Interview with DarkOwl’s Sarah Prime and Alison Halland

August 26, 2022

In honor of Women’s Equality Day this August 26^th, DarkOwl looks at workforce equality efforts within the cybersecurity industry and in our company by interviewing our Chief Business Officer, Alison Halland, and Director of Product Technology, Sarah Prime. DarkOwl is committed to building a balanced workforce which informs our efforts to create the most effective and talented team possible.

Background and Statistics: Women in Technology

Efforts to change the makeup of cybersecurity which traditionally has been male dominated have been embraced across the industry. Companies, organizations, and the government have taken notice. Organizations such as CISA (Cybersecurity and Infrastructure Agency), headed by Jen Easterly, are making efforts not just to hire women but also to highlight and empower them. Women will play an important role in supporting the demands of the industry – which is in dire need of more human resources. In fact, it has been estimated that just this year, the industry would need to grow by 65% effectively to defend organizations’ critical assets.

Despite impressive efforts underway by all types of institutions such as Women in Cybersecurity (WiCys), there is still a gap. “It’s not just women, but it’s all types of diversity. Whether that’s neuro diversity, diversity of gender identity, of sexual orientation, of race, of national origin,” Easterly said.

A 2021 article published by the US census bureau reported that although women make up around half of the U.S. workforce, they comprise only about 27% of STEM workers. However, this is not to say that women are not earning degrees in STEM. A report published in April 2022 claimed that while women earned almost half of the bachelor’s degrees in STEM, there is a large disparity across fields. Women earn the majority of bachelor’s STEM degrees in life sciences, psychology, and the social sciences. But, they made up only a little over a quarter in math-intensive fields. However, women holding STEM bachelor’s degrees may be a poor indicator of how many women will end up working in STEM-related industries because the ISC² 2021 Cybersecurity Workforce report finds that pathways to cybersecurity are changing.

While an IT background is the most common route, a little over half of cybersecurity professionals started outside of IT. 17% transitioned from unrelated career fields, 15% gained access through cybersecurity education, and 15% explored cybersecurity concepts on their own. [Source]

Figure 1: Participants Pathways to Cybersecurity Careers [Source]

---

Interview: Thoughts on Being a Women in Cybersecurity from Two Members of DarkOwl’s Leadership Team

To commemorate Women’s Equality Day, DarkOwl’s Junior Darknet Analyst and Marketing Contributor Molly Bocock sat down with Sarah Prime, Director of Product Technology and Alison Halland, Chief Business Officer for a candid interview about working in the cybersecurity industry.

Editors Note: Some content has been edited for length and clarity.

The ISC² 2021 Cybersecurity Workforce report finds that pathways to cybersecurity are changing. An IT background is the most common route, but around more than half of cybersecurity professionals started outside of IT. 17% transitioned from unrelated career fields, 15% gained access through cybersecurity education, and 15% explored cybersecurity concepts on their own.

Molly: Tell me about your background and your journey to where you are now – did you know you always wanted to be in cyber?

Sarah: The short answer is no, I had no idea I wanted to be in cyber. I didn’t know what the darknet was when I started working at DarkOwl. I actually started my career in the educational publishing industry. I started developing simulation and e-learning products and found that I really liked it. In my next job I transitioned to developing software products full-time.

Then I moved out to Denver and joined a start-up that was literally working out of a garage and that company had a very innovative idea and needed help building a product that would help their really talented cybersecurity analyst team do more and better work. And ultimately that company became DarkOwl.

That’s how I got here today. 8 years later I feel like my mission in this world is to help expose what is happening on the darknet so criminals don’t have a place to hide, and preserving what the darknet is in terms of privacy for people who need it. I do find it a very rewarding industry to be in because it feels like you are contributing in a small way to making the world a better place.

Alison: Like Sarah, I did not think that I was going to end up in cyber. I started my career in finance and was working in Boston for a company that grew exponentially and ended up going public and then the financial crisis hit, so I went back and got my MBA at Dartmouth. After that, I knew I wanted to make an industry change, but I just couldn’t put my finger exactly on what industry I wanted to go to and was conflicted about it. So, I made a geographical change and moved to Denver with the hopes of figuring it out when I got here.

After staying in the financial sector for my first role out here, I then found myself working independently and consulting for security companies with cyber angles. I was really intrigued by the industry, specifically how innovative it was, how fast it was moving, and the different personalities it attracted. I had come from the very traditional finance industry in New England where everyone looked the same and acted the same, and there was a piece of edginess and this “as long as you could cut the mustard” attitude in the cyber space that I thought was really interesting. Lo and behold I ended up at DarkOwl and have now been in cybersecurity for 6 years.

The same study from ISC² reported that fewer women (38%) came from an IT background than men (50%). Women have higher rates of entry from self-learning than men (20% vs. 14%) and pursuing cybersecurity education to land a job (20% vs. 13%).

Has working in this field dispelled any misconceptions you had about your own abilities or interests?

