One of the reasons we began Cyber Protection Magazine is to make the industry more attractive to marginalized people in the workforce. It’s a technology niche that has more job openings than any others, which means those marginalized folks have better opportunities for well-paying, upwardly mobile and management positions. This is why we support initiatives or events which promote minorities. One of the contacts we have had in the past was with infosecgirls. Infosecgirls was founded by Vandana Verma in India and in the short time after its founding already has gained some publicity and managed to establish several chapters around the world.
We spoke with Vandana Verma about the infosecgirls initiative – and about Open Source Security, a topic which we covered before. In her regular job, Vandana helps to ensure open source security at Snyk.
Cybersecurity Magazine: How has been your journey with Infosecgirls during the pandemic – can you tell us what changed since then, have you had success with infosec girls?
Vandana Verma: The last year and a half was not very easy for everyone. Similarly, all the events, communities were struggling to keep up with the change. InfosecGirls also went through a similar journey. From a safety, security and compliance point of view Virtual events are the need of the hour. Virtual conferences/meets are bringing in incredible training right inside the comfort of your home – as the best experts can join from anywhere in the world and people. Irrespective of their location they can attend the same. InfosecGirls started hosting virtual events and spread its wings more with the add-on chapters and leads. While we were doing it, we came up with an Idea to bring diverse candidates and people with the cause and we started InfosecDiversity to help out everyone around the world.
Here are some stats from the past years:-
- Growth in India, US and Europe : What started off as a single city initiative has now reached 17 chapters across India, US and Europe.
- Enabling Learning and Development : We have always believed in the power of knowledge.
- Webinars and Tech Talks: Our volunteers and leaders have conducted over 50+ webinars in different areas of Infosec that are freely available on our YouTube channel.
- InfoSec Panel Discussions : We’ve engaged with multiple Infosec leaders from around the world with a series of panel discussions.
- Collaborative Partners : We’ve always believed in the power of collaboration. We are excited about everything in Infosec right from DevOps to Cloud and in 2021 and 2020, we’ve have been the community partners for:
- Women Unite over CTF 2021 in collaboration with Point3 Security
- Secure Coding Tournament – CTF 2020 in collaboration with Secure Code Warrior
- Security Innovation Summit 2020 in collaboration with Cyberalliances.
- All Day DevOps 2020
- Diana Initiative 2020
- Cloud Community Days Online 2020
- SiberX Conference 2020
- Thriving Networking Hub : We’ve always worked towards expanding networking and allyship for women in Infosec.
- We were the organizers of the Women Security Meetup at Black Hat Asia 2020.
- We regularly organize global networking sessions within our community for women and girls to bond over diverse topics in Infosec.
- We’ve helped over 3000 diversity candidates by providing learning and networking opportunities in multiple conferences including AppSec conference, BSides Delhi, OWASP Seasides and many more.
- Supportive Scholarship Providers: Quite recently, we have collaborated with Cybersecurity Works to provide a national scholarship opportunity to help women graduates pursue their dreams in Infosec.
- Safe Mentoring Space: In our initiative to support women who are new or changing careers to Infosec, we’ve created a safe mentoring space where mentees can get support on career counselling, resume assessment and also tips on breaking into this field.
Hopefully when we go back to our new normal, we will get to meet and greet people in person, but for now it’s good to have and continue with the virtual connections.
Cybersecurity Magazine: Due to the pandemic, a lot of kids are staying at home and in some countries a fallback to role models from decades ago seems to take place – do you see the missing education and that fallback as a potential problem for women in cybersecurity?
Vandana Verma: COVID-19 compelled millions of parents to educate their children at home around the world. In the beginning, it was very tough to manage the education, it all accompanied by a slew of challenges for parents, including a scarcity of resources such as computers and a slow internet connection, as well as a sense of being overloaded. Similarly, it was tough for everyone, be it managing the office work, household chores, especially burnouts. If we talk about women in cybersecurity, it has its own twists and turns. A lot of new initiatives started to include them more to be part of such initiatives. At the same time, some people lost their jobs. People are supporting Gender Diversity big time. Every organization, conference is supporting the initiatives and advocating more about it.
The path towards gender-equity and fostering diversity in Information Security is difficult especially in a country like India where the talent pool of Engineering graduates is over a million every year, out of which only a few hundreds or less number of girls end up in Information Security, yet each day the rise of Cybercrimes against women and girls are on a steep rise.
Cybersecurity Magazine: Do you see any improvement with regards to more women in cybersecurity?
Vandana Verma: We are witnessing improvement in Gender balance. Cybersecurity Ventures reported an increase from 11 % to 24 % between 2013- 2019. My personal experience working with different organisations and now working with Snyk has been very enriching, be it through its inclusive policies, the culture and the people all have helped me grow as an individual while further developing my skills.
Cybersecurity Magazine: How would you describe the opportunities for a woman in cybersecurity today?
Vandana Verma: In cybersecurity, what’s really changing is that women are getting equal opportunities, such as being invited on the panel discussions, invited to be keynote speakers and being given equal opportunities to them as part of the organisation. The trend in the companies is encouraging, so hopefully they are on the right track.
Cybersecurity Magazine: What advice would you give to an entry-level woman in the cybersecurity industry?
Vandana Verma: Cyber security is a very dynamic area. So be curious to learn more about it, learn different things and never feel any question is a dumb questions. Always keep learning. Not only does the cybersecurity profession allow you to contribute your unique set of abilities, but it also allows you to learn from others. Never allow someone else to dictate your story, you must be in charge of your own fate. As I keep questioning my contributions in the technological industry, I heard a similar message from my mentors again. I am grateful for my incredible support system, which allows me to continue moving beyond my comfort zone.
Cybersecurity Magazine:– What do you see as the biggest hurdle that needs to be overcome in order for more women to pursue this career path
Vandana Verma: The Information Security domain can be glamorous as well as tiring at times. The key in this domain is that one should constantly focus on how security can be improved by learning and applying the necessary skills. Rest, everything (career advancement, etc.) falls in place. Also, I would like to add that one should always consider giving back to the community by ways of teaching, writing blogs, etc. There are some wonderful free and open communities in India such as null community, OWASP chapters, etc where you can participate.
Cybersecurity Magazine: why do companies these days rely on open source libraries?
Vandana Verma: Open Source software and libraries are in use big time, As per one of the research 80-90% of the code on the internet is open source. Open source are advantageous in many ways in providing quick help to run the application or softwares. The most obvious one is things given under the open source banner are free to use and open, with very limited restrictions in some cases.
Cybersecurity Magazine: why are those libraries potentially insecure?
Vandana Verma: The open source softwares and libraries are not inherently insecure in most cases. If We are using some libraries as part of our code and leave them unpatched knowingly or unknowingly. It can be a huge risk to the application or softwares. Oftentimes libraries have interdependence and if one library is patched and other is unpatched. It can still be a huge risk to the application. A lot of organisations do not have the purview of what all libraries are in use in an application due to improper documentation.
Cybersecurity Magazine: how can companies secure those libraries?
Vandana Verma: The first thing any organisation can do is to maintain the proper documentation in the Enterprise Application library and keep it up to date. A huge challenge is to keep it updated as to what is being used in the application, what are the third party components and the integrations with other applications. Also, if this is not feasible, we can use a software composition analysis tool to scan the environment for use of possible open source or third party components.