This transcription is provided by artificial intelligence. We believe in technology but understand that even the smartest robots can sometimes get speech recognition wrong.

 Today in Health IT, we are discussing cybersecurity needs women, and it needs to treat them better. My name is Sarah Richardson. I'm a former CIO for several healthcare systems, most notably within HCA and Optum, and now president of community development at This Week Health, where we host a set of channels and events dedicated.

To transforming healthcare, one connection at a time. Today's episode is brought to you by Chrome OS. Imagine a healthcare system where technology works seamlessly in the background, keeping your data secure, your teams connected, and your patients at the center of care. Visit ThisWeekHealth. com slash Google Chrome OS to learn more.

And I am joined by Kate Gamble, Managing Editor here at This Week Health. Kate, welcome to the show. Thank you, Sarah. What a way to kick off our week together talking about cyber security needs women and it needs to treat them better. This highlights the persistent gender disparity in the cyber security field and emphasizes the critical need for increased female representation and improved treatment of women within the industry.

Here's some key points. We're going to discuss today underrepresentation of women. And despite advancements, women constitute only 25 percent of the cybersecurity workforce, which is significant underrepresentation. There are barriers to entry and advancement. Women face numerous obstacles from blatant misogyny to subtle biases in educational systems and STEM programs, which can hinder their entry and progression into cyber careers.

There's retention challenges. There is a prevailing boys club mentality contributing to women leaving the profession, underscoring the need for cultural change. We have some historical contributions. Women have made significant contributions to InfoSec, yet barriers continue to impede their full participation.

And finally, we're going to ask for a call for immediate action. The article itself advocates for immediate efforts to dismantle these barriers, promote diversity, and create an inclusive environment that values the contributions of women in cyber security. Kate, there's a ton to discuss here today. Yeah, there really is.

As you stated, Women hold about 25 percent of cybersecurity jobs, but the representation is even lower in leadership and technical roles, and that's problematic. We've seen studies indicating that gender diverse teams improve problem solving and security outcomes, yet women are still underrepresented in cybersecurity across industries, including healthcare.

What, or why, I should say, has cybersecurity remained such a male dominated field? Yeah, that's the million dollar question or billion. Maybe it's billion dollar question now. But you look at the stereotype of cyber security as a male hacker driven field, and that can discourage women, especially early in their careers.

A lot of cyber security roles prioritize technical backgrounds over skills like risk management and leadership. where women have more experience. And then finally the lack of visible role models makes it harder for women to see a career path in security. That's definitely a big factor if you don't see people who look like you in these roles, it's going to be a deterrent.

I have long said that about any role and I'm glad you brought it up. If you don't see people like you in the roles you are aspiring to achieve, it doesn't mean it can't be done. It just means you're going to have a harder path in getting there because you may not have mentorship or the support that you need.

And tell me more about gender diversity for cybersecurity effectiveness, why it matters and some of the things that we're seeing. Yeah, and this is a topic that we cover as far as, the need for diversity, and it's not exclusive to cybersecurity, but what you really see is that having diverse teams approach problem solving differently, which leads to better risk management.

Sorry, which leads to better risk assessments and more innovative security strategies. So in healthcare cybersecurity, where patient safety is directly linked to data security, having a diverse team can better anticipate and mitigate human centric security threats. And in the research, we're seeing that companies with diverse teams perform better financially and operationally.

So there's a business case too, and that's really important, obviously, because we're seeing a lot of pushback. DEI type programs, but if you can show a business case, that can be a difference maker. Absolutely can. And boards are the same way. I do a ton of work with boards and board research, etc. And same thing, when you have two or more women on your board performs more effectively.

What are some other examples that you could share from your research on where diversity has made some tangible impacts in this space? So if you look at simulations, which are a big thing in cybersecurity, having mixed gender teams can identify vulnerabilities faster and more accurately than all male teams.

And I think the biggest factor there is that men and women tend to just see things differently and think differently. And some of the most significant cybersecurity breakthroughs in user behavior. Sorry. In user behavior analytics and threat detection have come from women-led teams. Think about the fact, and you and I have covered this often, and we'll continue to do women make most of the decisions about their families, and that is inclusive of the safety of their children, their parents, their spouses, as much as their healthcare decision making factors. You put that type of think tank together to solve security challenges. It shouldn't be a barrier that hinders women's participation in cyber security, yet it is.

And so what's stopping more women from entering and staying in cyber? So as you alluded to in the beginning of this, there's a hiring bias. A lot of job descriptions favor military or hacker culture backgrounds, which have traditionally excluded women. And then you look at workplace culture, the boys club mentality makes it harder for women to advance into leadership roles.

And I know you and I are passionate about that. And. It's something that really does require a lot of attention and a long look. And when you look at retention, many women leave cybersecurity within the first five years due to a lack of mentorship, promotion opportunities, and work life balance. And unfortunately, what we also see Is that women in cyber report higher levels of workplace bias and challenges in being taken seriously, there's going to be strategies for improvement.

