International Women in Cyber Day (IWCD) is celebrated every 1st September. According to founder, Lisa Kearney, CEO of the Women Cybersecurity Society (WCS2), one of the goals of the initiative is to recognise women’s vital contributions and advocate for greater inclusivity within the industry.
“Women possess the intellect, and skill sets necessary to fill the gaps in the industry, contributing to stronger defences against emerging threats. This diversity of thought is critical to building a safer, more secure internet and world around us.” Lisa Kearney
The theme for 2024 is Cybersecurity in the Digital Age: The Role of Women in Shaping Tomorrow’s Security.
FutureCISO spoke to Julie Cabuhat, digital forensics and incident response specialist for Blackpanda, on her journey as a cybersecurity professional. During her pursuit of a Bachelor of Science degree in Computer Science, she developed a fondness for forensics. However, in 2013 job opportunities for fresh graduates in the field were scarce. She eventually landed a post at EY’s Forensic Technology & Discover Services practice in the Philippines.
Cabuhat gave herself a couple of years to test the forensics waters. She confessed that she could leave the role and move on since ‘skills are transferable.’ She stayed on!
Odd person out
Cybersecurity Ventures noted that in 2022, women held 25% of cybersecurity jobs globally, up from 20% in 2019, and even better than the 10% in 2013. Cabuhat is not easily intimidated by being surrounded by male counterparts. While pursuing her science degree she said there were like five women for every 20 men.
While she accepted the reality of more males pursuing a career in the sciences, she expressed surprise that within the cybersecurity space, many had military backgrounds. These days she noted that most of her mentors and the people she worked with in the US, had military experience.
Challenges
Digital forensics and incident response (DFIR) focus on identifying, addressing, and investigating cybersecurity incidents. It comprises of Digital Forensics – the collection, preservation, and analysis of forensic evidence, and Incident Response which aims to contain, stop and prevent cyberattacks.
DFIR integrates traditional incident response activities—like planning, IT architecture documentation, and playbook development—with advanced digital forensics techniques. While traditional incident response includes some investigative elements, DFIR places a greater emphasis on forensics.
For Cabuhat, working as a digital forensics and incident response (DFIR) specialist is gender-neutral. She acknowledged that the technical work is the same, where the challenge lies around first impression.
“Most of the time there is a credibility issue at the beginning with people having to get over their inherent bias of what to expect, particularly who will be their incident commander on the vendor side,” she confided.
“Especially for companies with no exposure to having a woman in a highly technical field at this level, it's a bit difficult for them to accept following instructions,” she observed. She conceded that these organisations may not be doing it on purpose. “It's just the exposure that they have,” she surmised.
Cabuhat concedes that things are improving and has developed tactics to allay client fears and concerns when she is introduced into the workflow.
Gender bias
Cabuhat says gender bias still exists. It can manifest itself during meetings, for example. She cited her observation about how organisational tasks get distributed to women during meetings. “For example, lunch plans always end up with the female in the room being expected, or asked, to handle. “At some point, you think, it's fine, I can do it. But if it has gone on for several years, and your other colleagues have been mentioning it, seeing it, something is wrong here,” she commented.
She believes that some roles can be done in rotation – that they shouldn’t be assigned to someone by their gender. She revealed that she has had candid conversations with her managers on the issue.
The bias is not limited to mundane tasks. Even in the realm of digital forensics and incident response, she observed at some point in her career, that she was being tasked with handling proactive services like training and playbook development.
Cabuhat believes there are plenty of opportunities for women in the DFIR space. She reasoned that by its nature, it is a very analytical post and is not reliant on one’s physical capabilities. The issue now is that people are more fluid and can leave the field altogether, potentially going to another subspecialty, like governance or risk and compliance.
“Or they take on something different! I think what we need to address is making women stay in the role. Women who are coming in need to see that there is a natural career provision in this specific sub-specialty,” she elaborated.
The value of mentorship
When it comes to mentorship, Cabuhat believes in the value of the practice. She sees mentorship as important, particularly in cybersecurity. “There is a lot to navigate. I have had a lot of mentors in my career. I think all of them were men but just because this is the time I entered the field. We're just getting better at it,” she continued.
She confided that as a mentee the issue of gender bias needs to come up when the situation calls for it. She recalled that in her conversations, her mentor would ask if she felt comfortable in the workplace, particularly in meetings where she may be the minority in the room. She recalled that her manager is cognizant of this and takes proactive measures to minimise any awkwardness that might develop as such.
“Just having those kinds of conversations that are great and I guess, for women also, just because at the age where I am now, when I'm doing interviews with companies, there are veiled questions like, “How long do you think you're planning on staying on this career?” Julie Cabuhat
She confided that she has been asked about her future career path and plans. She concluded that companies might not want to invest in people who will eventually leave the field. “Which is fair,” she agreed.
“But men don't get asked if they are thinking getting married, starting a family? I have been very clear when I go to these interviews replying that I plan on being in the field for very long, very long,” she added.
Cabuhat says women mentors in cybersecurity have something different to offer. She is a mentor to colleagues joining the practice.
“Yes, just because the experience and background are very different. As a mentor, I found that the biggest issue was exposure. I want to expose all mentees – male or female – that women can do a very good job in this field. You need to be comfortable with that fact.
“When you see someone in a hall who's a woman, you don't question their credentials. You know that you are in very good hands,” she concluded.
Advice
For women considering a career in DFIR, Cabuhat advises one of the first things to do is to make your manager an ally. She revealed that DFIR can take a mental and physical toll on the person. “You need to take that into account when you're training these people. Make sure you have a good boss. Know that if you have the right skills, there are a lot of organisations that will accept you,” she declared.
For Cabuhat, a career in cybersecurity is wide open. Women are now taking CISO roles. “I came from a previous company whose CEO was a woman. Identify the people you're working with. Do these people you are working with see your gender as an issue?
“Because if you want to build a career in a specific company, make sure that you are in a good company – that your seniors believe in you. “You are not getting bulldozed over when you voice out your opinion – they actively seek out your advice. Build your career from there. How far you go is dependent on you as long the company that you are working for is fair,” she added.
