TL/DR: Gender inequality and the lack of women is ubiquitous in tech companies – more so in cybersecurity. While it has been a debate that’s been on for years, more action needs to take place to empower female professionals and founders in the sector. In honor of International Women’s Day, a handful of women at Detectify shared more about what inspires them and how they encourage other women to take up space despite the challenges and thrive in the security industry every day.
1. How did you end up in the security field?
Johanna Ydergård, VP Product (JY)
I have a mixed business and engineering background and started my career as a strategy consultant, working in M&A and private equity, and digitalization of large corporate businesses. After a couple of years, I found that I thought it was boring to be helping large companies “catch up” with the modern world. I wanted to be part of something that both had a good impact on the world, and where I could drive the development of something completely novel. So I went looking for cyber security companies, and I was contacted by our CEO to come build our hacker community Detectify Crowdsource and thought – this is something unexpected, that can be fun!
Lena Myrbäck Lille, CMO (LML)
I have a varied background but have always been in tech. Starting my career as a web developer and going into the 2000 century I was developing the first generation websites for different businesses and industries. Since then I’ve had leading roles in helping businesses build out their online footprint and growth in parallel to developing individuals. I have always wanted to work with something that makes a bigger difference and the world a better place to be in. When I was contacted by our CEO two years ago and he presented the company vision, culture, and our operating model with ethical hackers helping our customers to be more secure, I got convinced this was something great and I entered the space.
Charlotte Kerridge, Web Acquisition & Growth Team Lead (CK)
My role is primarily focused on planning and leading the day-to-day operations of the team and providing the detectify.com users with the best web experience. Before moving into SaaS and cybersecurity, I had spent several years working in B2B physical security publishing, so Detectify was not my first ‘taste’ of security. Several months before joining Detectify, I had seen their focus on equal, diverse workplaces posted frequently on LinkedIn, which I already thought was forward-thinking at the time for an organization working within security. When I investigated their mission and vision, I knew it was something I wanted to be part of – helping companies stay secure, powered by some of the world’s best ethical hackers.
Gabriela Letelier , software engineer (GL)
I started in security by accident, I was a new consultant and my first assignment was at a startup in security. When my assignment ended and I went on to others I found myself missing the security industry. I had heard a lot of good things about Detectify and its focus on a diverse and inclusive workplace. After doing some more investigation about their vision on driving the future of internet security by automating and scaling crowdsourced vulnerability research. I knew that’s where I wanted to be.
Cecilia Wik, Head of Legal (CW)
I have previously worked as an in-house lawyer in a global 50.000+ employee company as the leading lawyer overseeing IT procurement but wanted something more independent and to understand cybersecurity better. I can name three main things that made my move to security and especially to Detectify a no-brainer. First, the opportunity to delve into the cybersecurity world for real in a company that knows what being engaged in the broader community and thus having an impact in the field. Second, the founders of the company being the best in the world at what they are doing and still working in the company was compelling to me. Last, I can strongly relate to the underlying values and human rights that our specific security field promotes, these being democracy, right to privacy and freedom of speech.
2. What is appealing about being in security?
JY – What is fundamentally appealing to me is that we are part of solving a huge societal problem – we are connecting everything and our whole lives to the internet, and it’s so broken. The world is running faster in that direction and internet security is playing catch-up. It is such a fundamental part of our society’s infrastructure and making sure it’s safe feels important.
LML – This is a growing market. With digitalization, every company and individual need to be more aware of risks and need to protect themselves. Working at Detectify, I will be part of making the world more secure and also driving the future of internet security.
CK – Security will never not be important – and there’s something fun in seeing how the industry changes, and how organizations begin to understand all of the different security ‘flaws’ they may have and how their attack surface is growing, and how Detectify can help with this. The appeal is not just security but also a place like Detectify which although is part of a traditional ‘male-dominated’ industry, is trying to find balance and diversity in the workplace.
GL – It’s seeing how the industry is changing and growing, how organizations are getting more aware of security and their need to learn more about security and risks, and how Detectify can help them.
CW – The landscape is changing so rapidly and the learning potential is endless, we really need to be on top of things and fully connected to our environment, politically and socially. But the thing that is most appealing to me, is that cybersecurity today affects all of us in nearly all corners of our lives. It’s therefore meaningful to be part of making that space more safe.
