 
• fostering purpose and fulfillment across employees.

However, with so many organizations and people in the space willing to support and empower women in cyber, it’s easy to hope that we’ll soon see meaningful progress in the future!