COVID-19 has changed the ways businesses operate today. Like health care and banking, cybersecurity was one of the most impacted industries with phishing and ransomware attacks at an all-time high. The pandemic also negatively influenced the workforce shortage trend, making it prominent and noticeable. One of the troubling elements of this shortage could be the underrepresentation of women in tech and cybersecurity. Women’s representation in cybersecurity has been less than a quarter (24%) and has remained that way for almost a decade, if not more. Lack of women role models in the industry roots from an unconscious bias in the society amongst all cultures that “tech is for men.” Pooja Tikekar, Feature Writer at CISO MAG, engaged in a conversation with Rajpreet Kaur, Senior Principal Analyst at Gartner, to discuss gender stereotypes and the need for more inclusive mentors in the industry.
Rajpreet helps IT leaders in resolving their network security issues across hybrid environments. Her research focuses on network security technologies such as Web application firewalls, DDoS mitigation services, advanced threat detection, deception platforms, and network security policy management tools. Rajpreet also discusses security gap analysis, DDoS threat mitigation, and ways to build cyber resiliency.
Edited experts of the interview follow:
A detailed assessment of security architecture from a technical standpoint helps identify and mitigate hidden risks that threat actors are likely to exploit. What are the most common and critical risks associated with network security that need remediation and improvement for building resiliency and improving an organization’s security posture?
Organizations must be aware of how the threat landscape and the business landscape shift. 2020 ONWARDS there have been swift changes to threats with increased remote work and targeted malware campaigns that take advantage of worldwide events, such as COVID-19. The networks have evolved and hence network security must evolve to secure these hybrid networks. Phishing and other human-facing social engineering tactics remain the primary vectors of successful attacks; however, credential stuffing and scan-and-exploit tactics are also increasing. Digital business and edge computing have inverted access requirements, with more users, devices, applications, services, and data located outside of an enterprise than inside and users working from home.
Performing security gap analysis helps circumvent cybersecurity vulnerabilities. However, this evaluation may vary as compliance standards differ from one organization to another, depending on the scale of the business. And compliance doesn’t necessarily achieve security. How do we close the gaps between security and compliance?
Compliance as a checklist approach can never help an enterprise to achieve continuous and adaptive security in an enterprise. Enterprises must use a continuous and adaptive risk and trust assessment strategic mindset to enable prediction and prevention, where feasible, and deploy detect and respond capabilities to adjust to changing threats. Enterprises must always remember that compliance is the baseline; our protection is business-risk-driven.
Most DDoS attacks rely on rented botnets. What other attack vectors do adversaries use to launch DDoS attacks? And how can CISOs adopt smarter ways to combat them?
DDoS attacks have become more intense and sophisticated in this pandemic world. Bots have been a primary source to generate these attacks. Security and risk management leaders must anticipate business interruptions by including DDoS preparedness in business continuity/disaster recovery procedures as well as incident response. Also, implement a layered DDoS defense by utilizing the best of cloud scrubbing center, cloud web application firewall, bot mitigation, DNS protection, internet service provider, and on-premises DDoS appliances consistent with your risk assessment.
You hold a master’s degree in Computing Systems and Infrastructure and your research focuses on network security, including technologies such as IPS, web application firewalls, and APT detection. However, sometimes, gender stereotypes and cultural norms falter girls’ interest in STEM. How can educators and industry experts foster a mindset that alters perceptions?
I am observing a strong interest in girls fighting beyond the cultural boundaries and showing great interest and adopting STEM subjects. Girls are making huge strides there. And these achievements of women in the industry have started to change the perception. Things are pretty different in different regions though, in many emerging regions like Asia, we see parents encouraging girls to adopt STEM subjects as it leads to better jobs with good income. I personally believe girls are naturally blessed analysts and can make great research scholars that their contribution to the STEM industry is critical and the employees need to support that along with the society to support them.
Women’s representation in cybersecurity has been less than a quarter (of the total workforce) and has remained that way for almost a decade, if not more. Do you think more inclusive mentors could change this?
I think the primary reason for lesser women in it is that cybersecurity careers don’t have fixed working hours and might require late-night meetings, traveling, etc., considering the criticality of the industry and many find it difficult to manage with no support. Having good mentors can make a huge difference no matter what the gender is. Offering flexibility to help find them a work-life balance is very important. Work from home has provided many women a more flexible working schedule and helping them to find a balance.
Women, sometimes, experience uncertainty at their workplace. What cohesive steps can men/businesses implement to them feel confident and support them to ascend the corporate ladder?
I have been very lucky to have great managers who have hugely contributed to my career, and all of them were men. They strongly practiced gender equality, treating me equally, giving me equal opportunities, and making me a confident employee. Corporate policies implementing strong gender balance and equality can play a critical role to make their women team members feel motivated and equal.
About the Author
Pooja Tikekar is a Feature Writer and part of the editorial team at CISO MAG. She writes news reports and feature articles on cybersecurity technologies and trends.