Q&A with Marci McCarthy: The Future of Women in the Security Industry
As part of the Women in Cybersecurity series, we plan to shine a light on women in the IT security trenches at our customer sites and across the industry. If you would like for us to recognize a female colleague in IT security, please drop us a line at firstname.lastname@example.org. Read the kickoff post here to learn more about the series.
We recently talked with Marci McCarthy to learn more about the security industry and what the future looks like for women. Marci has over two decades of experience in InfoSec. She has founded three companies, created a nationally acclaimed security professionals award program, and was the recipient of the 4th Congressional District of Georgia Citation for fostering greater visibility and professionalism for the IT security industry.
Currently, Marci is the CEO and President of T.E.N., an information security executive networking and relationship-marketing firm, which is celebrating its 10th anniversary in 2020. Each year, her company delivers over 100 technology and security programs in the U.S and Canada in 48 different cities, including their flagship Information Security Executive® of the Year Program Series, in 5 different regions. Their goal is to bring security executives and solution providers together for face-to-face opportunities.
How have you seen the importance of security evolve during your career?
When we first launched T.E.N, a little over a decade ago, the security executive wasn’t considered a “necessary” role. Many people viewed security professionals as people sitting in a back room saying no and making your computer work slower. Because they were not seen as a business driver, most security execs didn’t have a seat at the boardroom table.
Fast forward many years, and the security profession has been elevated to include C-level positions with a significant budget — and a seat at the table (either in the literal or figurative sense). Security professionals are now very much a part of business strategy in terms of how the company progresses forward and offering solutions for mitigating risks for their company.
Information security is one of the fastest growing professions and it’s been amazing to watch it become a critical function at companies. The change happened largely because people believed that security professionals need to be highlighted, recognized and elevated for their work. Even during the current COVID-19 crisis, companies are seeing the importance of security at the desktop, endpoints and systems.
Are you seeing more women entering security than previously?
(ISC)2 found that women represent 27 percent of the cybersecurity industry, and the number has doubled in the past 18 months. While I am excited to see more women entering the profession, I still travel to IT security events where the only women in attendance are me and my staff. We’ve come a long way, but we still have some work to do in the overall leadership levels for women and minorities.
Women tend to excel at working in a high energy type of environment where they must multitask. Just as women do after hours, we prioritize and enjoy feeling a sense of accomplishment in our work — which is a great fit for security.
What tips do you have for women starting in technology or IT security — and what about those who might be past entry level and want to advance?
Regardless of your gender, you need to believe in yourself — first and foremost. Don’t let your gender be a hindrance, handicap or excuse. What matters is what you bring to the table, how hard you work and your leadership skills. If you are not interested in leading people or managing projects, we need all types of skills across the board, including developers and architects. You must decide what your career goals are and what works for your future.
Emotional intelligence is essential, as is regularly assessing your skills. Clarity into your strengths and weaknesses allows you to focus on the strengths. If the weaknesses are something that are holding you back, then you need to work on how to improve those areas.
What can the IT and tech industries do to better advance gender equality?
I think there’s a much greater awareness of the important role women and minorities play in technology and cybersecurity. I’m a member of the board of directors for ICMCP, which helps bring women and minorities into technology and cybersecurity to inspire them to become the next generation of leaders. I’m also on the board of directors of TechBridge, which mentors non-college bound high school graduates through a 16-week boot camp style training course that teaches skills such as Salesforce, ServiceNow and front-end development. Our program has an 87 percent placement program, with many of our graduates getting solid five-figure jobs without a college degree.
Tell us: what do you like to do in your free time?
I really enjoy yoga, and I love the relaxation. Before the COVID-19 crisis, I went into the yoga studio several times a week. And even with the stay-at-home order that has my yoga studio closed, my yoga teacher has held live online classes. Recently, I’ve taken up clay shooting — which has been great lately, because there is natural social distancing with a firearm. It’s a very safe sport to do right now, and I get fresh air from being outside.
Last question: what is your suggestion for companies that want to encourage women to seek jobs in cybersecurity?
I’m going to answer the question from the standpoint that we will return to a sense of normalcy sooner rather than later. At the end of the day, cybersecurity is experiencing a qualified talent shortage, with not enough people to fill open opportunities. I challenge each company to think outside the box and tap into the nontraditional talent pool, such as our TechBridge graduates, who have passion, are hardworking and have the technical aptitude.
By paying it forward and not getting hung up on candidates needing a four-year degree, you will build your own talent pool and, more importantly, retain the employees. If you train your new employees with your tools, technology and culture, then you have a better chance of retaining those employees and not having an open position for six to nine months.