Last time, I spoke with Tarah Wheeler, who is a technology and cybersecurity executive, entrepreneur, hacker, keynote speaker, scientist, and author. She’s also the author of Women in Tech: Take Your Career to the Next Level with Practical Advice and Inspiring Stories.
Kimberly Crawley: So tell me about what you do.
Katherine Teitler: I am the director of content at MISTI. That means I program our information security conferences and events. InfoSec World is the most well known. And I write and source security articles, blogs, and interviews for our website.
KC: Cool! You do a little bit of the kind of work I do. What is it like to plan InfoSec World?
KT: It’s a ton of fun, but it’s also a massive amount of work. I have an advisory board to help vet the CFP submissions. Aside from that, I’m in charge of managing more than 130 infosec speakers. It’s like herding 130 cats! I do love cats.
I start planning ISW about ten months in advance, trying to lock down keynotes, summits, and workshops speakers. We open the (call for proposals) CFP about seven months ahead of the event, which is early. But it helps us get on the radar of potential speakers.
Once the CFP is closed and all submissions are in, that’s when crunch time starts. First, there’s the review. Then I have to figure out the best composition of talks, which is vastly different than “these talks are good.” Then I have to make sure everything I want on the program fits into the allocated time, and finally I have to notify all speakers; confirm time, date, location, and topic; get everyone registered; and so on.
There’s a lot of behind-the-scenes stuff speakers don’t see. Sometimes, it frustrates them to be asked to get information to me so early, but planning a conference is more than picking the best speakers and abstracts.
KC: How did life lead you to your current role with MISTI?
KT: Great question. I actually started out in sales. When I was at Forrester, I was selling technology to SMBs. A lot of my clients wanted advisory services or consulting, and I worked with one particular analyst to deliver the services. After tagging along for about 10 of these engagements, I thought, “I could learn to do this!”
But becoming an analyst would have meant taking a big step back in my career that I couldn’t afford to take at the time. I went to another company where I started in sales, then moved to content, then moved to MISTI. Frankly, I had never managed a large event before. When they asked me to program the conference, I thought, “Holy crap!” But I did it, the event went well, and here I am more than three years later.
MISTI’s written content initiative is much newer. It only started about a year and a half ago. I’ve always been a writer, and I used articles and security SMEs to learn new things. As someone who has never been a practitioner, I need to constantly be learning about the tech, and talking with the experts allows me to do that.
KC: When did you first get interested in cybersecurity?
KT: When I was going on the advisory and consulting engagements with the same analyst at Forrester. She was really engaging, and I saw how clients could make an immediate change in their organizations. Then consumerization took hold, and we all started seeing how and why security was personally very important.
KC: What do you think the biggest problems in cybersecurity are these days?
KT: That’s a bit of a loaded question. I think there is an over reliance on tools. That’s not to say security doesn’t need tools to do its job, but so many teams buy an expensive new thing then don’t have the processes or procedures to implement, manage, or maintain the tool correctly. Then they’re surprised when the company gets breached. I think most teams need significantly more focus on the security basics.
I also think there is a disconnect between what’s going on at C-levels and what’s happening in security. Security should feed into overall organizational risk, but security doesn’t speak well enough in risk terms. The rest of the business, while it’s gotten much better over the past few years, still doesn’t understand why security does what it does, why breaches continue to happen despite growth and focus, and what it means to have good security
You’d be hard-pressed to find a company that doesn’t understand sales strategy or finance strategy, but I don’t think the average employee has any clue as to what security actually does. That hurts because security is part of the business, not some weird, outcast technology group that only serves one function.
KC: Do you think it’s easier for women to enter the cybersecurity field now than in the past?
KT: I think a greater number of people now realize the need for more women in all technology fields. The reality, though, is that society still perceives and treats young girls differently than boys. At young ages, we see girls turning away from technical fields because “that’s what boys do.”
KC: Yep. I had to fight that, too.
KT: That being said, we have a lot of great role models in security, both men and women, who are trying hard to turn the tide. I don’t think tech and traditional “girl” things are mutually exclusive, either. Technology can be a big asset of one wants to get into fashion, for instance. Most of the women I know in security are very strong-willed. I love that! But it shouldn’t be so hard.
KC: The fashion industry? I personally love fashion, but I never thought of it as a “geeky” area.
KT: Exactly! It’s not geeky, but there are apps, and people could build apps, to help with designs and trends, understanding the market, distribution channels, and so on.
KC: I figure some of my stranger shoes, like my seven-inch platforms, must have been designed with AutoCAD.
KT: Haha. Now imagine if the designer could also use tech to make them better for your spine.
KC: Is there anything else you’d like to add before we go?
KT: One thing I think about a lot, and I don’t know how to address the problem, is how women get involved in security, even if they’re security practitioners.
As I build events, I always seek out women speakers. When it comes to CFPs, I get a very low ratio of submissions from women compared to what I get from men. For InfoSec World, it was only six percent. Six percent! In an industry that’s 11% female, I should be receiving at least that many. For another event that didn’t have a CFP, I went out to 50% women. Only about half of the women agreed to talk to me about it, then half of those backed out saying they couldn’t or didn’t feel comfortable. Lots of reasons. So an event that I tried to make half women is now only about 10% women. It’s not for lack of trying.
For some reason, women are more hesitant. I could understand that, maybe, at a hacker con, where we’ve all heard the stories. But MISTI is women-run, and we’ve never had a single incident. This should be a welcoming and open place for women to attend and speak, yet we’re seeing less-than-average industry representation. I’m not sure how to change that except to bang my own drum. I think women have to be just as bold as men.
It’s disappointing to not see women stepping forward more. I know there are plenty of reasons why, but at some point, women have to be the ones to make the ultimate change.
KC: Excellent! Thanks for speaking with me, Katherine.
About the Author: Kim Crawley spent years working in general tier two consumer tech support, most of which as a representative of Windstream, a secondary American ISP. Malware-related tickets intrigued her, and her knowledge grew from fixing malware problems on thousands of client PCs. Her curiosity led her to research malware as a hobby, which grew into an interest in all things information security related. By 2011, she was already ghostwriting study material for the InfoSec Institute’s CISSP and CEH certification exam preparation programs. Ever since, she’s contributed articles on a variety of information security topics to CIO, CSO, Computerworld, SC Magazine, and 2600 Magazine.Her first solo developed PC game, Hackers Versus Banksters, had a successful Kickstarter and was featured at the Toronto Comic Arts Festival in May 2016. This October, she gave her first talk at an infosec convention, a penetration testing presentation at BSides Toronto.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.