By Dr. Jodie Siganto
I’ve long supported involving a more diverse group of people in information security. I’ve not been alone, and it’s been really encouraging to see so much effort being done to achieve this, for example, by ensuring equal representation on panels, focusing on women at most industry events and some great initiatives like the Australian Women in Security Network (AWSN).
Increasing the number of women in cyber security is often linked to the cyber security skills shortage. Presumably the idea is that more women will increase the total number of cyber security workers and help solve the ‘problem’. For me though, it’s more than just a numbers game, or a solution to the supply problem. Women and others from diverse professional backgrounds are essential in re-positioning security to make it fit-for purpose for the 21st century.
Information security as understood by most practitioners, is about protecting the confidentiality, integrity and availability of information assets. To do that, you establish a secure perimeter, mostly using technological controls, excluding untrusted ‘outsiders’ and protecting weak and vulnerable insiders, often from their own stupidity. Ever hear that ‘users are the weakest leak’? If only we could get rid of those pesky users, life would be so much easier! With this view of information security, although we can talk about risks and harm, about threats and attackers, about cyber warfare, we find it hard to articulate the value of security in a positive sense. For me, this framing of cyber security as a defensive, on-going war against aggressive, sophisticated enemies is an exclusionist narrative and a major turn-off…Click here to read full article.