Including Women in the Cyber Security Industry

This post was written by: Jake Sparkes

Diversity is at the forefront of discussions in recruitment, and in Episode 7 of The Cyber Security Matters Podcast we spoke to Karla Reffold about how we can diversify the sector. Karla is the General Manager at Orpheus Cyber, a Board Advisor and American Cyber Award judge. She has also founded and sold two award winning businesses in the cybersecurity industry, hosted her own podcast, and was one of the top three finalists in the Entrepreneur of the Year category at the Cyber Security Women of the Year awards in 2022. Read on to hear her perspectives on improving representation in the Cyber Security industry. 

Do you think you’ve faced barriers in the industry that your male counterparts haven’t?

It’s hard to know when things aren’t explicit. One of the stories that I tell is from a couple of years ago, when I’d sold the business. I worked in the company that bought us and one of my new colleagues said, ‘You leave early every day to pick your kids up, it must be nice being part time.’ I worked every evening and I was in the office earlier than almost everybody else; I worked a lot of hours. That comment really annoyed me, and I called him out on it. I complained about it and he apologised, but the feeling was that it wasn’t a big deal, I should get over it. I definitely felt that from then on I was seen as a little bit difficult, and that’s really unfair. 

I’m glad I spoke out about it, because there are other people that weren’t in a senior position who wouldn’t have felt that they could say anything. I do feel a responsibility, given that I have a platform and some seniority, to call those things out, even when it’s uncomfortable or they seem small. That one stands out to me, maybe not as a barrier but like one of those negative experiences.

Do you think big vendors and individuals within cybersecurity do enough to tackle the lack of diversity in our market?

I’m not sure vendors do, I think teams do when their clients care about it. What’s interesting now is that you’re seeing a lot of the VCs and private equity firms ask about your diversity stats. They see it as a risk, that’s a really interesting change. Money drives these decisions. It’s relatively easy to stick a load of women in marketing, HR and maybe sales. That’s partly reflective of where the market is right? You can’t always hire people that don’t exist. I don’t see the drive coming from vendors as much as I see it coming from internal security teams.

How has the representation of women changed since you started your career?

It’s definitely improved. I joke that I don’t want it to improve too much because I don’t want to queue for the bathroom. It’s changed across the board. There’s a lot of young women who are studying something cyber related. I think the biggest change for me in the last couple of years has been how many men support diversity initiatives and how many men talk about things. If you’re a man, particularly if you’re a parent, you can now talk about picking your kids up or dropping them at school and I needing some flexibility. That really makes it safe for everybody to do that. I’ve seen some really big positive changes in that way.

What else do you think can be done to encourage minorities into the sector more broadly?

Consider what images you’re using. I haven’t used that image of a man in a hoodie in a dark room for five years, because it’s telling people what we are as an industry. Let’s not have that type of image. That makes a difference. Get rid of degrees as one of your requirements. If you’re getting 300 applicants, you are looking for ways to rule people out rather than rule them in, but white men are earn engineering degrees at 11 times the rate of black women here, so if you’re putting degrees into your hiring process, you are just building in economic discrimination. We know that affects different races differently, so get rid of that. Think about your culture too. Stop making this a recruitment problem. It’s not just ‘Hey, recruitment company, go find me a diverse list of candidates’. It’s actually considering what do you do with those people once you’ve got them. How inclusive is your culture? And how do you make everybody feel like they can be authentic at work? Those are my three quick takeaways.

To get more in-depth about diversity in the industry, tune in to The Cyber Security Podcast here

We sit down regularly with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.     

Let's talk

    Or contact us on one of our social profiles.

    Facebook Icon Twitter Icon LinkedIn Icon