There's solutions for health care. I. T. We're seeing it in stories. We covered previously when it came to. Nurse mentoring programs, which had a higher retention rate. That was also about the inclusivity of culture, about different perspectives, even within your own facilities. What have you seen that organizations can do today to increase their diversity and cybersecurity?

So the first thing is to look at. The hiring practices, and instead of requiring coding heavy backgrounds, which can limit your options, focus on skills in risk management, behavioral analysis, and compliance, where women often excel. Mentorship programs is a huge factor, and we find that in so many ways, but especially women in cyber who have mentors are 70 percent more likely to stay in the industry.

That's An absolutely amazing stat and really something that we can take action from. So creating an inclusive workplace policies is really important to flexible work arrangements, zero tolerance, harassment policies and leadership training. Things like this can increase retention. And then just amplifying female role models, highlighting women in leadership to inspire and encourage more diverse candidates.

We have Anahi Santiago from Christiana Care is someone who's spoken at our events. She's a CISO and I think she's someone who, people look up to and highlighting what she does is so important because as we said, this is amplifying a female role model and it encourages others in the space.

It does. You think of some of those voices within the cyber security elements that are female. Kate Pierce just retired, although knowing Kate, she'll be mentoring and helping women to break some of these barriers in cyber security, because to your point, when you have the opportunity to have a mentor, to feel like you are included in the decisions that are being made and you're seeing people get promoted and there's opportunity for you, you're going to stay in that field.

And I tell women all the time, if you're going to pick a career in information. technology today, make sure that cyber is a huge foundational element of your learning and your continued education because it's not going away. In fact, it's probably one of the spaces that to me could be most transferable across industries and will continue to increase in its need for practitionership.

So it's a great place to lean in and be able. To get a toehold in your industry, but also make sure you have the support that you need and CIOs and cyber securities play a huge role in leading this change, whether it's the CIO setting the tone, the teams will follow if they see that example being set the investment and talent development.

Maybe you're providing scholarships, upskilling, internal training. This will help women advance in security roles. Even some of the internal hackathons and role based ability to solve certain types of problems. You get to see more when you're on the security side, you get to get a little bit deeper. And so if you have that edge of curiosity and wanting to dive into problems that are not a playbook to be solved.

To me, every time we had a security challenge, yes, there were elements or steps we took to solve it. Kate, often there was something unique or some kind of logic and problem solving capability that came into the mix. And then again, If an organization can measure progress, not just gender diversity metrics, but goals that are set to improve representation of people as a whole, that will be a win for leading.

And driving change in an organization, but I want to ask you also about some success stories and role models in this space. Who are the women in cyber security who have paved the way that we should be paying attention to or know more about? Yeah, that's a great question. And I know that we focus on our own industry, but it's also important to highlight some of the others who are really.

Paving the way, as you said Joanna Rakowska is a leading cybersecurity researcher who has contributed to advanced security solutions for operating systems. And Parisa Tabriz is known as Google's security princess. She's been instrumental in shaping Chrome's security features. And Dr. Alyssa Abdulla is the deputy CSO at MasterCard advocating for inclusion and cyber innovation.

So there's a good future outlook on this, like, how do we make cybersecurity more inclusive? More specifically, what's the future of cybersecurity diversity? And Kate, where do we go from here? So the first place that the first thing that comes up is AI and automation. Which is so present in a lot of things we talk about, but AI and automation can reduce the need for manual threat detection and open the doors for people with analytical and strategic skills, areas where more women tend to excel more cyber education in schools and not just colleges, but high schools, potentially middle schools.

to encourage young girls to consider tech careers early on. And the business case is clear. Companies are seeing improved cyber reliance with diverse teams. And those who fail, and those who have failed to adapt will fall behind. So I think that's a pretty strong case and a pretty good kind of roadmap for where to go from here.

Great. So let's put out a call to action on this one. If you're in a leadership role, ask yourself, what are you doing to create a more inclusive cybersecurity team? Are we fostering a culture where everyone feels valued and can contribute to solving the next generation of cyber threats? Kate, your thoughts on this?

Yeah. So not to simplify it, but. Really, it does come down to, not to simplify it, but in some ways it is simple. If you're in cyber, mentor or sponsor a woman in the field. If you're a leader, review your hiring and retention policies for inclusivity. And if you're just starting out, seek mentors, networks, and training opportunities.

And remember, you belong in the space. You absolutely do. And the future of cybersecurity depends on diverse forward thinking teams. That means bringing more women to the table. And the threats we face are complex and we need all perspectives to build the most resilient, innovative solutions. I'm a huge advocate for making this an industry that's better for the next generation.

I have some cyber security mentees that are women and I love the things that they are teaching me every single day. So if this is a space you're looking to lean into, don't know where to start. Reach out to us. We will help you get there. And remember to share this podcast with a friend or a colleague.

Use it as a foundation for daily or weekly discussions on the topics that are relevant to you and the industry. They can subscribe wherever you listen to podcasts. Kate, thank you for joining me today. Thank you, Sarah. Thanks for listening. That's all for now.