March 8 – The information security (InfoSec) world moves at a “glacial pace” when it comes to gender equity, according to The Register.
But that doesn’t seem to hold true in the cyber criminal underground. A recent study shows that at least 30%, if not more, of cyber criminal forum users are women.
Women in cyber
For this study, researchers looked at five English-language cyber crime forums; Sinister, Cracked, Breached, Hackforums and the now defunct Raidforum. And it evaluated five Russian-language sites; XSS, Exploit, Vavilon, BHF and WWH-Club.
In all fairness, the study methodology was arguably more qualitative than quantitative – and the report says as much. Users on the aforementioned forums are largely anonymous, requiring use of tools such as Semrush and uClassify’s Gender Analyzer V5 to determine who’s who.
English language dark web sites
Nonetheless, researchers analyzed posts and traffic on the forums and determined that, for English language sites, roughly 40% of users appear to be women. On Russian cyber crime forums, 42% of users appeared to be women.
In contrast, when compared to Stack Overflow, a developer and programming forum, only 12% of visitors were female.
What it means
One analysis is that the cyber criminal underground is more meritocratic than the white hat world. Developers are valued for their skills and experience in ways that pay.
This also suggests that cyber criminal investigators may wish to avoid defaulting to “he” when discussing cyber criminals.
However, the larger lesson here is that if industry continues to overlook qualified security professionals on the basis of gender, don’t be surprised if the individuals end up on your radar later – Hopefully in the form of a researcher bearing a breach notice, not someone intent on compromising your systems.