The woman behind a US$10 billion company’s cybersecurity team
Women are severely underrepresented in cybersecurity. A Center for Cyber Safety and Education report found that only 11% of the cybersecurity workforce was female. In North America, women in cybersecurity represent 14% of the cybersecurity workforce.
This huge gender gap is worrying considering the shortage of cybersecurity professionals across public and private sectors and the fact that women represent almost 50% of the world’s population.
Stephanie Aceves represents the few women in cybersecurity in the US. The senior director, Threat Response SME Lead at Tanium, is a cybersecurity subject matter expert who works closely with developers, product management, engineers and customers to implement Tanium for their cybersecurity needs.
Aceves has obtained GIAC certifications for forensic examination and penetration testing; she graduated with a BS in Computer Science from the University of Southern California. Her foray into the field began out of curiosity when growing up in a strict household.
“I remember having to turn my cell phone in to my parents every night at 8 p.m., all the way until my 18th birthday. Not the type to accept an answer I didn’t like, I found myself circumventing my parents’ strict rules (they know about my workarounds now), finding ways to send texts from my Playstation Portable, among other things,” she told U2B via email.
Her curiosity turned into a passion for cybersecurity – for getting around security controls and “hacking.”
“My senior year of college, I was fortunate enough to sign up for an elective that was supposed to teach me to pick locks. I was on scholarship at the University of Southern California (fight on!) and always tried to take the maximum number of units to learn as much as I could in my time there,” she explained.
Coincidentally, the class teaching students lock picking was also the introductory course to information security. “I remember being mesmerised by what we were learning. I pivoted from aspirations of being a developer to a desire to work in cybersecurity,” said Aceves.
After college, she worked at EY as part of the Cyber Threat Management team, leading ethical hacking engagements for clients across various industries. “I loved the thrill of a new project – having to figure out how to break into the company’s network and gain access to their most prized possessions,” she said.
From EY, she went on to work with Tanium and started helping companies prevent and respond to attackers. “In this role, I’ve been able to build on my experiences on the red team (ethical hacking) side of the house to better secure some of the world’s most critical infrastructure.”
Talent vacuum for women in cybersecurity
Cybersecurity professionals may have a wide range of responsibilities, but their job entails protecting an organisation’s computer networks and systems from being compromised.
The US Bureau of Labor Statistics’ Information Security Analyst’s Outlook notes that cybersecurity jobs are among the fastest-growing occupations in the US. They predict cybersecurity jobs to grow 31% through 2029.
In the UK, research shows that high proportions of UK businesses lack staff with the technical, incident response and governance skills needed to manage their cybersecurity. An (ISC)² Cybersecurity Workforce Report said women in cybersecurity roles might also earn considerably less than men.
“When asked about their previous year’s salaries, 17% of women said they earned 50,000 US dollars to US$99,999, a full 12 percentage points less than men (29%). Women are somewhat closer in representation within the US$100,000+ range (16% vs 20% of men) but of course that still means proportionally fewer women earn that level of compensation,” it said.
(ISC)² notes, however, that if women cybersecurity professionals as a group are younger than men, fewer have worked in the field as long as most male counterparts, so that may be a cause for some discrepancy.
“But this doesn’t erase the reality revealed in previous research that women in cybersecurity managerial positions earn about US$5,000 less than men, indicating there is still an issue that needs to be addressed,” it said.
While reports show there are challenges women in cybersecurity face, Aceves believes in focusing her attention and energy on things she can control, including her technical competency or her executive presence, and tries to mentor others in the same vein.
“I want to encourage other women to think the same way. The only way we can improve the cyber skills gap is to empower more women to get involved in the industry. I understand that the reality has tough moments, as biased situations do arise, but if this is the primary narrative surrounding women in a historically male-dominated field, it taints the overall perception of STEM,” she explained.
“I believe that women have and deserve a seat at the table. I am hopeful for the future and committed to making space for other women who have a desire and a passion for a career in cybersecurity.”
Mentorship, scholarships to support underrepresented communities in STEM
As part of her way to give back to the community, Aceves, a proud Latina, has made it her mission to uplift those around her, especially women in underrepresented communities.
“That’s why I’ve been awarding an annual scholarship to Latinas who are pursuing an education in STEM for the past five years, paying forward the support I have received in my own professional development. My goal with this scholarship is that the women I invest in continue to invest in themselves and uplift other Latinas pursuing careers in STEM in the future.”
Aceves said there is a common narrative in the world of tech that there are few women in the field and that they constantly face discrimination. “This gives a false perception of STEM as an impossible female slog, and can scare others considering a career into believing that women always have to fight to have their voices heard,” she said.
“This is simply not the case. It’s why I am so passionate about mentorships and think they are extremely important, as they encourage women to be unapologetically themselves. For women who have a desire and passion for a career in cybersecurity, mentorships can help them to find their most authentic selves and allow others to celebrate their identity and diversity of ideas.”
While women still have a long way to go towards carving a bigger representation in the cybersecurity workforce, Aceves believes that anyone who desires to work in cybersecurity has a place — as long as they have a curiosity to learn.
“Cybersecurity, as with any technical field, requires consistency and persistence. If you want to learn it, if you stick with it long enough, if you ask why – you’ll find a happy home here,” she opined.