Information Systems Security consultant since 7 years, Diane Rambaldini agreed to answer our questions and give us her point of view on cybersecurity sector and women’s place in it.
Can you tell us more about how you got to where you are today?
I’m going to start by saying that I love auto racing! I can’t do it as much as I’d like to but I do manage to make time for cardio workouts as they’re great for staying in shape. Essential for keeping your brain cells happy…
Besides that, I am a businesswoman in the field of cybersecurity. This had never been in my plans because since the age of reason I had only one obsession: to become a police chief. I was actually very proud of myself because I had a calling, unlike so many of my classmates who spent a long time trying to find their way. And so, I took up law studies at the University of Assas in Paris with an emphasis on public law, criminal law and criminology. I then finished up with a preparation course for the competitive exam at the Institut d’études judiciaires (Institute of Judicial Studies) and a Master’s in law and security strategies, the master’s program followed by officer-aspirants who wish to join the National Gendarmerie. But I soon learned that nothing was set in stone!
Not only did I fail the exam but a harsh reality set it: I realized that in the way their selection process is set up, civil servant examinations do not leave much room for inner callings or entrepreneurial spirits.
Nonetheless, I saw the failure as one closed door that leads to another one opening and thus a new opportunity to better assess the obstacles I had to overcome.
What helped me move on from my disappointment was a 110-hour course on economic intelligence that I took as part of my Master’s degree at the IERSE (Institute of Studies and Research for Business Security) military school. It was a real life-changer. The year after, I decided to enroll full time in the 10th academic year. I obtained a degree in business safety and security engineering and a Master’s degree in crisis and risk management at Sorbonne University in Paris. I couldn’t allow myself to mourn for the loss of my first career choice and my desire to serve my country. And so, I soon came to understand that working in economic security for companies was an essential subject to the workings of a nation. This new perspective seemed to match well with my personality and ideas.
What made you specialize in information systems security and cybersecurity?
Just one of life’s unexpected turns! At the end of my studies, I became a task force director at IERSE, which propelled me to an internship in the Security Solutions & Services division at Thales. Fully immersed in talks about the sacrosanct concept of “global security”, the department I joined was eager to integrate me into their team because my profile had, up until then, been focused on risk management and economic intelligence and seemed to be a perfect fit to round out the other technical profiles they had in information systems security.
Diving into this universe felt like diving into icy waters after a warm sauna!
I was seized by the urgency to integrate non-information and non-digital security risks into operational and information risks as I had learned about up until then and by the desire to confront my next challenge. I soon understood that the only way to make progress in this area was to quite simply plunge myself headfirst into the field of IS security and even IT. It would have been like launching an incriminatory investigation…
I was able to do this by putting a lot of personal effort into my work and choosing ISS projects. Most notably, I participated in projects abroad in which I was able to follow security procedures from A to Z over the course of several years. These projects are extremely well-structured and enabled me, in just a few years, to gain an overall view of such a procedure, something that so few consultants have the chance of doing.
Then, as a personal test, I decided to take the Lead Auditor ISO 27001 exam.
However, I see myself as gaining experience more in the area of consulting and training in information risk management rather than as a specialist at the heart of ISS, which for me is a term that conveys more of the “how” rather than the “why”.
Tell us a little about Crossing Skills, the online platform you created.
Crossing Skills is the name of a platform I created 3 years ago. Based on existing methodologies and my own mark and vision, I designed this platform dedicated to risk management processes. It is sort of my guiding thread.
Its activities include providing consulting and expertise and managing the platform called Agora of Cybersecurity. Agora was designed to become the marketplace for cybersecurity and to connect cybersecurity providers with professionals seeking those products and services. In addition to the directory it offers, its real added value lies in the indicators for decision-making that it offers future buyers and SME directors in order to help them make the best choice. Today the online platform is a minimum viable product. What we are busy working on at the moment is creating an exhaustive reference list of providers. In order for SMEs to gain access to cybersecurity, we must also create attractive and specific offers through plainly discernible marketing approaches. Therefore, we also offer marketing assistance to cybersecurity providers. That is what we did for Hexatrust.
As a woman, have you come across any obstacles working and moving up in the field of information systems security and cybersecurity?
If you will, I see your question as two-pronged. Have I been discriminated against as a woman when it comes to moving up professionally? And, in general, are women discriminated against in this sector?
As for me, the answer is no. Up until now I have not had any difficulties being a woman in my field of work, at least none that I know of. Then again, I don’t know much about what goes on behind my back when it comes to wages, pay raises, recruitment and the like. However, I must insist on the fact that I set up my business quite quickly. So, my experience is a bit different. The question that I would ask myself is if a man would have run into the same obstacles that I did if he had taken the same path. I think so. When I was a full-time employee, however, I noticed a gap between the people with predominantly technical profiles and the others. I have in fact experienced some unpleasant work situations as a woman, although these experiences have never been directly related to cybersecurity nor have they prevented me from moving up.
As for whether or not women encounter more difficulties in this specific sector, that is a good question. Let’s ask a significant sample of women working in the sector that same question.
Why do you think men continue to dominate the sector of cybersecurity?
I’m quite hesitant to put things in that way. Nowadays, we have to be cautious with the meaning of words. Are men who work in ISS waging a campaign against women to firmly block all access routes for them? Frankly, I do not think so. However, I understand that you are asking this question because of the numbers when it comes to the representation of women in the field.
Although the under-representation of women in cybersecurity seems undeniable, it would be interesting to see in how many job positions this occurs.
