Breaking the Mould and Closing the Gap

Article by CNG Editor

Cyber News Global’s Editor-in-chief, Elspeth Reilly, had the pleasure and honor of speaking with Carmen Marsh, CEO & co-founder of Inteligenca and President & CEO of United Cybersecurity Alliance about their organizations’ incredible work helping to close the gender gap in cybersecurity.

Elspeth Reilly: Thank you so much for speaking with Cyber News Global. Would you share with us about some of the incredible work that your nonprofit, the United Cyber Security Alliance is doing?

Carmen Marsh: Yes, there are two main programs / initiatives that I am really proud of because we have been carrying it on for now close to five years, and we have gotten some really good results.

One of them, Hundred Women and Hundred Day Cybersecurity Career Accelerator, is a tuition-free upskilling program for women. It’s a full cycle, fast-track program that really focuses on hands-on workshops. We provide industry certification training for our participants. As well as career coaching, mentorship, and study groups. We have a really great community. As of date, we have upskilled 320 women, and 94% of those are already working in cybersecurity jobs – it’s a complete full cycle program.

The results are amazing. We are entering our fifth year, and we are starting a new program with a new cohort on March 20th. We have also expanded globally, one of the pilots we are working on currently is to launch this program in Japan. We are having conversations about launching a similar program with the Philippines, the UK – it would be a great program for any country.

Because this is a non-profit initiative, United Cyber Security Alliance was formed to support this program. Our students are dependent on the grants. Initially, my business partner, Paula Dube and I, started Inteligenca, which is a cyber-risk management consulting company, which is for profit. But, as we started launching our training program, it made sense to launch this non-profit as we were receiving grants from the government, and donations from philanthropists – so this non-profit makes it much easier for anyone to support and sponsor our program. We continue to grow with great successes, and with a lot of support from our local, and our global community.

The second initiative that I am proud of, The Cybersecurity Woman of the Year Awards, is also long-running – first taking place at Black Hat in Las Vegas in 2019. So, this will be our fifth year! It’s an amazing initiative, and the reason why it started, the reason why I thought it was necessary for our community is because there has always been a little bit of stigma associated with jobs in cybersecurity, as it’s a field that historically has been male dominated, which isn’t attractive to women wanting to enter the field. When you’re young and you’re thinking about your future career, you want to be in a fun and exciting environment with diversity – a career that doesn’t necessarily carry the preconception of being ‘too technical’ or, though I hate to use this word, ‘nerdy’, so it was important for me to change the perception of cybersecurity because I have been in this job, in this field, and in this community since the nineties – since the very beginning!

We didn’t even have ‘cybersecurity’ starting out, because the internet was just starting, it wasn’t widely used in the beginning. We had ‘information security’, and of course, looking at that term now, when you consider what its definition was at the beginning, ‘information security’ has grown in so many different directions, in so many unique and specialized areas – a lot has changed. Now, we have around 150 different job roles in cybersecurity and around 35 different job categories – a lot of people outside of the field don’t realize this, women including. With the Cybersecurity Women of the Year Awards, I wanted to create a spotlight for two reasons.

The first was to create role models for women of all ages. If you have any interest in cybersecurity, you need to know what kind of women are working in these roles. You need someone to relate to, you need to make the career relatable – you need to get people thinking “look at these amazing women, their incredible achievements – I can do that.”

And that’s really what my goal was with these awards: to get these role models in the media, highlighting everything that they do because then others will say “Okay, wow. She’s brilliant, she’s beautiful, she’s elegant and she’s technical.” You can be all of these things – It’s not one or the other. If you want to work in cybersecurity, you can be whoever you are. You don’t have to change and become somebody who fits the preconception of “cybersecurity expert” – hoodie, colorful hair, tattoos – you don’t have to. You can if you want to, but you don’t have to.

I also wanted to make the awards glamorous in order to showcase that cybersecurity is more than its preconception, so we said: “let’s do a gala!” There was a 50/50 chance that the theme would be well received; cybersecurity is more of a technical community, day to day we are more jeans and t-shirts kind of people. The reception was incredible! It was a night celebrating talented woman and celebrating in style – evening gowns everywhere! It was one of the best parties. Beyond that, it was heartwarming: we can look however we want, make-up or no make-up, dressed-up or casual – no matter what, we can be super, we can be dynamic, we can be hackers.

