For Law Students

Join Now

Insights from the women of cybersecurity

Women of Cybersecurity collage
The photo collage features cybersecurity, privacy and technology practitioners and litigators. Names and titles are listed at the end of the article.

With at least one million cybersecurity job openings in 2016, why do women make up only 11 percent of the information security workforce? Breaking the traditional notion of a male-dominated industry, the ABA Section of Science & Technology Law (SciTech) is highlighting women who are using their passion for technology to shape the next wave of innovation. These inspirational leaders share their views on key legal risks facing cybersecurity professionals, finding work-life balance, and opportunities for distinction.

Key legal risks in cybersecurity

Notably, the strong female presence at the SciTech Section’s 2016 Internet of Things (IoT) National Institute on March 30-31 in Washington, D.C., is a testament to the influential role women will continue to have on technology and law. As noted by Cynthia Cwik, Chair of the SciTech Section:

It was an honor to meet so many leading cybersecurity figures in addition to distinguished colleagues at every stage of their career at our Internet of Things National Institute. As the number of devices connected to the Internet now surpass the world’s population, the Section is uniquely positioned to help you better serve your organization and clients as you engage with our cybersecurity community to access cutting-edge content. We provide insights in Section articles on our homepage and we will be conducting webinars to share practical tips. Our Section provides its members with numerous opportunities to contribute to the development of some of the most critical legal issues our world is facing.

A common theme echoed by the female speakers at the IoT event was the need for companies to mitigate legal risks prior to releasing IoT products or services into the market. Cheryl Falvey, a partner at Crowell & Moring LLP, explained how product liability issues stemming from design defects in IoT products and faulty software updates are creating challenges for manufacturers, developers, and software vendors. Next, Jean Marie Pechette, a shareholder at Polsinelli PC, addressed the need for companies to account for IP rights and license agreements when developing IoT products. Lisa R. Lifshitz, a partner at Torkin Manes in Toronto and the current President of the Canadian IT Law Association, also stressed the importance of applying a global lens in deploying products or services by making efforts to understand what international laws and standards may be implicated.

High-profile data breaches from hack attacks also raise serious legal concerns. Lucy Thomson, a principal at Livingston PLLC, explained how “massive data breaches not only compromise sensitive and confidential data, but also put hundreds of millions of individuals at risk of identity theft and fraud.” She added that cyber attacks involving critical infrastructure carry the potential for widespread physical damage or bodily injury. Thomson stressed the need for corporate executives and government officials to hire skilled security professionals to help develop practical security strategies and provide insight into navigating the plethora of federal, state, and international laws.

Federal Trade Commission (FTC) Chairwoman Edith Ramirez further emphasized how companies should account for privacy and security vulnerabilities by adopting best practices, such as incorporating appropriate controls on data collection, use, and dissemination. Likewise, Lisa R. Lifshitz explained:

Given the various and differing privacy requirements in the EU, Canada and the US, IoT companies should be implementing ‘security by design’ and ‘privacy by design’ into their devices and systems at the outset, rather than as an afterthought, including at every stage of product development, even in the design cycle. Companies should also ensure that their organizations promote good privacy and security practices at all levels, including through proper employee training to ensure proper privacy and security controls.

Markedly, these legal risks are just the beginning for women in the cybersecurity profession.

Finding work-life balance

Jody Westby, CEO at Global Risk LLC who moderated a panel on IoT security challenges at the IoT National Institute, offered insight into the pressure of working in such a demanding field and how she has learned to thrive. She noted:

Clients are more deadline-oriented than in previous years. Previously, cybersecurity was more of a remediation measure, but now it is a critical part of risk management, which often translates into last-minute requests by clients and quick turnaround times.

Business development, such as bar association leadership role responsibilities, speaking engagements, and publication deadlines, adds another layer of commitments. Nevertheless, Westby went on to emphasize that a healthy work-life balance is possible.

Balancing boils down to making sacrifices and establishing priorities. Westby has drawn upon her experience as a single mom attending Georgetown Law, where she worked summers and part-time during the school year. “Personal and family time is terribly important and, in my experience, is only achievable if you set priorities and make your personal life as important as your work life.” Practically, this means knowing when to say ‘no’ to a colleague, a boss, or a client. “I have found the best way to handle those situations is to be completely honest and transparent about your circumstances.”

Several organizations are already getting involved to empower women in the cybersecurity space. During her tenure as President of the Women’s Bar Association of the District of Columbia, Lucy Thomson, who has two adult daughters, led initiatives to promote various opportunities to help women pursue their career while also raising a family. She continues to support diversity and inclusion initiatives.

