Where Are All the Women Cyber Lawyers?
As the cybersecurity field grows and the demand for counsel increases, there are still too few female cyber lawyers. Here’s why that matters.
Blog Post
July 7, 2016
A version of this article first appeared in Big Law Business.
It was 2007, and I was working as the chief staff counsel for Barack Obama’s first presidential campaign. We were in the middle of the hot summer primary when I was informed that we had a data breach. That turned out not to be true, but the weeks I spent unearthing the facts and running down issues with law enforcement, our vendors, and our IT staff, were some of my most fascinating. It was the first time I had encountered, “cybersecurity,” and I was hooked. After the campaign ended, I knew that I would to return to this field. And I did — with positions in the federal government, civil society, and now in private practice.
I found the field at the right time. Cybersecurity is booming — the market is expected to reach $170 billion by 2020 — and that means a growing demand for legal services. Law students are not only enrolling in classes dedicated to cybersecurity, but law schools now offer whole programs dedicated to the field. And of course law firms are responding to the demand for counsel by building or expanding their cyber practices.
But there’s a troubling dimension in all this growth: too few women lawyers joining the ranks. And that’s a problem — both for women looking to develop interesting careers, and for addressing cyber law and policy challenges with the necessary diversity of perspective.
With only 10 percent of women making up the information security workforce, there is a severe shortage of women in cybersecurity generally, and cyber law specifically. Anne-Marie Slaughter at New America is leading the effort to fix that, and she attributes part of the reason for the gender gap to the stereotype of cybersecurity as a profession for hoodie-wearing techies and macho military wonks, neither of which are inviting to many women nor do they accurately describe the field. Cybersecurity is a broad field involving a wide range of professionals — from sociologists and venture capitalists to bug bounty hunters and policymakers. In the cybersecurity legal field, the lawyers with whom I work are creative problem-solvers with acute attention to detail and deep analytical skills. Technological proficiency and national security expertise, while helpful, is not required, and more importantly can be attained even at a later age. And since cyber law intersects with so many other practice areas — intellectual property, litigation, and trade, just to name a few — there are various entry points to building a cyber practice. There are already too many challenges facing women progressing in their legal careers (see here, here, and here) for false stereotypes to hold us back from good and interesting cybersecurity jobs.
And not only do these stereotypes harm individual careers, they also make it harder to address the cybersecurity challenges we face. One lesson of the last few years is that securing our companies and our families from cyber attacks is not something that will come through military might or security tools alone. Rather, it will take major shifts in law and policy, evolving international norms, and even altering our everyday, individual behaviors. Cybersecurity is something everyone needs to care about, and feel a responsibility for. If the field excludes half the population, it will be a lot harder to get everyone to care. So whether the motivation is bringing women into a hot legal practice or broadening our understanding of what it will take to solve our cyber challenges — re-imagining “cybersecurity” as a field that is more than just a lone man behind a computer will benefit us all.