Black Hat USA 2021: Improving gender balance in IT security teams


When the small Israeli startup Javelin Networks was taken over by Symantec in 2018, not a single woman worked there. The team looked for reasons for this imbalance – and for ways to better address potential applicants, “pick them up” and integrate them into the team. In the meantime, the proportion of women in the former Javelin Networks team has increased to 50 percent. This was reported by Omer Yair, team leader, and Orayn de Paz, reverse engineer and developer, in a lecture at this year’s Black Hat USA.

The two shared how they were able to recruit more women and the positive effects the measures taken have had on all employees. Yair named den as a source of inspiration for meaningful changes in the application process Artikel “How to Attract More Women (and not the way you think)” by Moran Weber. The Black Hat USA IT security conference will take place until Thursday, both on-site in Las Vegas and online.

Parallel to the online stream of the lecture, a conference participant with responsibility for personnel spoke in the chat. He reported that in an effort to consider applications from women interested in the same way as those from men, he often waited in vain for the former – with the result that positions remained unfilled for a long time.

The Israeli team Yairs has had similar experiences. It looked specifically for the well-known rarer, qualified candidates on platforms such as LinkedIn, and asked women in tech communities to pass on information about vacancies to potential applicants. As a result, significantly more women responded to job advertisements.

When investigating the cause, Javelin (now a subsidiary of Broadcoms) recognized that women often tend to underestimate their abilities. Since self-confidence is usually just as important as competence on the path to success, less confident applicants (and especially applicants) have worse cards from the outset or would not even get in touch.

The team found, for example, that women – with the same expertise and work experience – applied significantly more often for the “worse” of two advertised positions. Solution: Jobs are assigned to all applicants based on their qualifications, regardless of the position for which the application was formally submitted.

As a further measure to give competence in the application process priority over self-confidence and to reduce stress, applicants are given a “homework”. They can use it to prove how well they can cope with typical tasks without any competition or excessive time pressure. And last but not least, the character as well as the will and the ability to learn and leave your comfort zone play a decisive role in the assignment of a job.

The team has also changed a lot in day-to-day work. The aim was to create a safe and supportive learning environment in which asking questions and sharing knowledge are a matter of course and in which a lack of self-confidence can develop.

The measures from which all employees ultimately benefit include, for example, the granting of a longer introductory phase in order to gain knowledge that is still lacking, pair programming and weekly “learning hours” in which everyone can learn according to their wishes and needs. In lectures for further training purposes, one should also pay attention to gender diversity.

(Image: Black Hat USA)

Many of the improvements ultimately benefit both men and women. For example, longer periods of absence are a real and not only tolerated option – as part of maternity protection and parental leave, but also for longer, unpaid leave or in the event of death. Thanks to a more relaxed working atmosphere, there would be fewer cases of burnout and overall greater efficiency. At the same time, many men ultimately felt more comfortable because they renounced “typically male” activities in the company and the associated clichés.