“From the outside cyber security seem like black magic, from the inside, only a fraction of it actually is, but it is many of the more simple problems that have had the worst consequences” -Johanna Ydergård, VP Product at Detectify
3. What has been the most interesting learning about security?
JY – Apart from learning some of the basics of hacking, which was not as rocket science as I expected, something interesting is that many of the attacks and data breaches performed today are based on old and well-known vulnerabilities, and could have been avoided more easily than one might think. From the outside cyber security seem like black magic, from the inside, only a fraction of it actually is, but it is many of the more simple problems that have had the worst consequences.
LML – Lately, it’s been the Log4J Vulnerability that made me realize just how fragile the Internet is. This space is still also very niche with few experts and in order to communicate to our customers, we need to have a high level of technical understanding. This makes it both a fun but challenging space to work in.
CK – It’s difficult to pick just one thing – there’s been so much in the past few years. Learning as much as possible about the External Attack Surface Management (EASM) space has been a highlight for me. When it comes to the web experience, trying to communicate this relatively new area in a digestible and informative way is always a fun challenge.
GL – I knew nothing about cybersecurity when I started a few years ago so it’s been a real learning curve. It’s been interesting learning how much (or little) organizations know and understand about their security. There are still a lot of organizations that are just starting to understand that they need to work proactively to stay secure, that’s why I’m glad to be at a place where I can contribute to that.
CW – It has been interesting to understand how much of cybersecurity is political and that we are sometimes hovering on a very high level of things even though there is so much that could be avoided already on a very basic level. Most of the data breaches today are still due to social engineering and classical mistakes, like setting your password to “password123”. Today, everyone should learn the basics in IT and cybersecurity – that would get us very far in minimizing the attack potential.
4. Tips for women who want to enter the security field?
JY – Try to get a hands-on understanding of what vulnerabilities really are. As long as you know some basic programming you can learn how many of the basic vulnerabilities work yourself. Google OWASP top 10 and watch youtube videos, and set up an instance of OWASP Juice Shop or SecurityShepherd and try it – you’ll notice it’s not rocket science.
Also, never avoid doing something just because you don’t know it well. No one can claim to know everything about cyber security. Just go for it and be willing to learn when you get there.
LML – Build your network with experts, internally and externally, and make sure you always have someone to ask. Take a basic programming course and learn OWASP top 10, it will be easier to understand how businesses are being attacked if you understand how internet and web applications are built up. Knowing the basics makes it more fun to work.
CK – It was a combination of working in B2B physical security publishing, combined with other tech and SaaS experiences that helped me get into the cybersecurity field. From a marketing perspective, I think there is value in experience from other sectors and definitely transferable skills between the fields. Explore the security scene in the area/country you live in – there is a lot of fun company information you can find out on LinkedIn, as well as online publications like Eu-startup, where you can find all the newest and best security companies and their focus. Make a list of where you want to work, reach out, and show your interest! There’s also organizations out there who are really focused on getting more women and non-binary folk involved in tech, hacking and coding – all of which are extremely valuable experiences for working in security – https://www.codelikeagirl.com/, https://llhs.com/ , https://girlsgocyberstart.org/, https://twitter.com/WoSECtweets
GL – When in doubt, take a chance. Find a security company that you like and reach out! It might be scary at first when you don’t know that much but if you’re open and eager to learn new things that won’t be a problem. You may be surprised what happens. Also, there are tons of online courses, books, and pods about security and hacking that you can explore to learn more on your own. I hope to see more women follow in the footsteps of computer programming pioneers Ada Lovelace and Grace Hopper.
CW – A good starting point is to learn about programming, then you can better understand cybersecurity and where the vulnerabilities might hide. Another tip is to understand the broader perspectives, what ethical hacking is, the legal requirements and implications as well as the political and societal drivers.
Don’t just pledge, take action
Sexism has unfortunately plagued workplaces all over the world. While it’s been over a century since Women’s Day was commemorated to promote equal rights including women’s suffrage, companies in all sectors are seemingly still dragging their feet when it comes to equality. The truth lies in the numbers. Women are reported to represent only 24% of the cybersecurity workforce overall.
While sexism exists everywhere, it doesn’t mean that policies, regulations, and work cultures should exist in an inherently sexist way. Working towards ending workplace discrimination needn’t be intimidating. In fact, with a few simple steps, moving towards it could be easier than you think. Detectify, for instance, boasts of a product team that increased from 42% women in 2020, to 60% in 2021 with 50% of executive and 33.3% of engineering hires being women. In addition, the company’s management is comprised of 71% women.
If you are ready for a new challenge to broaden the impact of ethical hackers and kickstart your career in security, take a look at our open positions to join the Detectify team in Stockholm and Boston!