Alison: I don’t think so. One thing you learn as you progress in your career is that there is an appetite for all skill sets across almost all industries. My exact skill set definitely doesn’t scream “cyber” in the traditional sense; however, I have been dedicated to learning the space and there is always the need for clear communication about our technology, defining the strategic directions, contract negotiations, understanding specific client’s use cases, and the list goes on.

Sarah: Yes – there’s the “hacker in the hoodie” contingent of cyber but there are also so many other opportunities. I am not a hacker in a hoodie. Cyber needs product people, cyber needs marketing people, cyber needs business people, and it’s a really interesting cross-section of backgrounds and I found that community to be really welcoming of different perspectives and ideas and innovation.

Alison: I also think there is this altruistic angle in cyber that feels really good to be a part of, and I don’t know that all industries can say that. Cyber has an appeal and a reputation that is well-deserved in many regards to the innovativeness and by having these incredible products that, like Sarah attests to, can keep us all safer and make sure that we’re doing right by both our clients and our company.

Sarah: It’s less so about what gender you are and more so about what ideas do you bring to the table, and are you doing a cool thing and let me hear about it. I found that to be really supportive and encouraging.

An earlier study by ISC² found that women in cybersecurity tended to be younger, were more likely to hold post-graduate degrees, and were more motivated to earn certifications and degrees in the field. It also reported that that 17% of women said they earned U.S. $50,000 to $99,999, which is 12 percentage points less than men at 29%. They are closer in representation in the $100,000+ range (16% vs. 20% of men). [Source] The more recent study from 2021 noted that participants who had earned at least one cybersecurity certification made about $33,000 more in annual salary than those that hold none.

Can you talk about your professional development? What courses or certifications would you recommend? What advice would you give to a woman who is at the entry-level in the cybersecurity industry? 

Sarah: I think that there are a lot of different opportunities within the industry as we were talking about. Some of my professional development has been around product development, product strategy. I recently completed a course out of Northwestern University around product strategy. Some of the certifications that are more traditional cyber-security focused that have been really impactful to members of my team have been the Certified Ethical Hacker as well as the OSCP. 

Alison: My advice to anyone early in their career would be to ensure that they are thinking about the path they are headed down and to realize that any learning you do in a specific role, whether its technical knowledge or business sense, are learnings that you can take with you wherever you go. No one can take that learning away from you, and will only make you stronger as you progress within your career. Lastly, I would remind them that no one cares about your professional development more than yourself – so don’t lose sight of that and ask for what you need/want.

The data from the 2021 Cybersecurity Workforce study from ISC² suggests that a reliable estimate of women in the cybersecurity workforce globally remains at 25%.

What is it like as a woman working in the cybersecurity industry?  Are there any challenges or advantages to working in a male-dominated industry?

Alison: My experience in the cyber industry has been pretty heavily concentrated at DarkOwl. That being said, I feel empowered and enabled here. I think we have a unique scenario where we not only have a lot of females on the payroll, but have females with tenure and historical knowledge which is invaluable to DarkOwl. I’m really proud of that and I love working internally with everyone male and female alike. Its very much a norm at DarkOwl — to see females across all departments —but I don’t want to sugar-coat the fact that it’s not like that in the industry at large.

Sarah: I echo that 100 thousand percent. I find myself very fortunate to work at DarkOwl, we work with a lot of smart women, and we have an above-average number of women on staff. Our goal is to have gender equality in terms of our workforce and we’ve hovered somewhere between 35 and 40 percent. We want to increase it. But absolutely, you see traditional mindsets across this industry, you could see it in larger companies, and you certainly see it in the make-up of executive teams and boards where its very male dominated. Sometimes it is very obvious being the only woman in the room.

Alison: Speaking of being the only woman in the room, I was just reminiscing about this year’s Blackhat Conference, which I just returned from. For DarkOwl it entailed three days of back-to-back meetings in our executive suite and I was the only female in every meeting both on the DarkOwl side, and on the client side.

The good news is that I didn’t feel marginalized in any way but it does emphasizes the reality that there are not a lot of females at the executive level within the cybersecurity industry. So, its apparent to me that there is still a huge gap and a lot of work to be done.

Sarah: I had a meeting at a big company in Silicon Valley several years ago when DarkOwl was first starting. I was presenting with our CEO, and we had 20 people in that meeting from the client side. 15 of them were men and they were seated at the front of the room and the 5 women were in the back. The client introduced all of the 15 men by name and then said “and there’s the rest of the staff back there” who were all women.

In some ways experiences like these inspire me to be better, to achieve more, and to work harder because I want to pull someone up. I want to be a model for someone else — that’s really important to me personally. Bringing up people behind me, to reach your hand down and pull someone up. I think that the world is trending in the right direction. It is a great time to be a woman in the cybersecurity industry. Companies want to hire women; companies want to close that gap. There’s immense opportunity in this industry. The industry is focused on it, and there are groups like Women in Cyber doing amazing work to close that gap.

The 2021 study by ISC² had fewer female participants, because “this year our response base included higher participation of professionals holding formal cybersecurity roles, which are more frequently held by men than women.” Chadra McMahon, who in March 2022 was the only woman to serve as the CISO among the top 10 largest companies nationwide, has said that “Cybersecurity is not well understood as a career or as an opportunity.” Therefore, it seems that how “cybersecurity” is defined can influence how many women are reported to be working in the cybersecurity workforce.

