As a woman who works in cybersecurity, I think it’s very important to encourage more women and non-males to enter our field. I’ve had the pleasure of speaking to many female and non-male information security professionals.Last time, I spoke to Jennifer Sunshine Steffens, the CEO of IOActive. This time, I speak to Heather Butler. She works in a key cybersecurity role in the UK government.Kim Crawley: So, I presume that you’ve had a very interesting career so far. How did you get into cybersecurity in the first place?Heather Butler: Well, my background is mainly on the strategy, policy, and comms side. I’ve worked on security policy in the past, and I eventually moved into a technology role.KC: What are you doing now?HB: I work for a government organization and lead on our international cyber policy. That involves thinking about how we cooperate with other countries and multilateral organizations.KC: That’s really exciting stuff.HB: Thanks! I enjoy it.KC: IoT is a big worry now. Do you think governments around the world are ready for the cyberattack potential? I hear people in my industry say that they’re concerned about a lack of government regulation in the IoT space.HB: I think IoT and the approaches to tackling it are very new, and this is an emerging area in the tech space. It is an issue that is very much on the minds of people with whom I work. Cybersecurity as a whole is such a new area. Therefore, we don’t have established regulations to deal with the challenges, as we have often never dealt with them before.KC: That’s the exact concern that I hear. IoT cars, medical devices, home security systems, and other devices are entering the market with insufficient government regulation for manufacturers and service providers. I’m anticipating the first cyberattack-driven car crashes. Ugh.HB: I think by the time self-driving cars are on the road, we will be on the road (excuse the pun!) to solving some of these issues. I think governments can see the issues, but the technology is moving fast, and we now need to keep up on the regulatory side.KC: Were you interested in computers from an early age?HB: Actually, not at all! I always had an interest in the international side of things, so if you’d told me I’d be doing this role when I was a kid, I would have been half-happy and half-confused.KC: When did your interest in computing start?HB: Really quite recently. When I worked in security, I could sense that cybersecurity was the next big thing, and I also started getting really interested in the way that technology companies operate. The whole lean and agile approach was really interesting to me, and I wanted to find out more.KC: So you were into non computer-related security issues before you got into cybersecurity?HB: Yes, though I had it in the back of my mind that I might move into this kind of direction as a next step. I’m often thinking two steps ahead!KC: When did the opportunity to transition into cybersecurity present itself?HB: Fairly recently, I’ve only been working in this space for a year now.KC: That’s amazing. Good for you. I presume that you’ve always worked in male-dominated fields?HB: Yes, security and technology don’t seem to be the most gender balanced fields, as I’m sure you know!KC: What have been the disadvantages and advantages to being female in your industries?HB: I think I have often thought of it more as the advantages and disadvantages for the industry. But if I look at my own personal situation, I would say that the advantage has been that you can offer a different perspective. Which I think is why not having enough women in the industry is a real disadvantage. You lose a whole perspective and way of looking at things.Going back to your IoT point, if we don’t think about female users when designing solutions, we won’t find an answer that works for everyone.In terms of disadvantages, I think earlier on in my career when I worked in a broader security role, I found the atmosphere to be male dominated and macho, and that was difficult to know how to handle. I can see why women leave industries when they face such an atmosphere. It is hard to handle.KC: Those are excellent points. Do you think tech culture discourages women? I remember having to prove my technical abilities starting from when I worked in tech support. My male coworkers assumed that I wouldn’t have the job for long, and I proved them wrong. I did get the women’s washroom all to myself, though.HB: Ha, that is a rare advantage, I guess!KC: I remember I went to work every day in skirts and high heels as a way of saying, “Yes, I am the woman who works in this tech support department.”HB: I definitely think the culture puts women off. I mean, just look at the current problems with Uber.KC: Yeah, the Uber story is outrageous. I believe every single word of it.HB: It’s hard to know the best way to deal with it when you are in the minority, particularly when a lot of the issues you face are subtle rather than in-your-face discrimination.KC: I remember I had one coworker who was a black man, the only black person there. We bonded over not being white men, I think. I’ve been fortunate to find a lot of women and non-males to interview for this series, though. It makes me hopeful that the tide is turning.HB: I hope so, I know that I feel pretty confident that steps are being taken to address it here. There are some really good initiatives taking place to try and demonstrate how interesting this area is to work in.KC: If a young girl approached you for advice as to how to get started in cybersecurity, what would you say?HB: My own personal advice… I think I would say to get out there and try it. Go talk to some companies and shadow them, do an internship, talk to people. Test the water. I’d also say how interesting an area this is and how if they did work in cyber they’d never be out of a job! It is a fast growing industry!KC: Which initiatives are you aware of?HB: CyberFirst Girls Competition is a really cool initiative. They are using games to encourage girls to think of cyber as a potential career from a young age.KC: Internships are tough. They’re often unpaid, which makes it difficult for people who aren’t wealthy or have family financial support. Plus, internships often have requirements as strict as paid jobs and are often exploited for unpaid labour.HB: That’s a good point in regards to internships. I guess I’m looking at it from a government perspective. We pay a fair wage to our interns.KC: But that’s a really cool initiative. I’ll check it out. Thank you.HB: But you’re right. There are issues with unpaid internships. I think cyber companies are so keen to encourage young talent. Though a lot of them are really happy to share their time with young people who have an interest. Seeing a job from the inside is a good way to find out if it is for youKC: I’m glad your employer pays interns well. Are there job requirements? Does a prospective intern require a certain kind of resume/CV?HB: Yes, the application process is pretty rigorous.There are interviews and assessments. There are also internships to encourage those from disadvantaged backgrounds and minority groups.KC: I hope that there are more of them.HB: I think it is in recognition of the need to diversify and the benefits that brings.KC: Is there anything else you’d like to add before we go?HB: I think just to say thanks for your interest in my story and for helping to raise the profile of women who are working in this field. It is really important we do that if we are to encourage others to see this field as a potential career choice.
About the Author: Kim Crawley spent years working in general tier two consumer tech support, most of which as a representative of Windstream, a secondary American ISP. Malware related tickets intrigued her, and her knowledge grew from fixing malware problems on thousands of client PCs. Her curiosity led her to research malware as a hobby, which grew into an interest in all things information security related.By 2011, she was already ghostwriting study material for the InfoSec Institute’s CISSP and CEH certification exam preparation programs. Ever since, she’s contributed articles on a variety of information security topics to CIO, CSO, Computerworld, SC Magazine, and 2600 Magazine.Her first solo developed PC game, Hackers Versus Banksters, had a successful Kickstarter and was featured at the Toronto Comic Arts Festival in May 2016. This October, she gave her first talk at an infosec convention, a penetration testing presentation at BSides Toronto.She considers her sociological and psychological perspective on infosec to be her trademark. Given the rapid growth of social engineering vulnerabilities, always considering the human element is vital.Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.