For years, Taiwan has been a major target for cyberattacks and malware infections, partially because of its growing ICT and IoT manufacturing sector.
As awareness of these risks grows, so too has Taiwan’s information security industry, which has expanded at an annual rate of over 12% since 2013. Authorities are also deliberating over a Cyber Security Management Act, as well as proposing a special budget of approximately USD 46.7 million annually over the next three years to support the adoption of comprehensive cybersecurity programs by government.
Complementing these public and industry efforts have been a host of community initiatives, some of which have been established by hackers themselves.
Since 2015, the Hacks in Taiwan (HIT) Association has helped enhance Taiwan’s information security technology by developing tools such as the ZeroDay vulnerability notification platform, and holding events, one of which predates the association by over a decade — Hacks in Taiwan Conference (HITCON).
Over 13 years, HITCON has grown to become one of the leading hacker-community events in the Asia Pacific. These hackers are not the computer bad-guys of films and TV shows; they are computer programmers, coders and network operators interested in finding and making the community aware of vulnerabilities before they can be exploited.
Based on current estimates that 1.5 million cybersecurity positions will be open and unfilled worldwide by 2020, governments, security agencies, and organizations around the world are recognizing the importance that community events such as HITCON play in cultivating current and future talent, particularly in under-represented groups such as female cybersecurity professionals.
Promoting cybersecurity awareness and opportunities
According to the 2017 Global Information Security Workforce Study: Women in Cybersecurity, the representation of women in the cybersecurity workforce remains stagnant at 11%. Although there are no specific figures for Taiwan, long-time HITCON participants such as Hazel Yen, a local malware analyst and security engineer, believe the figures would be similar. Seeing this gender gap drove the establishment of HITCON GIRLS.
“HITCON GIRLS has two purposes: to make more women aware of the cybersecurity field as a career, and to create opportunities for more women to join the field,” explains Hazel, who is a co-founder and active member and of the growing community.
“Through our events, training and online forums, participants learn from and network with females working in the industry in an environment where they are not a minority and are encouraged to interact.”
In its three years, more than 500 people have attended HITCON GIRLS training workshops and meetups, and its Facebook page has attracted over 3,000 followers. The HITCON GIRLS blog has also been an important tool for the group to share knowledge about fundamental cybersecurity concepts like APT, CTF and malware.
“Like other community groups, we have a duty to increase awareness of the importance of information and cybersecurity in Taiwan,” explains Hazel. “Whatever we do, we are always conscious of making our content as clear, concise, and relevant as we can so that participants and readers can understand it and, most importantly, take action.”
Success through hard work and outreach
Hazel and the rest of the HITCON GIRLS committee recognize that it will take several years of “hard work and outreach” before they start to see a change in the number of women working in the industry. However, they are continually buoyed when workshop participants and group members contact them to say how the group had given them the motivation to pursue a career in cybersecurity.
“A lady who participated at one of our recent meetups wrote to us to say how she was hesitant about joining the information security field, as she imagined it was very difficult to get into as a woman, based on industry stereotypes. However, after talking with professionals at the meetup, she walked away with the confidence and information she needed and is now actively searching for jobs in the industry.”
Hazel’s own professional development and progression has also been a success story that the group can point to. Hazel only graduated from university in 2016, with a Masters degree in Computer Science. HITCON GIRLS has provided her and her other junior committee member, Awon — who is also a co-founder and coordinates most HITCON GIRLS activities — a platform to broaden their professional networks and practise what they have learnt in the classroom.
“Our senior co-founders, Ashley (Shen), Belinda (Lai), Shirley (Kuo), and Turkey (Li), are smart, strong and confident women, with such a wealth of industry experience,” says Hazel. “Awon and I have learnt as much from them as our workshop and meetup participants have. Awon too has also been amazing in her role, having developed the systems that HITCON GIRLS relies on to be an extension force.”
Hazel also recognizes the HIT association and HITCON community in providing a forum for the idea of HITCON GIRLS to be initially proposed and then to garner support from the community, as well as for their ongoing support with promoting events.
“The hacker community recognizes the need and importance of planning for the future, where cybersecurity will be even more important than it is today,” says Hazel. “The more people we have trying to respond to and mitigate risks and the more diverse this pool of people are, the more chance we will have against attackers. In the future, we hope that women in information security are no longer a minority.”
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.