A shortage of cyber security experts means flourishing career opportunities. So why is there a shortage of women? Three of F-Secure’s employees based in Finland – a strategist, security consultant, and threat intelligence researcher at F-Secure – share their views.
Just 11 per cent of cyber security experts are women. This is despite the current under-supply of specialists in this area. While this might be due to having roots in gender roles, cyber criminals do not care who is sitting on the other side of the ‘war room’.
“Improving gender diversity needs more ‘role models’ and encouraging women to choose cyber security,” says Maria Toro, Technology Strategy Director at F-Secure. “I feel things are particularly good here because Fellows’ skills are what matter, not their gender or ethnicity, for example. In addition to being a woman, I am also quite heavily tattooed, and still, I am often asked to be the company representative at external occasions.”
Maria holds an M.Sc. in Tech Information Engineering (Embedded Systems and Software). She has been working in the IT industry for over 15 years, with cyber security comprising 11 of those.
“Programming has interested me since Elementary School. I was also interested in gaming and played combat games against my brother when I was a teenager. These weren’t generally popular with girls. Moreover, there were very few women in our faculty. For some reason, many of them pursued less technical topics, such as marketing,” she remarks.
University-level gender bias
“In my opinion, women, especially young women, should realize that nothing is preventing them from working in any industry they are interested in,” adds Maria.
She also very much appreciates that her roll allows her to combine motherhood and a career. Moreover, “they are certainly not mutually exclusive.”
Laura Kankaala, Junior Security Consultant at F-Secure, held a variety of IT-related positions before joining the company about one year ago.
She moved to Helsinki to work with a company dealing with Identity and Access Management solutions. A company acquisition then meant she became part of a bigger organization, allowing her career to expand to include technical information security consulting.
“I find security super fascinating, especially when I get a chance to really help organizations and individual teams to find a clear strategy for employing security in their work. Therefore, I’d say that the core motivator for going into cyber security and especially consulting was helping people,” she says.
Laura has some two years of experience in cyber security and thinks that more women would be in the sector if opportunities for kids out there were promoted early enough.
“Gender bias can already be seen at university level. The IT field is still fairly male-dominated. While people typically go for the field they study for, we need to try and get rid of any kind of gender-based thinking regarding work. This would be beneficial for everyone.”
“Naturally this goes both ways; none of the jobs should be thought of as ‘jobs for boys’ or ‘jobs for girls’. I thought that entering IT – especially information security consulting – would be intimidating, but I’m glad I was proven wrong pretty early on,” she adds.
“Energy and skills”
And Threat Intelligence Researcher Maria Patricia Revilla Dacuno has worked for F-Secure for some six years in total. She says that “I’ve mainly been a threat researcher/analyst most of my life.”
“I worked in Kuala Lumpur as an Antivirus Analyst for two years between 2007 and 2009, and have been employed at the company’s Helsinki office since 2014.”
Other companies that she has worked for include TrendMicro, where she was an Antivirus Engineer, She was also employed as a Threat Researcher at Authentium – an antivirus company Commtouch Inc. acquired in 2010 before the firm’s name was changed to Cyren.
Cyber security was not a popular subject in general while Patricia was at university from 2000 to 2004. She thinks that one way of addressing the imbalance of women in this field is by involvement at university level.
“We can give them some insights into what we do, and I think there are many talents we could get from the universities. They have the energy and skills, but some are either just not sure where to apply these. Or perhaps they are not aware that these can be used for cyber security,” Patricia says.
Her current position in F-Secure’s Threat Intelligence team, which mainly focuses on following the Threat Landscape and getting the big picture, is something she enjoys.
“My main task is to look at the big picture of what is happening, especially in terms of the common attack vectors used by cyber criminals to deliver malicious content, and making sure we have the protection with the whole Labs team’s help. The main motivation for me is that security is something both very valuable and a very challenging arm of IT. I know that my job is something that would help people – in a way, protecting them from the bad guys,” concludes Patricia.