In this week’s episode of the podcast (#219) we speak with four cybersecurity professionals about what it means to be Queer in the industry. We talked about their various paths to the information security community, finding support among their peers and the work still left to do. All in honor of Pride Month, 2021.
The information security community has grown at a fast clip over the last two decades. What started as a humble collection of small, antivirus software firms is now a sprawling global market worth more than $150 billion, and with projected growth of more than 10% annually over the next decade. Hundreds of thousands of workers have flocked to the industry. And hundreds of thousands of more need to in the months and years ahead. By one count, there are half a million unfilled job openings in cybersecurity in the U.S. alone.
How welcoming will the field be to these new workers? If past is prologue, as the saying goes, there is reason for concern. Infosec is one of the most demographically lopsided industries around in terms of gender. Just 14% of cybersecurity workers are women and women are severely underrepresented in leadership roles. A man, for example, is 5x more likely to hold the title of CISO than a woman. And, while minority representation in the industry in the US is about in line with their representation in the general population, an ISC2 survey (PDF) found that minority cybersecurity workers are underrepresented in management roles.
But what about sexual orientation and gender identity? How welcoming is cyber security to members of the LGBTQIA+ community and what is their experience like working in information security related fields? If the cyber security field is going to fill those 500,000 open recs, it will need to welcome not just to women, ethnic and racial minorities, but also to workers with diverse sexual orientations and gender identities.
According to a 2020 Gallup study, 1 in 6 adults in Generation Z identify as Lesbian, Gay, Bisexual, Transgender, Queer, Intersex, Asexual, Agender, or anything else that is not considered straight and/or cis-gendered (LGBTQIA+). As more young people enter the workforce, the cybersecurity industry must meet the demands of progress in order to minimize its talent gap, and create a more inclusive work environment for all people, regardless of their sexual orientation, gender identity, and/or expression.
In celebration of Pride month, Security Ledger podcast is talking to LGBTQIA workers in cyber security about their experience in the field: how they got to where they are, and their experience being “out” and -in many cases – coming out in a high stress, male dominated profession.
Lea Kissner, Twitter: Engineering Respect
Our first guest is Lea Kissner, who is the Head of Privacy Engineering at Twitter and a former Global Lead of Privacy Technology at Google. Lea (@LeaKissner) is a pioneer in the field of Privacy Engineering and a co-founder of PEPR, the world’s only technical conference focused on the subject. In this conversation, Lea and I talk about their path to a career in cryptography and cyber security – from a childhood passion for math and robotics, to their current focus on building systems that can preserve privacy at scale for companies like Google and Twitter. We also talk about the benefits of building diverse teams, not just in terms of skills, but also in terms of perspectives. As a non-binary individual, Lea said that information security is a natural home for professionals from marginalized communities. “We want to protect people and we understand that people face very real threats. If we have a broader idea of what those threats are, we can do a better job of building products and systems that protect them.”
Alissa Knight, Knight Ink: We’ve Evolved
Alissa Knight (@alissaknight) describes herself as a recovering hacker of 20 years, who blends hacking with a unique style of written and visual content creation for challenger brands and market leaders in cybersecurity. She is a partner at Knight Ink, and works as a cybersecurity influencer, content creator, and community manager for the company. Alissa is also a principal cybersecurity analyst at Alissa Knight & Associates.
Alissa’s story is one you commonly hear in the information security space: a curiosity about computers from a young age, some youthful indiscretions that lead to a brush with the law, then work for the government where those hacking and cyber sleuthing instincts were put to better use and, finally, to a career as a successful security entrepreneur. Where Alissa’s story diverges from that of many other information security professionals is with her decision, in her late 20s, to transition from living her life as a man to doing so as a woman. In this conversation, Alissa and I talk about the value to companies in embracing LGBTQ+ workers – not just because its a good thing to have a diverse workforce, or because Millennial and Gen Z workers expect it, but because Queer professionals – who have spent their entire lives fighting to be recognized – bring a determination and passion to their professional endeavors that sets them apart.
Amèlie Koran, Splunk: We’re Not At ‘Star Trek’ Yet
Amèlie Koran is a Senior Technology Leader with a broad range of experiences in both the private and public sectors, who specializes in managing large teams to better cybersecurity practices in a number of different industries. She was the first trans civilian employee to work at the White House, taking part in several Obama Administration projects: the U.S. Digital Service (USDS), the President’s Management Agenda for the Open Data Initiative, as well as the U.S. Department of the Interior’s first mobile technology strategy. Amelie also led the 2014 revision of the Federal Information Security Management Act (FISMA).
In this conversation, Amèlie (@webjedi) and I talk about her decision to transition and how the information security community, including around conferences like Washington D.C.’s Shmoocon proved a vital source of support for her during the process of transitioning. Still, Koran readily admits there is still a lot of work to do in infosec, as well as elsewhere in society. “There’s still an active thing to ‘other’ another group,” she said. “There’s work to do.”
Chris Kirsch, Rumble: Don’t Be A Jerk
Chris Kirsch found out early in his career that he had a passion for helping security start-ups market their solutions, which he has continued doing for the past twenty years. He currently works at Rumble, Inc., a company he co-founded that brings together the best of IT, networking, and security technology to deliver network discovery and asset inventory capabilities for modern enterprises. He is also an Advisory Board Member for SIGNALS as well as Bridge12 Technologies Inc. Past companies he has worked for including Veracode and Rapid7.
As a gay man in information security, Chris (@chris_kirsch) said that he’s generally found the information security supportive. But that doesn’t mean there haven’t been issues and obstacles. Before gay marriage was recognized federally, Chris and his husband experienced first hand the discrimination faced by generations of gay couples, when an Maryland-based employer refused to recognize their German marriage and denied health coverage to his spouse.
While the legal picture has become much clearer for gay couples, Kirsch notes that other members of marginalized communities are not so luck. Many companies today continue to deny coverage of vital treatments for trans men- and women, like gender reassignment surgery, for example. Chris and I talk about the continuing work that needs to be done and the need for both companies and individuals to educate themselves about the history and the present of the LGBTQ+ community.
Listen now to this special episode of the podcast by using the button below!
Thanks! And: Pride Month Resources
We were honored to hear from these three about their Queer identities, how these identities have impacted their professional endeavors, as well as what more can be done to better the cybersecurity community in regards to inclusivity.
Resources Mentioned by our Guests
Our guests had lots of great suggestions for resources for LGBTQ+ professionals interested in information security, or just looking for support within their profession. Here are links to some of the resources they mentioned.
- WeOpenTech – WeOpenTech is a global community of marginalized genders who work in technology and information security. (Twitter: @weopentech)
- HRC’s Corporate Equality Index – Does your employer (or prospective employer) support inclusion? The CEI can tell you.
- OutInTech – Out in Tech is the world’s largest non-profit community of LGBTQ+ tech leaders. The group creates opportunities for our 40,000 members to advance their careers, grow their networks, and leverage tech for social change.
- QueerCon – Queercon started in 2004 as a hacker party inside of the annual Defcon hacker conference. Since then, Queercon has grown into the largest social network of LGBT hackers from around the world. In addition to its annual conference, Queercon operates a Discord server and continue to grow and focus on outreach to the LGBTQ+ community within the IT Security and Hacker Spaces.
The Trevor Project
If you or a loved-one needs support, check out these resources:
*The Trevor Project is a 501(c)(3) tax-exempt organization that is not affiliated with The Security Ledger
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.