This month I made a startling realization, it is women and not men who are leading the way in securing human behaviors. For those of you who are new to the information security world this is a big deal, traditionally information security is filled by men. For example if you attend a security conference or work with an information security team you can have 40 security professionals in the room and only 5 may be women. The field of security awareness is bucking that trend, and in a big way. For example, I teach a two day class on how to build, maintain and measure a mature security awareness program. On average the class is half women and half men. Even more telling are the two Security Awareness Summits that SANS is hosting, one in London on 10 July and another in Philly on 19 August. Out of these two summits, we have a combined total of 15 speakers, of which 11 are women (73%). This was not plan or intended, in fact its been two months after the speakers were confirmed when I just realized this.
Effectively changing and securing human behavior / culture is ultimately about communications, emotions and numerous other soft skills. I'm not sure if women are better at these skills or just more interested in them. Regardless of the reason why, it is exciting to see that women are leading the way in the world of securing the human.