Infosec's Feminine Side
Gathering of female execs sets standard for meetings and plain ol' manners.
Last week I was in Naples, Florida, to attend the Women's
, a private conference just for women executives with information
security responsibilities. Despite a particularly rough hurricane season and
forecasts of Naples being on Ivan's hit list, 170 women, most of them with C-level
So what goes on at an all-women, all-executive, information security conference?
The same thing that goes on at any gathering of executives with information
security responsibilities: expert sessions about future trends, worst fears,
outsourcing and privacy; vendor-sponsored "Birds of a Feather" meetings;
keynotes, parties and plenty of networking. Beverly Harris, author of "Black
Box Voting," raised awareness of security issues concerning digital voting
machines. Female executives from Deutsche Bank, Allstate Insurance, Hewlett-Packard,
Merck & Co., Guardent, Neohapsis, Nike, Sun Microsystems, Oracle, Procter
& Gamble, Computer Associates, Microsoft, Symantec, Bank of America, Ernst
and Young, and others led sessions or participated in panels. Barbara Poole,
an executive coach with Success Builders, led a session on executive coaching.
It wasn't the same, however, as the overwhelmingly male information security
and information technology conferences I've attended. Participants seemed more
outgoing, information more free-flowing, and discussions more congenial. There
was less chest-thumping, less insistence; I didn't see any disconnect between
the public faces and private feelings of the people around me. Their eyes looked
at each other with a "hello" instead of doing a quick body scan. No
one was claiming to have all the answers or demanding prima donna treatment.
Please don't take this wrong. I'm not saying that women have the lock on how
to do information security, that mixed gender events don't cut it for me, or
that anyone was giving away company secrets or elevating their organizations'
risk by discussing sensitive information. I'm also not claiming that women executives
are perfect. I'm just commenting that it was a much better sharing, learning
and networking environment. Even though I'm not one of those C-level executives,
I felt a lot more welcome and relaxed throughout the event.
I heard and read a few comments before I went, and I'm sure you'll provide
me with a few more, that say it's stupid to have an all-women event like this.
Sort of like reverse sexism you'll say, or perhaps that any woman who needs
to have an all-female event to ask questions and learn shouldn't be in infosec.
Maybe you even see it as a separation, a further isolating event for women seeking
more influence and higher-paying IT jobs. Well, do you really think that special-interest
groups should be prevented from meeting where and when they want? Sometimes
we all have to seek people we can relate to in order to make us better participants
and leaders in more hostile environments.
Finally, I believe that we can have better mixed-gender events—events
that produce the same type of experience. I think information security requires
strong male-male, female-female and female-male partnerships. It's going to
take a lot of work on the part of organizations and event sponsors, speakers
and participants. It'll probably require a major shift in business and management
philosophy and culture. It's not going to happen tomorrow, but I hope you're
interested in being a part of such a movement. I hope we see some events that
Roberta Bragg, MCSE: Security, CISSP, Security+, and Microsoft MVP is a Redmond contributing editor and the owner of Have Computer Will Travel Inc., an independent firm specializing in information security and operating systems. She's series editor for Osborne/McGraw-Hill's Hardening series, books that instruct you on how to secure your networks before you are hacked, and author of the first book in the series, Hardening Windows Systems.