The inaugural Cybersecurity Women of the Year Awards was a success! Now, as we near our firth year, we have become global. Candidates from over 50 countries have been nominated for awards. It’s wonderful to see as well, that large tech companies like Microsoft, Intel, Dell, are incredibly supportive of our event and sponsor it every year. I’m happy I took the risk! It’s paying off in more ways than one: not only do women in the industry have an opportunity to be celebrated, in fact, the celebration of the award winners carries on beyond the night itself – they advance in their careers, gain more traction in the industry overall, thereby, shining a greater light on women in the industry – and women outside of the industry are gaining a greater interest now that they have role models to look to. It’s a win-win for everyone.

Elspeth Reilly: The Cybersecurity Woman of the Year Awards has provided women in the field an incredible opportunity to be celebrated not only for being titans of the industry, but to also showcase the multiplicity of cybersecurity. Showcasing and celebrating people from all different backgrounds is vital, especially in an industry where, as you mentioned, people are often pigeon-holed into a certain “look”.

Carmen Marsh: Absolutely. And of course, people often only see the ‘technical’ side of cybersecurity – it’s not only technical! That’s why our program, one thing that our program, Hundred Women and Hundred Day Cybersecurity Career Accelerator has two different paths.

We specifically designed our curriculum to have non-technical and technical routes. Non-technical is really propping our participants for jobs, for example, in project management cybersecurity, account executive, marketing. There are so many jobs that are related to cybersecurity that aren’t technical.

When someone is first enrolled into our program, we ask: “what is your interest?” Everyone is unique and we see equal interest in both. It’s important to highlight that not all cybersecurity jobs are technical, because not everyone who is interested in cybersecurity is interested in the technical side of the operations.

Elspeth Reilly: That’s a great point – There is a big misconception that knowing how to code is necessary if you want to work in cybersecurity. To combat against these misconceptions, it is crucial that people know that there are other avenues into cybersecurity, beyond the technical route.

Carmen Marsh: Absolutely, and for our program we don’t require a college degree because we know that cybersecurity can be upskilled. Or, if you do have a college degree but it’s in a field that’s “unrelated” – it doesn’t matter. We have had tremendous success from women in our program who were hairstylists, medical billers, Uber drivers – women who decided they wanted to upgrade their careers, upgrade their lives. They didn’t have a technical background because they didn’t need one.

If we want to close the gender gap in cybersecurity, we need to promote opportunities for women which showcase that there are ways into the industry which don’t require a technical background, a college degree in a related study, or even a college degree at all. There are ways for you into the industry, and you can be successful.

Elspeth Reilly: Your program provides incredible opportunities to women interested in cybersecurity – do you have any advice for young women just starting to find their interest in cybersecurity?

Carmen Marsh: It’s tricky because there’s a lot of information and resources available – so many that it can be overwhelming.

Elspeth Reilly: You’ll be speaking at GISEC soon – your second time! How has your experience been in the Middle East, at GISEC, and what’re you looking forward to?

Carmen Marsh: Last November, I travelled to Saudi Arabia to speak at Black Hat, and something that really stood out to me was the amazing women in the Middle East, their incredible kindness, and the support that they have for each other.

The women who attended all have a chat group on WhatsApp, and the amount of support that is shown for one another, is just incredible to see: smiles, hearts, flowers are constantly flying across the screen – it is true support. In this industry, there’s a lot of competition, and it’s good to be competitive, but not at the expense of others. It is always better to support one another, to lift each other up. We have to be together, it’s not one or the other – there’s plenty of opportunities, and success to go around for everyone. Let’s elevate each other, let’s empower each other, let’s support each other. My experience in the Middle East was a perfect example of that goodwill. I had very similar experience in Dubai when I was there last March for GISEC, and this will be my second time getting to have this heartwarming and empowering experience with women in the Middle East.

We are hoping to have the opportunity to launch our Hundred Women and Hundred Day Cybersecurity Career Accelerator in Saudi Arabia, in Dubai, and elsewhere in the Middle East.

GISEC is an incredible platform, and it’s wonderful to there with amazing women from around the world – global women coming together to share their experiences and their point of views.

Elspeth Reilly: Events like GISEC are so important because it’s vital to have the global community to come together to collaborate. In the end, we all need to work together to combat the cyber threat landscape.

Carmen Marsh: Exactly, and that’s the mission and vision for the United Cybersecurity Alliance. Everything we do is to bring the global cybersecurity community together: to collaborate, share knowledge, and help one another build global resilience because we are strongest together.

If we want to close the gender gap in cybersecurity, we need to promote opportunities for women which showcase ways into the industry.