According to privacy/cybersecurity attorney Ruth Hill Bro, who moderated two panels at the IoT National Institute and serves as the Section’s Membership and Diversity Committee Chair, “SciTech gives wings to those with great ideas and the initiative and drive to see them through. SciTech is very welcoming and inclusive, and that is reflected in the number of women you find in leadership positions, including at the most senior level.” Bro founded and chaired SciTech’s E-Privacy Law Committee when she was a senior associate, prior to becoming a partner, in the Chicago office of Baker & McKenzie. SciTech nominated her for the Officer track when she was pregnant with her first child; when she became Section Chair in 2008, she had two young daughters (ages 3 and 2). Bro said she was following in the footsteps of the two female SciTech Chairs before her who also had young children during their time as Officers.

Distinguishing yourself in the cybersecurity market

As cybersecurity is expected to become a $170 billion market by 2020, there are myriad opportunities, from Fortune 50 companies all the way to the White House, for women looking to enter this dynamic and growing profession. That being said, competition is inevitable. So how do you set yourself apart? Jean Marie Pechette explained:

Although I am a shareholder in an Am Law 100 firm (and previously worked in two other Big Law firms), I actually started my career in a small boutique firm that focused on technology law. Since the boutique firm mindset is to be very specialized, I recognized as a young lawyer that I had to invest considerable time and energy in keeping abreast of innovations in information technology and the existing laws that could be extrapolated to apply, or new laws that would be applied, to this continually evolving technology. Representing early stage companies as well as working inhouse with a Fortune 50 company have also given me deep industry knowledge and a unique perspective that add value in counseling Polsinelli’s diverse clients. To distinguish yourself in this area, I think you must be truly passionate about the underlying science and technology, embrace the fact that almost always you will be advising clients in an area of practice where the laws will not be clear or well-settled, and excited about the opportunity to be a thought leader.

Getting involved in the SciTech Section can also help distinguish new lawyers in this profession. Members can join one of the Section’s substantive committees – especially in the Security, Privacy and Information Law Division – which facilitates publishing, speaking opportunities, and networking. A SciTech Section membership not only offers its members cutting-edge resources for professional development, but also grants invaluable opportunities to address unique legal issues raised by new technologies.

Together these remarkable women have blazed a distinct path in the tech industry and demonstrated to women everywhere how to leverage their passions. Despite the stresses that may keep them up at night, these women serve as role models and high-achieving pioneers that are redefining the cybersecurity profession.

First row left to right: Ruth Hill Bro, Privacy Attorney, Past Chair, ABA Section of Science & Technology Law, Chicago, IL; Kathryn Coburn, Partner, Murphy Cooke Kobrick LLP, Santa Monica, CA; Clara Cottrell, Raleigh-Durham, NC, Counsel, BASF; Cyntia Cwik, Chair, Section of Science & Technology Law, Of Counsel, Jones Day, San Diego, CA; Cheryl Falvey, Partner, Crowell & Moring, Washington, DC; Alexis Gilroy, Partner, Jones Day, Washington, DC; Jessica Herrera-Flanigan, Executive Vice President at Mission-Driven Media Company, Washington, DC.

Second row left to right: Kate Growley, Associate Crowell & Moring, Washington, DC; Lisa Lifshitz, Partner and Chair, Technology, Privacy & Data Management Group, Torkin Manes LLP, Toronto, Ontario; Lois Mermelstein, Artegis Law Group LLP; Jean Pechette, Shareholder, Polsinelli, Chicago, IL; Heather Rafter, Owner, RafterMarsh, Past Chair ABA Section of Science & Technology Law, Portola Valley, CA; Edith Ramirez, Chairwoman, Federal Trade Commission (FTC), Washington, DC; Kimberly Rice, Attorney at Law, specializing in E-Discovery and Employment/Labor Law, Los Angeles, CA.

Third row left to right: Dominique Shelton, Partner, Alston & Bird LLP, Los Angeles, CA; Karli Swift, Associate, Baker Donelson, Atlanta, GA; Lucy Thomson, Founding Principal, Livingston PLLC, Past Chair, ABA Section of Science & Technology Law, Washington, D.C.; Holly Towle, Partner, K&L Gates, Seattle, WA; Ericka Watson, Senior Counsel Global Privacy, AbbVie, Inc., North Chicago, IL; Jody Westby, CEO, Global Cyber Risk LLC, Washington, DC and Damier Xandrine, Senior Vice President and Senior Company Counsel, Wells Fargo Bank NA, San Francisco, CA.

Alysa Pfeiffer-Austin Alysa Pfeiffer-Austin recently earned her LL.M. from Georgetown Law with a concentration on Cyber and National Security Law. She also interned for the U.S. Department of Homeland Security. Alysa has a rich international perspective from interning for the United Nations, working at an orphanage in Mozambique, and volunteering with human trafficking safe houses in South Africa. She is currently focusing on applying her international experience and cybersecurity specialty to cross-border transactions. She serves as an ABA Section of Science & Technology Law Homeland Security Committee Content Contributor, which includes hot topic presenter and website editor responsibilities.