Information Security: What’s Gender Got to Do With IT?

Posted: 2nd June 2016

A question often asked in the technology industry is “How do we get more women in technology?”

It’s no secret that the technology industry — and by extension, information security — has a dismal record when it comes to diversity. The attempts made to correct this (such as hire more women and people of color) miss the real problem: the monoculture of the technology field.

There are two issues at play here.

One is the perception that the necessary skills to succeed in technology are limited to logic and analysis. The other is that these skills are somehow tied to gender.

There’s no question that logic and analytics are important skills to have. However, this mindset limits students in technology to their own glass ceiling: unless they adapt, they will only go so far in the field. The “logic over emotion” mentality is very effective at producing results in the technology industry, hence why those people advance. That advancement results in leadership roles being filled by those that may be lacking the skills and emotional intelligence needed to be successful. There’s a disconnect on what makes people in the technology industry effective at producing products versus what makes them effective at leading.

Compounding the issue of diversity in technology is the commonly held belief that natural skills are tied to gender. “Men Are From Mars, Women Are from Venus,1” a popular relationship book written in the early 1990s, set this mentality in stone.

The premise is the simplistic idea that men and women have fundamental psychological differences. Intended or not, this mindset has led to the popular belief that men are “left-brained” (logical, analytical, and systematic) while women are “right-brained” (creative and intuitive). This concept has no foundation in psychological studies and has been proven to be false,2 yet we allow these stereotypes to persist because it is easy to sell to the public.

So here we have it: a false belief that the only skills of value in technology are “masculine skills” of pure logic and analysis. This attitude is fueled by the entertainment industry, which relies on stereotypes to quickly project a character’s skills and personality.

In his Millennium series, Swedish author Stieg Larsson countered this trend by creating an iconic character in Lisbeth Salander, who was portrayed as a phenomenal hacker despite presenting the appearance of a mentally ill woman.3 Lisbeth’s skills made her valuable and if people dismissed her due to their own prejudices, it was their loss.

Unfortunately, this line of thinking isn’t present in reality, as there is still a firm belief that the best candidates are incubated in engineering colleges, which tend to have fewer women and people of color. Other popular venues for recruitment are industry conferences — again, a limited demographic. The industry can’t expect to change if it keeps feeding from the same trough.

That’s not to say that purely logical thinking is BAD, just that the same approach to innovation in the technology field doesn’t work when you need to lead a company or consider the consumers when designing a product.

The DISC Profile

A common theme in information security circles is “the evolving threat landscape” and the need to adapt and evolve your IT security strategy to keep up with the times. Yet we only recognize the need to adapt technical skills, not behavioral styles.

In the 1920s, psychologist Dr. William Marston analyzed human behavior and emotions to determine their natural and adaptive state of behavior. This is commonly referred to as the DISC profile, which identifies four basic behavioral styles:

  1. Decisive — preference for problem solving and getting results
  2. Interactive — preference for interacting with others and building relationships
  3. Stability — preference for pacing, persistence, and steadiness
  4. Cautious — preference for procedures, standards, and protocols

Gender or race is not a factor in DISC analysis.

It should be noted that nothing in the DISC profile is positive or negative — it’s just an analysis of different traits and styles. It is also important to note that this is an analysis of behavior, not personality, and that a person’s behavior can adapt over time. Some people adapt easily, some not so much. Systematic types, for example, tend to be more resistant to change and therefore less likely to adapt.

There are two basic styles: natural and adaptive. People who are behaving in their natural style tend to be less stressed and more efficient. They can adapt to other styles as needed, but how well they adapt varies with the individual.

People who are more self-aware acknowledge their behavioral gaps and find ways to fill those gaps. For example, people with High Interactive and Decisive style (action oriented) tend to focus on the tasks that need to be done and how best to accomplish them but will delegate the actual execution of those tasks to others. This is a desired behavior for managers. A manager who does not rank highly on these skills will likely get stuck in the weeds or micromanage.

