Anett Madi-Nator: with so few women in cybersecurity, pay gap is not an issue

President of  Women4Cyber Foundation Anett Madi-Nator in an interview with CyberNews expressed a wish to reach gender neutrality in the field of cybersecurity. “What should only matter is whether you can achieve the goal or not,” she said.

Anett Madi-Nator is in charge of the Women4Cyber Mari Kert - Saint Aubyn Foundation - a non-profit organization aimed at promoting, encouraging, and supporting the participation of women in cybersecurity.

Even though right now there are relatively few women in cybersecurity, the field itself is in its infancy, and we’ll definitely see more women joining, she reckons.

“Surely, one or two generations need to grow up, but the more we do cyber, the longer we proceed, the more women we will be able to include,” Anett Madi-Nator told CyberNews.

Cybersecurity seems like an exciting field to enter as the sector is growing, and the pay is also promising. But is it exciting for women too? I suppose they face quite different challenges than men. Why do you think there are not that many women in the cybersecurity field?

A generation that is still at education, typically higher level or university level, our experience is that they hardly ever know anything about how they could gain any cybersecurity-related degree. There are no campaigns targeting young ladies that would also show them how they can join the cybersecurity industry, and what sort of certificates they need for this particular purpose.

The next generation that is out of university or education in general but are still juniors in their fields of activities, they have a bit more knowledge about the importance of cybersecurity. They usually are on a different career path, and they need support in how to divert.

And the third layer is women who are in the industry, have significant experience, and some of them already work in IT-related industries. The Cybersecurity field as a whole would also benefit from showing them that cybersecurity is a manageable career path.

You’ve mentioned that the industry would benefit from having more women in the field. How?

I would mention a very special area of cybersecurity where we have quite a few talented and successful colleagues. This is cyber threat intelligence. Female ability to analyze quite thoroughly, and the patience that  young and senior ladies active in this area usually have, is absolutely remarkable.

I would give you a similar example from the aviation industry: aviation coordinators. In that special segment, females are quite well represented because they have the ability to concentrate on a much broader scale, horizontally. And that is a very important ability when you start coordinating things, when you need to share information quite precisely.

Solution driven attitude that ladies usually have, and the ability to solve problems  based on their human skills, is also a strength. If you have a look at the job market, and the HR structures of larger companies, what you could see is, quite surprisingly, that many large industry representatives have ladies in operational directive positions, typical COO (chief operating officer) positions, and leads of HR are usually ladies. So there are many C level positions that can successfully be taken by women. Some of them are not even from the industry anyway. Because what is more important is the human capability and the human skill set, and not necessarily the technical one.

And what about those women who are experienced and have knowledge in the field? Are they facing the same problems as women in other industries, such as the pay gap?

I have a slightly different view on the pay gap issue, as there are so few women participating in the cybersecurity industry, that kind of glass ceiling issue doesn’t really play. What is more definitive, is whether they are able to work and cooperate successfully, and on a long term in a male dominated environment. If they are, then those kind of typical limitations like salary ceiling, any kind of related things, don’t really play that much. What is more important in this industry, is the achievement itself. If they can provide it, then they would be quite well off. Not salary-wise, but situation-wise. They would be able to manage their own careers paths.

What matters in cybersecurity, is whether you are capable of doing that or not. From this perspective, it’s not gender biased. What is more difficult for those ladies who have families, is that cybersecurity is a very much demanding industry. It’s very difficult to create job positions that provide an opportunity to work 4-5 hours daily. Either you are fully committed, or you don’t do it.

Read more: Katie Shuck: there’s a lack of support for girls to enter cybersecurity

Isn’t the fact that a certain organization doesn’t have enough or any women discouraging other females from entering? 

I believe this is a real issue. It’s very difficult to be an ice breaker. If you want to jump over this burden, someone has to take this pioneering goal. And there are not that many women putting that much energy into this. I think there is a critical minority that we should achieve, which would help us. You know, the female part of society to be stronger represented.

How the situation might change in 5 to 10 years?

It will be a slow change. Just like everything else, that is a societal issue. But if you have a look at the statistics, it’s already changing. Cybersecurity is still at an infancy stage on its own, so, I think, the situation is not that devastating. Surely, one or two generations need to grow up and enter the industry, but the more we do cyber, the longer we proceed, the more women we will be able to include.

Women4Cyber started a registry of women in cybersecurity. How is it going?

We have a positively strange experience. We piloted it last year. Before, we ran campaigns on social media. Within a couple of months, we realized that we had more than 2,500 followers on LinkedIn. So it was like starting a new influencer project, let’s say. This is an absolutely positive indicator for us. It’s very strong feedback for us that we should really do this, and we should really continue. Next year we will have to do stronger and stronger campaigns if we want to grow it exponentially. We are very much committed.

The Registry has about 120 experts on there.

Does this mean that women need a place to encourage each other?

That's a question of motivation. Those women who entered the cybersecurity industry, most of them are quite ambitious and dedicated to the subject. That’s very important to mention. The third issue comes out of these two - that they are also usually quite straightforward and proactive. 

Every area in social media, and the ones that are provided by the EU organizations, are quite well praised by women. There are not that many of these, so these are precious. And those you have access to are very active on social media, and they communicate with one another. We are in a situation where and when we are starting to build a community. It's an early stage.

In Europe, there are a couple of thousands of women doing this. Worldwide, there are tens of thousands of women participating. I know that compared to how many people live on the globe, it’s still a non-understandable minority.

Compared to how many followers we had when we started, the growth is huge and exponential. Why? Because the community gives strength to individuals. If you belong to a cybersecurity community, you are among those people who are willing to support you, with whom you can share your ideas. You have an area where you can start communicating, and that is not male-dominated.

On the other hand, we emphasize that we want to work with men, and we want to collaborate with them. In the longer term, what we would like to achieve is gender neutrality and not female dominance in cybersecurity. To reach a status when it doesn’t matter whether someone is a male or female. What should only matter is whether you can achieve the goal or not. Your performance should be an indicator of your achievements.

I would encourage anyone interested to start investigating which parts of the cybersecurity industry might be suitable for them. Because it’s a complex issue, it’s a broad industry, and I believe that everyone can pick their area.

Can someone with an arts degree or a background in music, or her forties of fifties dive into cybersecurity? What would be your advice? Is it even possible for a humanitarian to join the field?

To a certain extent, yes. But it needs a very strong commitment from individuals. We usually say, for example, when someone starts getting interested in issues like ethical hacking, or more technical parts of the cybersecurity industry, that the first couple of years will be of extensive learning. There’s a certain learning curve to this. To gain technical knowledge that enables them to actually start in a position within a cybersecurity industry.

After that, I believe, it’s only a question of whether they can achieve or not. It’s an individual issue. From this perspective, the cybersecurity industry is not that much different from other industries. I wouldn’t discourage anyone. I would encourage anyone interested to start investigating which parts of the cybersecurity industry might be suitable for them. Because it’s a complex issue, it’s a broad industry, and I believe that everyone can pick their area.