- Are we talking about predominantly technical jobs or all jobs within cybersecurity?
- Are there more men because a sort of male-dominated caste system exists in the sector or are there more men by default because women are simply fewer in this sector?
- Are there more men in engineering schools and in university computer science programs? If the answer is yes, then does that mean that there are more men in scientific fields? And can we say that this trend starts in middle school?
- Are boys rather than women more attracted to mathematics, physics, chemistry and computer science?
- Haven’t certain jobs been associated with a specific gender since the beginning of time? Don’t social behaviors mold what girls and what boys are supposed to like and not like?
In my opinion, we need to tear down ancestral stereotypes and social wiring rather than point fingers. From a sociological viewpoint, we know that there are real concerns about the place of women in society today and questions surrounding the established order because current events give us examples every day. However, don’t you think that this imbalance is inherent to our sector?
How can we encourage more women to choose a career in information systems security and cybersecurity?
The real challenge lies in making sure everyone has the freedom to choose, in other words, the freedom to do or not do to something.
This is my personal opinion but, perhaps by looking at this subject through the lens of equality and parity, are we not distorting it? I have a very hard time identifying with this quest for over-the-top uniformity and eradication of distinctions so that everyone fits perfectly into a specific Excel row within the broad social spectrum that is imposed on us to unify our thoughts.
Women should be able to carve their own paths to job positions in ISS or to be able to start new careers in this sector. Women should be free to follow their own career paths without prejudice, whether that be a path that leads them to the highest corporate ranks or to become a stay-at-home mother.
This freedom to choose needs to be available on different levels and naturally starts in schools and in the minds of people.
We hear a lot of talk about teachers but let’s also talk about all educational staff who work with children. Do we give the necessary tools to information and guidance centers and to psychological guidance staff in schools so that they can accurately portray our career? Are cybersecurity and the digital sector sufficiently represented in the national education system—an institution that is so complex due to its imposing structure, central role in society and wealth of human resources— to provide information about the job opportunities in computer science, information security and new careers in data? Can we be sure that this information is given without placing a gender bias on these careers?
I can understand why the education machine may not always keep up with the times, but the staff whose role it is to help children build their life projects must be able to keep up with the times and anticipate changes. Otherwise, we will still be complaining about the shortage of ISS experts in 20 years’ time. We have to remain alert now more than ever in this world where the pace and technological development of cycles are set at the same high speeds. We need all the energy we can muster.
Aside from that, opening up cybersecurity to women means first talking to key players. Associations can strongly contribute to this. For example, the ISSA International has created special work groups, including “Women in security”, whose goal is to develop female leadership on a global scale. Mobilizing women in the field will help to attract other women. I’m completely in synch with Emmanuelle Duez, the founder of The Boson Project, when she asserts that in order to see results, men also have to get involved.
The place of women in cybersecurity should be a project led by both women and men.
Like any other project, there is a socio-dynamic analysis to carry out on synergies and antagonism. Let’s start with the allies of the project. Let’s promote the men who are committed to this fight. In the setting of associations for example, we should take advantage of their experiences to try to understand and even resolve difficult situations.
What strategies can companies implement to attract women and integrate and retain them in the sector?
When the executive team of a company decides to integrate and retain women in its workforce because they have decided to do so themselves and they consider this to be one of the company’s values, then they will always find a way to implement their decision. Companies will do this by sponsoring this project and by integrating the proper indicators in processes and not by imposing quotas. At ISSA France, which I co-founded, this is a subject that we are concerned with. For example, for Security Tuesdays (monthly after work get-togethers), we don’t strive for gender parity in numbers but we do make sure that all the women in our network have been well informed of the event. This should become a regular reflex.
What advice would you give to women who aspire to work in the cybersecurity sector?
To answer this question is to come full circle on what I was saying before. We are in the 21st century and men and even some women continue to harbor and are even rebuilding opposition to the place of women in society. We don’t have to search long to find an example of this. For instance, on March 1st, a Polish member of the European parliament stated during a parliamentary debate, and I cite “women should be paid less because they are weaker, smaller and less intelligent”. Right! Just because I’m outraged doesn’t mean I’m going to waste my time trying to convince him otherwise. At this stage, it’s a lost cause. Let’s not waste another second on it.
However, what I’m interested most in is uniting with men and women who defend women’s place in society. I’m also interested in working with indecisive people who are raising legitimate questions and feel dependent on a fairly closed environment that has developed within the confines of stereotypes. My first piece of advice then is to surround yourself with allies: friends, networks, associations. This will enable you to tip the scales and avoid being conditioned by current events and their backwards pull.
Then, regardless of what people say, there are a number of locks that women need to unlock.
A significant number of studies have shown that many women have a tendency towards self-censoring. I personally feel this. Nevertheless, and without trying to be an armchair psychologist, I think that self-censoring does not necessarily mean self-trivialization. Women are mainly the ones who take care of the children, go grocery shopping and manage the household and so I have the impression that women are anchored in living in the present and what is real. And I wonder to what extent that does not affect the projections they have of themselves and, as a result, of their ambition and motivation. My second piece of advice is quite simple: dream big! Don’t be afraid to envision the future you want.
My third piece of advice would be to capitalize on your strengths and to listen to the compliments men give you.
Some of the most frequent compliments that I have heard about women are that they are “more conscientious, more loyal to commitments, more hard-working, by far better listeners, void of misplaced pride and more inclined to question themselves”.
These qualities should be developed and highlighted because if everyone, especially in business, had more of these qualities, then maybe the world wouldn’t be so bad off. Don’t you think?