On the flip side, people with a high Stability and Cautious style (systematic process) are inclined to fit the status quo and never deviate from it, not recognizing the need to change. Their technical achievements may be recognized with a promotion to management, but unless they can adapt their skills, the organization will suffer under leadership that has poor communication skills and a tendency to stick with methods and people they are familiar and comfortable with. Unfortunately, these are the people who are writing the job descriptions and doing the hiring.

This is not necessarily a conscious behavior, but it is pervasive and creates an atmosphere that caters to the “brogrammer” attitude. An argument is often made that there just aren’t enough women applying to tech jobs. A huge effort has been made at industry conferences to have panels to “empower” women and teach them how to “lean in.” What would Lisbeth Salander think of these?

Be Aware of Your Company’s Portrayed Environment

Women aren’t the problem and don’t need “empowering” or coddling. They simply need a fair chance and the ability to work in an environment where they don’t feel like some “special snowflake.” Look at how your organization presents itself. Do you recruit for “industry rock stars” who want to “crush some code?” What about the demographics of your “product evangelists?”

A company that presents itself as a cool place for guys who identify with the environment is a huge turn-off for many women who feel like they will be marginalized. The public face of your company is like a storefront that is designed to attract a specific type of customer. Recruiting efforts that focus on a specific pool of talent limits their choices.

Christopher Ahlberg, Recorded Future’s chief executive officer and co-founder, notes:

When recruiting, the easy answer is of course always ‘we want the most qualified person’ — which totally makes sense. But the problem is that it pretty much always is built on a) most qualified in the pool that we currently have access to and b) most qualified from a very narrow technical perspective. We should build teams with a bigger scope and ambition than that!

Widen Your Net

Bottom line: the industry is trying to be more attractive to the people who are applying, not to those who are not.

The underlying question should always be “Have I found a big enough pool of potential talent to recruit from? Am I missing potential talent out there?” When you have a limited field to choose from, your “best choice” may not really be the best choice that you could have had. You need to widen the net you cast. The knee-jerk reaction is to target women and people of color. The better goal is to target for a more diverse skillset, which means you should consider people with Liberal Arts backgrounds, not just “gear-heads.”

Corey Thomas, chief executive officer of Rapid7, commented on his recruiting approach:

I have always preferred people with a strong sense of logic, science, and theory, as they are likely to learn and adapt faster. People who can demonstrate an interest in real-world application, in addition to those characteristics, are even better. Over time, however, my perspective on this has become increasingly nuanced: I’ve grown a preference for people who have an understanding of the humanities, surrounded by deep science. This is driven by my belief that people make better leaders and create better products if they understand humans and the organizations they are a part of.

The real way to solve the problem of gender in the workplace is to not shine a spotlight on it at all. We have a negative spotlight on the lack of gender diversity now, but the solution is not to move the spotlight to encourage more women and people of color. Just stop focusing on it and instead look for the well-rounded skills you value and be open to change. Like a great piece of music, an organization needs diverse elements to be great.

Ryan Fennelly contributed to this piece. Ryan is a market research analyst with a Master of Arts in Industrial-Organizational Psychology specializing in understanding and predicting consumer behavior.

Carole Fennelly

Carole Fennelly is a freelance information security management consultant in the Greater New York City area. Carole has over 30 years of hands-on experience in the information security and technology fields and has authored several industry-standard benchmarks based on her extensive experience in operating system platforms.

  1. John Gray, “Men Are From Mars, Women Are From Venus: A Practical Guide for Improving Communication and Getting What You Want in Your Relationships” (New York, NY: HarperCollins, 1992).

  2. Christopher Wanjek, “Left Brain vs. Right: It’s a Myth, Research Finds” (LiveScience. TechMedia Network, 03 Sept. 2013. Web. 20 Feb. 2016).

  3. Larsson, Stieg, Lena Grumbach, and Marc De Gouvenain, “Millennium” (Arles: Actes Sud, 2006).