What do we not understand about cybersecurity as a field and its job opportunities? What does cybersecurity mean to you?

Sarah: I think a lot of people think cybersecurity is about pen testing and forensics, and I would say that there are so many more opportunities. There are research and intelligence tracts, there are OSINT tracts, there are darknet tracts, there are social engineering tracts, and there are a lot of different specializations. You can do all of them, you can do any of them. There’s a lot of data science and software and programming work in cybersecurity. It’s a very innovative field and there are a lot of opportunities. Again, its not just a hacker in a hoodie in a basement somewhere.

Alison: People sometimes think of “cybersecurity” as something very abstract and high-tech, but I actually think of it as something really familiar that we interact with every day. Cybersecurity impacts every single individual in every single company. There is no one that is above it or beyond it in the modernized world. I think its pervasive in a good way. Every company has to think about it. The industry is huge, and its experiencing explosive growth in a thousand different directions, so jump on it and find your path!

Sarah: There are so many different paths you can take within cybersecurity. It’s really exciting and from that standpoint really cool. What does cybersecurity mean to me? It’s helping secure the modern world. The way that everyone does business, the way that everyone communicates— all of that is digital, all of that is through computers. For example, the three of us are in different spaces right now. There’s a new way of working and being in the world and cybersecurity is making that connected, safe, secure, and just helping people to live safely.

Alison: Like Sarah said, there’s so many different avenues you can go in cyber. Whether you’re at a company that is trying to solve a specific cybersecurity gap across multiple industries, or one that provides innovative solutions for the cybersecurity industry itself. Cybersecurity technologies are only going to continue to be more and more necessary, and from that necessity comes innovation – which often attracts great talent.

Figure 2: The Most Important Qualifications for Cybersecurity Profressionals (Non-technical Skills and Attributes) [Source]

Alison: Molly, I would ask a question of you. When I was in college, we didn’t even talk about cybersecurity as an industry. What do people think of it coming out of college now? Do they think of cybersecurity in the stereotypical sense, i.e. as a very narrow highly technical field, or do people think of it more broadly, like I do?

Molly: It’s a mix of both. People who are less familiar with STEM in general, I’m thinking of the people who tried to avoid it like the plague since they were young and thought “I hate math I’m never going there.” They think of cybersecurity as very “hacker in a hoodie.” People who are in business have a broader perspective. They realize the business opportunity; they know that every business has to have different departments like HR, marketing, and sales — they understand that. Younger people are seeing cyber as an opportunity to move into but they’re still hesitant. People think “oh, I’m not good enough, I’m not there, I don’t have what I need, I’m going to fail there because I didn’t study computer science when I was in undergrad so I don’t have the hard skills they want.”

Sarah: Yes, and I hope we can change that. As Alison said earlier it’s going to take work to change some things, but I hope we can. I find the most successful people in this industry are  multi-disciplinary. They have a lot of skill sets and they have a lot of soft skills. There’s no way you can think like an attacker if you are too narrowly focused. You need critical thinking skills and you need collaboration skills.

Alison: I think that cybersecurity, more so than other industries, is forward-thinking in accepting non-traditional employees. I think the appetite for openness in the cybersecurity industry, and this is just anecdotally, is a little bit wider than in other industries.

Sarah: Attackers work in groups. They are not one person. These big nation-state entities, these big APTs, are collectives. They have multiple skill sets. So the good guys also need to work in teams, to be able to work with other people, and to bring different skills to the table. And those skills are not just math or hard tech skills. It is really about collaborating. The best people are able to work in very out-of-the-box ways.

To bring this back to the point of the interview, I think women have a lot of those traits, culturally. I think that women bring a unique voice to this and can bring their tech skills and some of the other really critical skills like collaboration, like communication, like critical thinking, to the table and be really successful in this field. As long as you are doing good work, there’s room for you in this industry.

Alison: Right, exactly.

Key takeaways from Alison and Sarah’s perspectives:

Anyone who is interested in the cybersecurity industry has a strong chance of being able to find a role that suits them. While companies and institutions are putting more resources towards addressing the gender and representation gaps in cyber, those gaps still exist. Therefore, the company makeup of where you work can have a very real impact on your experience in the field, especially if you are in the minority of the workforce.

As an industry, cybersecurity is forced to embrace change given the nature of the field. Cybersecurity’s welcomeness to innovation makes it more open to changes, such as seeing more women in the field, than perhaps other industries are. In the experiences of Alison and Sarah, people are accepted based on the quality of their work and there is an open invitation to explore new projects and ideas – which are also necessary to evolve with the sophisticated threat actors we face. Individuals should not discount themselves from working in cyber. A wide variety of skillsets are needed to address present and future threats; Multi-disciplinary workers have an advantage, and learning opportunities and professional development can always be cultivated – especially when you partner with organizations that prioritize the employees growth.

---

Looking for a career in cybersecurity? DarkOwl is hiring! Check out our open positions here.