Honoring Women in Information Security
Women make up just 10 percent of the information security workforce, according to an (ISC)² study. But with one million infosec job openings in 2016, there are still over 200,000 jobs unfulfilled in the U.S., according to a Peninsula Press analysis of numbers from the Bureau of Labor Statistics.
With no shortage of jobs, closing the gap includes raising awareness and changing the cultural mindset that has led to a major gender disparity. At Duo, we’ve recognized the contributions that women have made to inspire a new generation to transform the information security (infosec) industry for the past three years now, starting in 2015.
To help raise awareness and honor those pushing ahead in the field, Duo’s Women in Security Awards have been awarded to two winners in the industry and academia. They have demonstrated:
- Significant contributions to the fields of information security and privacy
- Exceptional knowledge, leadership, and professionalism in technical, academic, or commercial domains
- Community involvement in the security industry beyond day-to-day employment
- Sharing knowledge, providing mentorship, and encouraging the empowerment and success of women in the security industry and related causes
Visit our Women in Security page to find out more about the annual awards, who the judges are, and the prizes - and to start thinking ahead for 2018 about who you’d like to nominate!
Duo’s 2017 Women in Security Award Winners
We awarded our Industry Award to Whitney Merrill, an attorney at the Federal Trade Commission. She received her master’s degree in Computer Science from the University of Illinois at Urbana-Champaign, where she explored issues associated with the intersection of technology, information security, privacy, and the law.
During her time at UIUC, she was an Illinois Cyber Security Scholar and member of the Illinois Security Lab. Whitney also runs the Crypto & Privacy Village, which appears at DEF CON & other conferences each year.
Here is her story:
Thu: How did you get into the information security industry?
Whitney: In short, it was a series of serendipitous events. Computers and technology have always played a large role in my life, and I attended law school to focus on the intersection of law and technology. But my focus in information security and privacy started after I attended DEF CON for the first time as a legal intern at the Electronic Frontier Foundation. I connected with the hacker and information security community and began to invest my time and energy on learning about the legal issues that affected them. Ultimately this led to the pursuit of my master's in computer science and the foundation of the Crypto & Privacy Village.
Thu: What drew you to it? What made you keep going?
Whitney: I identify with many of the skills valued in the community: I have a desire to understand how things work (mechanical things, technical things, and the law), love puzzles, and enjoy solving complex problems. The industry is really still in its infancy, and there are still significant legal, technical, societal, and policy challenges that need to be solved (but perhaps there always will be). I continue to participate in and give back to the industry because it is rewarding.
Thu: Do you have any role models? Who and why?
Whitney: I admire individuals who take on some of the most difficult challenges in security, such as building secure systems and training regular users/consumers.
Thu: Describe an achievement you were especially proud of, and why.
Whitney: I've taken an unusual career path. In undergrad, I was a public policy major and only took a handful of computer science classes. When I was accepted into the NSF's CyberCorps program in law school and offered the opportunity to pursue a CS degree, I needed to take the necessary prerequisites to apply to the master's CS program at the University of Illinois at Urbana-Champaign. Determined to take on the challenge, I enrolled as a full time undergraduate CS student, taking a total of 29 credits during my last semester of law school. This achievement was a pivotal and defining point in my career. I learned what I was capable of achieving if I seized opportunities, fed my curiosity, and worked really hard.
Thu: Have you faced any difficulty or obstacles in the field? Describe.
Whitney: Most organizations (including the U.S. Government) have not optimized for a cross-disciplined approach to law and security issues, so much of my struggle has been trying to figure out what that path looks like.
Thu: What are your goals going forward in the security industry?
Whitney: I'd like to continue to promote diversity within the industry. I also strive to facilitate better communication between communities addressing security issues (legal, hacker, government, academic). It's telling that some say 'cyber' while others laugh at the term.
Thu: What are a few things you would like to change the most about the infosec industry, or culture?
Whitney: I encourage the industry to be more empathetic. I'm also worried about the effect schadenfreude and rockstar worship has on the industry.
