Women in Cyber: Erin McLean
In Canada, women make up just a small fraction of the cybersecurity workforce, which can lead to a lack of career advancement and an early exit from the field. At the Rogers Cybersecure Catalyst, we believe an industry can only flourish when it draws from diverse and varied perspectives, and when it makes those perspectives feel welcomed and included. In this ongoing series, we’re highlighting the accomplishments of women in the industry, and learning from them about how to make cybersecurity a more inclusive place.
Erin McLean is Chief Marketing Officer at eSentire, a global leader in managed detection and response. She leads the company’s global marketing and communications functions, including all brand, corporate communications, media relations and marketing operations. In 2020, McLean was named one of the Top 100 Women in Cybersecurity by Cyber Defense Magazine, and she mentors cybersecurity businesses as an Entrepreneur in Residence in the Catalyst Cyber Accelerator. In addition, McLean is passionate about encouraging young women to pursue careers in cybersecurity. She created Ambitious 7s, a program in partnership with the Durham District School Board to expose young female students to career paths in technology.
We spoke to McLean about her path to cyber and her work to foster interest in cybersecurity among women and girls.
In your career, you’ve been passionate about creating opportunities to get women and girls interested in science cybersecurity. What put you on your career path, and what inspired you to spread your enthusiasm to others?
I started my career in telecommunications, and it was a field where there was constant innovation — not only from a network and service functionality perspective, but also from the actual hardware and product itself. It was interesting to me that there was always change and always something different coming. As a marketer, it was very exciting to be able to communicate that. It was after I’d spend eight-or-so years in telecommunications that I was itching for a change, and I had started to notice, as many people did, a lot of the breach activity that was happening in the news. It was interesting to understand that this was an entire area of responsibility, and a growing one, in business.
I had the opportunity to work with a company called Herjavec Group, and that was where I really was introduced to cybersecurity as an industry and learned what was going on in the way the business was structured. It was such an education for our business audience, and also an education for our people. For one, there was a significant labour shortage in technical talent we could hire, and also, we were hiring people of such diverse backgrounds. We had psychology majors, criminology majors, English majors, and there were very few people at the time — and this was seven years ago — that came out of school with a cybersecurity or IT or computer science degree. When they did, unfortunately they were majority male — that’s just the way it was. So, we really put a focus on expanding our recruitment pool.
It was fascinating for me to think of why that was the case. Why was our marketing team predominately female, and why was our software analyst population predominately male? We had some work to do there.
What do you think the answer is?
This is very qualitative, I can’t put a research pin behind it, but in my experience so far, young women didn’t have an understanding of what the outcome could be for pursuing their passion for science and technology. “Am I supposed to be a science teacher? What does working in technology really mean when I’m 12 or 13?” There wasn’t that sense of what an end outcome could look like. Also, computer science means so many things to different people. Is it coding? Is it engineering? Is it software development? Nobody was really understanding that.
What we started to do was do more work at the elementary and high school level was to engage students. We tried to make them aware of cybersecurity risks at a personal level — password protection, being safe online, blocking cameras, things like that — and showcasing to them the work we were doing as a service provider for big businesses. The more they started to understand that, and the more they began to understand how you can solve cybersecurity problems like a puzzle and recognize patterns, they realized that cybersecurity could be a really interesting path for them.
I think you have to have those conversations early. You have to be exposed to new opportunities. I think we all tend to go into, “What did your parents do? What does your family do? What does your network do” because that’s what you’re comfortable with. If you’re not exposed early, you’re not going to even be aware that something is an option for you.
Do you sense that science and technology fields offer unwelcoming atmospheres to women and girls?
I wouldn’t say it’s unwelcoming. It’s maybe a mix of being unknown and intimidating. I think often when something is so big and you have to forge your own path within it, you just don’t know what you don’t know. And to be fair, cybersecurity has been such an evolving and rapidly changing space, and it’s been a relatively unknown space for a long time. When I started in cyber, we were educating people on what a SIEM (Security Incident Event Management system) was, and now people are on their third or fourth SIEM provider. To translate that to education, there hasn’t been a framework of what developing training, certification, and career-readiness looked like. Cyber is so vast that you can have a basic understanding but they you have to continue to certify and professionalize. It takes the right kind of individual to be that kind of continuous learner.
In your various outreach and educational initiatives, what are some of the ways you’ve made science and technology come alive?
I run a program called Ambitious 7s, which is a partnership with the Durham District School Board. We’ve done it four years now and we’re up to about 75 participants every year. These are Grade 7 students that participate in a three-part course on motivation, teamwork and goal setting. One of the portions of the course is on personal passion and career development. Not “career” in the sense of, “You have to find a job tomorrow!” It’s “career” in the sense of figuring out what you’re passionate about and what you can be interested in.
As part of that, in the past I’ve done tours of our head office (when that was a safe thing to do) and meet with different female leaders in all different areas of the business: marketing, finance, security operations, technical experts. We’d hear personal stories of how they got into their jobs and what they love about what they do. We would do a number of challenges, like creating puzzles that replicate the work our SOC analysts do, or doing phishing attacks and identifying how somebody might fall for them. We would also do some basic cyber-awareness programs, and give them a sense that these are things that help keep businesses safe every single day. You’d just see people’s minds start to turn, being like, “Oh, that’s pretty cool!”
We had them do some basic coding — writing it out to understand the differences between protecting and not protecting a company with one specific line of code, and how much impact that could have. For some of the girls who participated, that was enough to make them go, “I could do this. I think this is really cool.” That’s the exposure they need.
If you met a young woman who was going into undergrad or grad school and thinking of pursuing cyber, what advice would you give her?
Do it!
I’m not somebody who likes to be burdened or concerned with what happened in the past. I think you have to wholeheartedly embrace your passion and you have to have confidence in yourself. It doesn’t matter if it’s a field that may have 20 percent or 25 percent women — you can forge your own path in it. I think science and technology are fields that are continuing to change, and they need strong female voices to be part of key conversations in our space.
