SAN FRANCISCO – Tiffany Rad is turning the gender stereotypes in the software industry on their head.
Rad is a white hat, a hacker who specializes in looking for security holes so they can be fixed. The attorney turned her computer hacking hobby into a career in 2008, when she submitted a research proposal to an underground security conference in New York.
Rad’s talk there propelled her into the industry, and she is now manager of threat research for ThreatGrid, a specialist in malicious software analysis that Cisco Systems bought in May.
To be able to present at these conferences has been fantastic in jump-starting my career, said Rad, who speaks regularly at security industry events and has worked for top cybersecurity companies.
Now I meet many more women doing the same.
Over the past decade, women like Rad have become increasingly prominent in white hat roles at technology companies, including Apple, Microsoft and startups, reflecting the rising profiles of females throughout the security-technology industry.
Several have taken leadership positions, including Heather Adkins, who joined Google in 2002 as one of the founding members of the company’s security staff. She now manages the team that responds to hacking attacks against its corporate networks.
Women outnumber men in the specific jobs of analysts and advisers working on preventing breaches and strengthening technology defenses, according to 2011 and 2013 studies from the International Information Systems Security Certification Consortium, or ISC2.
Female attendees at security conferences have also risen to hundreds or more at key events such as Black Hat and DefCon, from nearly none 15 years ago.
But that contrasts with trends in the larger technology industry, where 74 percent of U.S. workers in computer and mathematical occupations last year were men, according to the U.S. Bureau of Labor Statistics.
Silicon Valley companies including Google and Facebook have been embroiled in a debate over the shortness of female employees, releasing data showing that women make up less than 40 percent of their workforces.
In the early days of hacking conferences, it was really rare if there were maybe a couple of women involved who were credible and knew their stuff, said Jeff Moss, who founded DefCon in 1992 and Black Hat in 1997 and advises the U.S. Department of Homeland Security. Nowadays, there are too many to mention.
Helping to drive the rise of female white hats is the meritocracy of security technology conferences, where participants present papers and discuss flaws in code.
That helps show their chops immediately, as opposed to other technology gatherings where companies hawk their wares and don’t give attendees opportunities to discuss their findings.
Female trailblazers also have helped set an example for counterparts, who are entering the industry as mounting concern over cybersecurity lures a rush of investment and creates jobs.
In total, the security industry will top $85 billion in worldwide revenue in 2016, up 68 percent from $51 billion in 2010, according to Gartner Inc.
The number of women in leadership positions in security is growing dramatically, said Julie Peeler, director of ISC2’s foundation in Clearwater, Florida.
In the security industry, you are judged on your skills alone, said Nico Sell, a DefCon organizer and chief executive of Wickr Inc., a San Francisco company that makes a smartphone application for sending encrypted messages.
This offers an opportunity for smart women, because there is no denying your talent, she said.
The security industry still suffers from some of the same gender disparities as the rest of the technology world. Women make up just 11 percent of information security staffs worldwide, according to the ISC2.
Of the 80 biggest publicly traded security companies worldwide, only one has a female CEO, according to data compiled by Bloomberg Rankings.
Eva Chen, a University of Texas-educated MBA and master of management information systems, co-founded and worked in senior positions at Tokyo software maker Trend Micro Inc. for 16 years before becoming CEO in 2004.
Yet at the white hat level, there are now more women following the trajectory of Google’s Adkins.
The 37-year-old got into security while working as a systems administrator in the late 1990s, when the first waves of mass Internet attacks forced her into online hacker forums to obtain information.
The forums were initially swamps of sexism where people would refuse to engage in technical discussions, Adkins said. She picked a neutral-sounding screen name so she could avoid being discriminated against.
At the time, it was notoriously gender-biased and confrontational, Adkins said.
Today, she sees more respect for women’s technical skills in security. While she still encounters biases, – at conferences that she attends with her fiance, she said, some people assume she’s just the wife – such incidents have become less common.
People have moved on, and it’s more inclusive, Adkins said.
Rad, the ThreatGrid manager, said that since she entered the security field in 2008, she has had many opportunities.
She was part of a team that showed in 2011 how hackers could open and close security doors, suppress alarms and manipulate video-surveillance feeds inside jails and prisons – without ever setting foot on the properties.
She also worked until this year for Russian antivirus software maker Kaspersky Lab and until 2013 for Battelle Memorial Institute, an Ohio research organization where her job was finding ways to hack into automobiles.
Prejudice still appears toward female white hats in small ways, she said. While waiting in line to get her speaker’s badge at a conference several years ago, Rad said, she was told to go to the press line by someone who assumed she was in the wrong place.
Still, she sees more women getting into the field. For the past decade, Rad has taught a class at the University of Southern Maine on information-security law and ethics. During the first two years, there were no women students.
Now, almost half of the class is female.