We awarded our Academic Award to Katelyn Coberley, a recent Eastern Michigan University (EMU) graduate. Katelyn's pursuit of her B.S. in Information Assurance at EMU sparked a passion for cybersecurity and encouraging involvement in the field.
Throughout her time at Eastern, she co-founded a Women in IA student group and led multiple sessions of the Digital Divas program for hundreds of young high school and middle school girls exploring STEM careers. She graduated magna cum laude in December 2016.
Here is her story:
Thu: How did you get into the information security industry?
Katelyn: I dual-enrolled in an Intro to Information Assurance college course on Saturdays during my senior year of high school. That was my first exposure to information security as a whole, and was a nice bookend to the computer information services course I took at a local technical center during the rest of the week. The course was taught through Eastern Michigan University, where I ended up going to pursue Information Assurance studies as a major.
Thu: What drew you to it? What made you keep going?
Katelyn: I'll admit, what initially drew me to information security was the cool factor. My pre-college days were spent searching for a topic I would never get tired of, something that would keep my curiosity bug fed daily. Information security definitely hit that mark. It's the perfect combination of a necessary component (security) and a constantly shifting field (technology). I was hooked! As someone who often stays up until 2 a.m. on Wikipedia binges, finding this field ensured I would never be bored.
Curiosity drew me into cybersecurity, but there were two main reasons I stayed with it. One of those reasons was the great community of infosec nerds I found at EMU. My peers and favorite teachers encouraged and challenged me. I thrived in that type of environment.
The second reason I stuck with information security was I felt there needed to be more women in the field. I wanted there to be more girls in my classes, in the meetings I went to outside of college... and I still feel that way. The best way I learned to initiate change was to be part of it, so I continued to get out there and pull along as many pals as possible.
That was how my good friend Jessica and I started Women in IA at EMU! We saw a potential to grow the number of girls in our classes and jumped on the opportunity. Another way we've been encouraging diversity in infosec is through initiatives like Digital Divas, reaching out to younger girls to spark their interest early and often.
Thu: Do you have any role models? Who and why?
Katelyn: I aspire to be the level of infosec awesome like some of the folks I follow on Twitter (@mzbat, @level2three, @infosecsherpa, @infosystir, @malwareunicorn, @hacks4pancakes).
Thu: Describe an achievement you were especially proud of, and why.
Katelyn: I'm pretty proud of this one! To me, this award shows that the people in my time at EMU saw what I was doing was worthwhile. I hope it means they'll continue my efforts to encourage girls in infosec, at all levels.
Thu: Have you faced any difficulty or obstacles in the field? Describe.
Katelyn: The early days found me struggling with a lot of imposter syndrome, feeling like I didn't belong. My childhood did not feature computers or a fast internet connection. I grew up reading books, not figuring out ways to get around my school's Wi-Fi proxies. I didn't see a lot of other girls in my college classes, out-of-class meetings were usually at night and didn't welcome newcomers.
It took a lot of Googling acronyms and late night research binges to get to the point where I felt my lack of knowledge wasn't working against me. I started talking more to people about infosec, even people outside the field.
In the Women in IA group, we're trying to initiate a change in gendered language in the program and to make infosec a welcoming space. No one should have to feel like a stranger in our field.
Thu: What are your goals going forward in the security industry?
Katelyn: I want to keep learning. I'd like to do more research and present at conferences.
Thu: What are a few things you would like to change the most about the infosec industry, or culture?
Katelyn: There's not a great space for responsible disclosure of vulnerabilities. There seem to be more examples of this with each passing day, and no real "best practices" guide followed.
It'd be neat to see a "white net" developed for security researchers to share critical vulnerabilities. A sort of grey area post-disclosure to a company, that would be a step between releasing on the public internet or waiting for the company to publish a patch/fix. I'm sure such a space would be useful. I believe that not everyone who discloses vulnerabilities on Twitter is doing it for l33t hacker points.
See our past award winners and learn more about Duo’s Women in Security Awards.