Women seeking a professional opportunity in the growing cybersecurity field face systemic barriers that cause their underrepresentation across the industry.

That’s the worrisome word contained in a comprehensive new report that identifies barriers to inclusion faced by women looking to work in the cybersecurity sector.

The 2023 State of Inclusion Benchmark in Cybersecurity says women face exclusion at twice the rate of men.

But in at least one exception to the rule, one director of cybersecurity at a leading Canadian telecom firm says there are a broad range of roles to be filled in the industry – and filling those roles is fun!

Leigh Tynan followed a unique path to the senior position in security she now holds: Director of TELUS Online Security. She’s been with the company for some 18 years, having capitalized on relevant and transferable skills learned in consumer marketing and the B2B space and a successful ten-year run with Coors Canada (now Molson Coors) in field and retail marketing.

Now, in addition to overseeing the TELUS Security marketing portfolio, Tynan’s team handles Online, SmartWear and SmartHome Security as well.

It’s important to always learn and grow in any setting, and her ending up in tech and online security is a testament to that, as she sees it. “Everyone lends their own unique experiences and perspectives to the work that we do,” Tynan says, underscoring how the “cybersecurity industry benefits from diversity.”

Sadly, that’s not the perspective overall.

That benchmark industry report, released by Women in CyberSecurity (WiCyS), an international nonprofit advocating for women in cybersecurity, identifies many reasons behind the current and well-documented underrepresentation.

“For the first time, we’re equipped with both the quantitative data and qualitative stories necessary to identify and dismantle the systemic barriers that hinder the recruitment, hiring, retention and advancement of women in cybersecurity,” said Lynn Dohm, Executive Director of WiCyS.

The report echoes findings about the cybersecurity scene in Canada from York University, with which Tynan is familiar: it found as little as 10 per cent of the workforce in this country identifies as female.

“It really shows the huge opportunity to drive greater diversity,” she says of the report’s findings. “While (cyber) may not be a typical role for women yet, it absolutely can be if we help raise awareness for the varied types of roles that exist.

“I try not to think about what a typical role for a woman would look like, and instead focus on what I find interesting and where I can continue to learn and grow. There are incredible opportunities in the cybersecurity industry for anyone, and driving diversity is key to our collective success. It doesn’t matter what age you are, or who you are, with curiosity and a growth mindset, we can all find space in this ever-changing industry.

“There is a perception that this industry is incredibly technical, and while that is true for some roles, like forensics, there really are a broad range of roles. The cyber industry includes roles in legal, marketing, public relations, customer service, and sales, just to name a few. We need diversity in the industry as everyone lends their own unique experiences and perspectives to the work that we do. In many cases, women are the decision-makers in the household, and we need to understand how to best reach them.”

As domestic decision-makers, and for other reasons, women can be disproportionally affected by cyberattacks. Reaching them with education and awareness about how not to be hacked – if not with info about how to get a job in the hack-attack prevention industry – is growing in importance, and Tynan shares advice in both areas.

“I always recommend educating yourself as best you can” about online risks and safety prevention, she starts off. “There are many free educational resources to help navigate the Internet more safely, including the Canadian Anti-Fraud Centre, GetCyberSafe.ca and TELUS Wise, which is a digital literacy education program that offers informative workshops and resources for people of all ages.

“On an individual level, beyond education, there are several simple and free ways to help protect yourself.” Her “non-negotiables” include:

– Create complex, unique passwords for every login and embrace multi-factor authentication where it is offered

– Don’t conduct information-sensitive tasks on public Wi-Fi without a VPN

– Make sure your Wi-Fi network is protected by encryption

– Ensure your device software is up to date

– Lock down the privacy settings for your social media accounts and be careful who you let in.

– Do a dark web scan to see what information of yours has been compromised (Telus offers a free such service at telus.com/darkweb)

-Monitor your financial accounts to ensure all activity is yours. Be vigilant and question anything you aren’t expecting.

Protecting yourself as an individual consumer is one thing, but Tynan quickly points out that three out of four Canadian organizations have experienced a data breach, and most of those were in the past three years (among other leading Canadian firms, TELUS itself was a victim at one point.)

“Given the increased prevalence and sophistication of the attacks, it has been more of a ‘when’ than an ‘if’ that an organization will be targeted as cybercriminals seek to find their way into the systems of big and small companies alike,” she warns.

There is a common misconception that small businesses are “too small” to be considered a target, but that’s not the case. No organization, big or small, is immune to cybercrime. Small businesses often have less sophisticated security protection in place, which makes them an easier target for hackers. Large businesses have exponentially more customer data, making them a richer and more valuable target for cybercriminals.

Unfortunately, many business victims are just not prepared, despite the growing risks. Tynan cites statistics that say some 16 per cent of firms did not have a response plan when faced with a breach (and the number more than doubles to 34 per cent for organizations that have not yet experienced a breach).

“I imagine that many of them went into firefighting mode, scrambling to mitigate the damage with all available resources,” she posits.

Before the fire starts, there are a few things Tynan says businesses should do, and that includes preparing and practising a response plan ahead of time:

-Continually evaluate and improve response plans as threats and technology evolve;

-Notify affected customers of the situation and the actions being taken, and equip them with cybersecurity tools that can help minimize the consequences;

-Don’t think of breaches as just damage control; they can provide an opportunity to grow trust and increase likelihood to purchase. Consumers agree that how a business responds to a breach can improve their confidence in that company.

Despite the fire fighting, despite the gender imbalance, Tynan is enthused about the potential and possibility of cybersecurity as a career for women, and she says that the industry itself has a key role to play in opening up the opportunities for all.

“Bursaries, education programs, and mentorship all play their role in setting women up for high-level positions. From an industry standpoint, leaders in the technology space have a responsibility to empower and drive equality for women within their organizations. Dedicated programming is essential for all levels, because the earlier support starts the more impact it has on propelling women into high-level positions.

“For example, I’m a co-chair of Connections, TELUS’ global resource group committed to advancing gender equity at all levels and making TELUS a place of choice to work for women in Canada and internationally.  [W]e offer specific programs to drive advancement for women and provide opportunities, from panels to mentorships.

“Programs like Connections and TELUS Wise are examples of the tools and resources we have to make technology not so scary. When I think back to my journey into the telecom world – I didn’t know much about it. Sure, I had Internet and used a cell phone – but I wasn’t familiar with the intricacies. Now working in cybersecurity, it’s still a constant learning and growth experience – and that is part of the fun.”

-30-