Share story

Tiffany Rad is turning software-industry gender stereotypes on their head.

Rad is a white hat, a hacker who specializes in looking for security holes so that they can be fixed.

The attorney turned her computer-hacking hobby into a career in 2008, when she submitted a research proposal to an underground security conference in New York. Rad’s talk there propelled her into the industry, and she is now manager of threat research for ThreatGrid, a specialist in malicious-software analysis that Cisco Systems bought in May.

“To be able to present at these conferences has been fantastic in jump-starting my career,” said Rad, who speaks regularly at security events and has worked for top cybersecurity firms. “Now I meet many more women doing the same.”

This week, save 90% on digital access.

Over the last decade, women like Rad have become increasingly prominent in white-hat roles at technology companies, including Microsoft, Apple and startups, reflecting the rising profiles of females throughout the security-technology industry.

Several of them have taken leadership positions, including Heather Adkins, who joined Google in 2002 as one of the founding members of the company’s security staff and now manages the team that responds to hacking attacks against its corporate networks.

Women outnumber men in the specific jobs of analysts and advisers working on preventing breaches and strengthening technology defenses, according to 2011 and 2013 studies from the International Information Systems Security Certification Consortium. Female attendees at security conferences have also risen to hundreds or more at key events like Black Hat and DefCon, from nearly none 15 years ago, according to organizers of the events.

That contrasts with trends in the larger technology industry, where 74 percent of U.S. workers in computer and mathematical occupations last year were men, according to the Bureau of Labor Statistics. Silicon Valley companies including Google and Facebook have recently been embroiled in a debate over the lack of female employees, releasing data that show women make up less than 40 percent of their workforces.

In the early days of hacking conferences, “It was really rare if there were maybe a couple of women involved who were credible and knew their stuff,” said Jeff Moss, who founded DefCon in 1992 and Black Hat in 1997 and advises the U.S. Department of Homeland Security. “Nowadays there are too many to mention.”

Helping to drive the rise of women white hats is the meritocracy of security-technology conferences, where participants present papers and discuss flaws in code. That helps show their chops immediately. Female trailblazers also have helped set a precedent for counterparts to enter the industry as mounting concern over cybersecurity lures a rush of investment and creates jobs.

Among Rad’s other white-hat female counterparts today are Window Snyder, who has held security roles at Microsoft, Mozilla and Apple; Katie Moussouris, who had senior positions at Symantec and is now chief policy officer at a startup called HackerOne; and security consultant Jen Savage.

“In the security industry, you are judged on your skills alone,” said Nico Sell, a DefCon organizer and CEO of Wickr, which makes a smartphone application for sending encrypted messages. “This offers an opportunity for smart women because there is no denying your talent,” she said.

Custom-curated news highlights, delivered weekday mornings.