With at least one million cybersecurity job openings in 2016, why do women make up only 11 percent of the information security workforce? Breaking the traditional notion of a male-dominated industry, the ABA Section of Science & Technology Law (SciTech) is highlighting women who are using their passion for technology to shape the next wave of innovation. These inspirational leaders share their views on key legal risks facing cybersecurity professionals, finding work-life balance, and opportunities for distinction.
Key legal risks in cybersecurity
Notably, the strong female presence at the SciTech Section’s 2016 Internet of Things (IoT) National Institute on March 30-31 in Washington, D.C., is a testament to the influential role women will continue to have on technology and law. As noted by Cynthia Cwik, Chair of the SciTech Section:
A common theme echoed by the female speakers at the IoT event was the need for companies to mitigate legal risks prior to releasing IoT products or services into the market. Cheryl Falvey, a partner at Crowell & Moring LLP, explained how product liability issues stemming from design defects in IoT products and faulty software updates are creating challenges for manufacturers, developers, and software vendors. Next, Jean Marie Pechette, a shareholder at Polsinelli PC, addressed the need for companies to account for IP rights and license agreements when developing IoT products. Lisa R. Lifshitz, a partner at Torkin Manes in Toronto and the current President of the Canadian IT Law Association, also stressed the importance of applying a global lens in deploying products or services by making efforts to understand what international laws and standards may be implicated.
High-profile data breaches from hack attacks also raise serious legal concerns. Lucy Thomson, a principal at Livingston PLLC, explained how “massive data breaches not only compromise sensitive and confidential data, but also put hundreds of millions of individuals at risk of identity theft and fraud.” She added that cyber attacks involving critical infrastructure carry the potential for widespread physical damage or bodily injury. Thomson stressed the need for corporate executives and government officials to hire skilled security professionals to help develop practical security strategies and provide insight into navigating the plethora of federal, state, and international laws.
Federal Trade Commission (FTC) Chairwoman Edith Ramirez further emphasized how companies should account for privacy and security vulnerabilities by adopting best practices, such as incorporating appropriate controls on data collection, use, and dissemination. Likewise, Lisa R. Lifshitz explained:
Markedly, these legal risks are just the beginning for women in the cybersecurity profession.
Finding work-life balance
Jody Westby, CEO at Global Risk LLC who moderated a panel on IoT security challenges at the IoT National Institute, offered insight into the pressure of working in such a demanding field and how she has learned to thrive. She noted:
Business development, such as bar association leadership role responsibilities, speaking engagements, and publication deadlines, adds another layer of commitments. Nevertheless, Westby went on to emphasize that a healthy work-life balance is possible.
Balancing boils down to making sacrifices and establishing priorities. Westby has drawn upon her experience as a single mom attending Georgetown Law, where she worked summers and part-time during the school year. “Personal and family time is terribly important and, in my experience, is only achievable if you set priorities and make your personal life as important as your work life.” Practically, this means knowing when to say ‘no’ to a colleague, a boss, or a client. “I have found the best way to handle those situations is to be completely honest and transparent about your circumstances.”
Several organizations are already getting involved to empower women in the cybersecurity space. During her tenure as President of the Women’s Bar Association of the District of Columbia, Lucy Thomson, who has two adult daughters, led initiatives to promote various opportunities to help women pursue their career while also raising a family. She continues to support diversity and inclusion initiatives.
According to privacy/cybersecurity attorney Ruth Hill Bro, who moderated two panels at the IoT National Institute and serves as the Section’s Membership and Diversity Committee Chair, “SciTech gives wings to those with great ideas and the initiative and drive to see them through. SciTech is very welcoming and inclusive, and that is reflected in the number of women you find in leadership positions, including at the most senior level.” Bro founded and chaired SciTech’s E-Privacy Law Committee when she was a senior associate, prior to becoming a partner, in the Chicago office of Baker & McKenzie. SciTech nominated her for the Officer track when she was pregnant with her first child; when she became Section Chair in 2008, she had two young daughters (ages 3 and 2). Bro said she was following in the footsteps of the two female SciTech Chairs before her who also had young children during their time as Officers.
Distinguishing yourself in the cybersecurity market
As cybersecurity is expected to become a $170 billion market by 2020, there are myriad opportunities, from Fortune 50 companies all the way to the White House, for women looking to enter this dynamic and growing profession. That being said, competition is inevitable. So how do you set yourself apart? Jean Marie Pechette explained:
Getting involved in the SciTech Section can also help distinguish new lawyers in this profession. Members can join one of the Section’s substantive committees – especially in the Security, Privacy and Information Law Division – which facilitates publishing, speaking opportunities, and networking. A SciTech Section membership not only offers its members cutting-edge resources for professional development, but also grants invaluable opportunities to address unique legal issues raised by new technologies.
Together these remarkable women have blazed a distinct path in the tech industry and demonstrated to women everywhere how to leverage their passions. Despite the stresses that may keep them up at night, these women serve as role models and high-achieving pioneers that are redefining the cybersecurity profession.
First row left to right: Ruth Hill Bro, Privacy Attorney, Past Chair, ABA Section of Science & Technology Law, Chicago, IL; Kathryn Coburn, Partner, Murphy Cooke Kobrick LLP, Santa Monica, CA; Clara Cottrell, Raleigh-Durham, NC, Counsel, BASF; Cyntia Cwik, Chair, Section of Science & Technology Law, Of Counsel, Jones Day, San Diego, CA; Cheryl Falvey, Partner, Crowell & Moring, Washington, DC; Alexis Gilroy, Partner, Jones Day, Washington, DC; Jessica Herrera-Flanigan, Executive Vice President at Mission-Driven Media Company, Washington, DC.
Second row left to right: Kate Growley, Associate Crowell & Moring, Washington, DC; Lisa Lifshitz, Partner and Chair, Technology, Privacy & Data Management Group, Torkin Manes LLP, Toronto, Ontario; Lois Mermelstein, Artegis Law Group LLP; Jean Pechette, Shareholder, Polsinelli, Chicago, IL; Heather Rafter, Owner, RafterMarsh, Past Chair ABA Section of Science & Technology Law, Portola Valley, CA; Edith Ramirez, Chairwoman, Federal Trade Commission (FTC), Washington, DC; Kimberly Rice, Attorney at Law, specializing in E-Discovery and Employment/Labor Law, Los Angeles, CA.
Third row left to right: Dominique Shelton, Partner, Alston & Bird LLP, Los Angeles, CA; Karli Swift, Associate, Baker Donelson, Atlanta, GA; Lucy Thomson, Founding Principal, Livingston PLLC, Past Chair, ABA Section of Science & Technology Law, Washington, D.C.; Holly Towle, Partner, K&L Gates, Seattle, WA; Ericka Watson, Senior Counsel Global Privacy, AbbVie, Inc., North Chicago, IL; Jody Westby, CEO, Global Cyber Risk LLC, Washington, DC and Damier Xandrine, Senior Vice President and Senior Company Counsel, Wells Fargo Bank NA, San Francisco, CA.