Despite notable progress in the acceptance and treatment of female IT security employees, the industry continues to struggle in establishing itself as a career track for women.
During a panel discussion at the RSA Conference Monday, a few of the world's best-known female security executives made it clear that the challenges of yesteryear are dropping away, but that the industry still must do a better job of marketing to and recruiting talented women.
Penny Leavy, COO and co-founder of endpoint threat detection system vendor Outlier Security, told a crowded room of attendees that when she started her career, it wasn't uncommon to be the only woman on a team meeting with a prospective customer. Often in such settings, when she would say something, the customer representatives (who were typically all men) would look to her coworkers for validation, as if a female's thoughts on security were only valuable if verified by a man.
"I don't see that bias anymore," said Leavy. "There are a lot of women who are gaining a lot of credibility."
But, added Leavy, "We definitely need more."
Fellow panelist Michelle Cobb, VP of risk analytics provider Skybox, said she felt similarly under the microscope early in her career.
"I was definitely an oddity," Cobb said. "That has changed."
But Cobb said change has come slowly, and that women remain scarce in IT security settings.
"This is not going to change itself," she said. "We have to look out there and reach out to other women."
That's just what Melinda Rogers, chief information security officer at the U.S. Department of Justice, wants to do. Rogers said the mentorship of women played an important role in her career, and she's trying to return the favor.
"I've been at the right places at the right time, with a helping hand from women across the industry," said Rogers. She said the relatively small number of women in the industry makes such connections especially critical as they look to establish enduring careers.
"It's still an nascent space, and our paths are going to cross," said Rogers.
The panelists agreed that the opportunities for women in IT security are abundant, especially now that security is a more mature industry with a growing need for critical non-technical skills, such as sales and marketing.
"That's where women can come into play and round out this sector," Rogers said. The cybersecurity field, she said, "desperately needs those other skills."
Regardless of the skills that are needed, the security industry still faces a major obstacle in bringing in female employees: Namely, that it's perceived to be somewhat of an old boys' club.
Along those lines, the panelists suggested that building the self-assurance in women entering the field is essential to helping them survive in it.
"It's about having the confidence to try something new and live in a man's world," Leavy said.
But all the confident women in the world isn't going to mean anything if companies aren't looking for them, which is why Rogers said that if the IT security executives doing the hiring really want to change things, they can't sit back and wait for the prospects to find them.
"Put yourself out there," she said. "That's the most important thing."