Anne-Marie Slaughter is the president and CEO of New America, a think tank “dedicated to the renewal of American politics, prosperity, and purpose in the Digital Age,” and a grantee of our Cyber Initiative. She is also a professor of of politics and international affairs at Princeton University, where she previously served as dean of the Woodrow Wilson School of Public and International Affairs before a stint as director of policy planning for the United States Department of State from 2009-2011.
Megan Garcia is senior fellow and director of growth, California, for New America, where she leads the organization’s Women in Cyber work. Prior to joining New America, Megan served as a program officer at the Hewlett Foundation, where she oversaw our Nuclear Security Initiative and helped set up the Cyber Initiative.
Anne-Marie and Megan hosted a conversation at the Hewlett Foundation last week called “Decrypting the Gender Gap: Women in Cybersecurity,” after which I had a chance to ask them about their work in this area, and in Cyber more broadly. The following is a lightly edited transcript of our conversation.
Eli Sugarman: New America’s Women in Cyber work is part of a number of wider conversations: about women (and diversity more broadly) in the tech sector; an immature cybersecurity field, which New America is working to address; and even the unfinished business of the women’s movement, the subject of Anne-Marie’s new book. How do those conversations intersect with creating a more inclusive cybersecurity field? What levers need to be pulled to make change?
Anne-Marie Slaughter: Part of what makes cybersecurity so interesting is its distinct culture. If you take the military-influenced, macho culture of international security and the tech/geek culture of computer science and blend them together, what you get is cybersecurity culture. It’s understandable that not many women, especially young women, imagine themselves entering the field. And now we’re at a really low point: Estimates are that women make up only 10 percent of the cybersecurity workforce, which is lower than most of the tech sector and lower than international security. Given how important cybersecurity, and more broadly cybersafety, are for the digital economy, shutting women out of these fields, intentionally or unintentionally, is like keeping them off the factory floor at the beginning of the industrial revolution.
Megan Garcia: Given the complexity of the cybersecurity field, we’re pursuing a few strategies. One is with cybersecurity companies. It’s a huge and growing industry and the companies have a great opportunity to bring more women into the field and to try and keep them there. We’re bringing all of the large and many of the mid-sized companies together to share the successes they’ve had bringing women into the field. We’re also figuring out how to apply the wealth of social science research about implicit bias and women in male-dominated fields to bear on hiring and retention strategies to create new ways to successfully bring women into the field.
Anne-Marie Slaughter: There’s also the broader work that I’m doing—and that New America’s Breadwinning and Caregiving Program is doing—to change the way we think about work and care. One thing many women say when they leave cybersecurity is that it’s a 24/7 job that isn’t possible to do if you have a family you want to see.
Women come up to me all the time when I’m in the Bay Area and ask how they can get their colleagues at their tech company to understand that they’re still committed even though they’ve had a child or are caring for an ailing relative. Their companies have great leave and flexibility policies on paper, but anyone who takes them is subject to “flexibility stigma.” In fact, the entire 24/7 culture, or what Cathleen McGuigan, editor of Architectural Record, calls “the culture of hours,” is more about competition than quality and productivity.
Professions like architecture, law, consulting, and banking are also all about being available 24/7, but a growing number of professionals are questioning whether this is necessary and what it really means for the quality of the work. We need a culture of experimentation and innovation, allowing employees to try job shares, reduced hours, intense periods on followed by time off, and other possibilities and judge those experiments by the quality of the work that gets done.
Eli Sugarman: Why is New America choosing to focus on cybersecurity? How does it fit in with your other priorities, and what do you hope your work can bring to the conversation?
Anne-Marie Slaughter: New America is all about big ideas and renewing America in the digital age. One of the most pressing problems we face as a country and internationally is how to keep individuals, companies, and governments secure in a world where we expect the number of online devices to exceed thirty billion by 2020. Developing some basic rules to govern individual, corporate, and government action in cyberspace is essential and one of the most exciting ventures of this century. New America tries to forge policy ideas where they’re needed most, and as a think tank and civic enterprise, we’re especially well placed to try to build consensus among all of the different entities out there muddling through cybersecurity questions.
There really is a splintered approach to cybersecurity problems – I am a foreign policy expert, so I see cybersecurity largely through the lens of national security. But our Open Technology Institute sees these issues much more through the lens of privacy, civil liberties, and social justice. And then there are East Coast perspectives and West Coast perspectives! We think we are well placed to integrate these different perspectives. We still have a lot of work to do on this front, too—our Cybersecurity Initiative is in D.C.—but having Megan opening New America CA in the San Francisco Bay Area is helping us at least bridge the geographic gap specific to cybersecurity.
Eli Sugarman: If, through your efforts and those of others, we’re able to achieve more gender balance in the cybersecurity field, what does that get us? What could the field accomplish that it can’t now? Would we be more secure?
Megan Garcia: If we want women to buy and use cybersecurity products to protect their passwords, secure their networks, and keep their data safe, women have to be a part of designing those products. And similarly, if we’re creating cybersecurity policies that we hope will keep women and kids safe, we’ll all be better served if we have women at the table crafting those policies.
The other thing that cybersecurity executives tell me all the time is that we have a huge workforce shortage. ISC^2, the IT certification organization, says we’re going to be short one and a half million cybersecurity workers by 2020, which is an astounding number when you consider how well many of these jobs pay. By increasing the number of women in the field, we help meet the demand for cybersecurity workers.
I think its important to remember that a having a cybersecurity job doesn’t necessarily mean that you’re sitting by yourself in a hoodie coding all night, which is the stereotype people have. Cybersecurity is an end-to-end business that requires people to do marketing, sales, business development, communications, design, and a host of other things. So one big barrier to women getting into the field is realizing the breadth of jobs available, which is something we’re working on, too.
Eli Sugarman: A huge amount of money is being spent on cybersecurity each year—but that money is siloed, earmarked for addressing needs identified by governments, or to safeguard individual companies’ networks, to a large degree. The funding we are doing through our Cyber Initiative is tiny in comparison, but we hope to make a difference by fostering more cooperation among government, industry, civil society, and academia to better serve the public interest. For us and other interested funders, what role can philanthropy play in improving policy responses to cybersecurity challenges? How would you advise us to invest our resources?
Anne-Marie Slaughter: Cybersecurity companies are growing at an astounding rate because there is so much being spent to secure networks and keep businesses up and running despite cyber attacks. Traditional large technology companies are developing cybersecurity branches and smaller companies are starting up to meet that need. Where money isn’t being spent is on the tough questions about what shared norms should be among countries in cyberspace to ensure we don’t escalate cyber conflict, how to balance companies’ control of massive amounts of data with governments’ desire to use that data for various purposes, and even fundamental questions about who really owns all of the data each of us creates every day.
It’s no surprise we find ourselves in this situation—massive changes in technology, society, or the international system require an equally large investment of time, energy, and money to make sense of a changed world. Governments, companies, civil society, and foundations all have a role to play in answering those questions in the new digital age