10 pioneering women in information security

In the 1950s, women were calculating U.S. space missions, and by the 1960s they were programming mainframe computers. So, it should come as no surprise that there are also many remarkable female pioneers in computer and information security.

In honor of Women’s History Month, here are some of these women and their key contributions to the field.

Codebreakers and signal hoppers

Let’s start with WWII female codebreakers, like former Navy lieutenant Judy Parsons, a graduate of Carnegie Institute of Technology who joined the US Navy’s WAVES (Women Accepted for Volunteer Emergency Service). She and her OP-20-G group of WAVES helped sink 95 German U-boats during WWII thanks to their codebreaking efforts.

Parsons was one of thousands of women working in different security capacities during the war from 1939-1945. They broke new ciphers used by German and Japanese forces and provided a funnel of intelligence that Allied Forces used to uncover enemy locations, sink ships, down planes, and ultimately win the war. Navy women built the computing machines needed to decrypt the Enigma cipher, after another female, Mavis Bately, deciphered a message and learned how the Nazi Abwehr Enigma machine worked.

During the same time period, another leading lady, Hedy Lamarr, in 1941 patented her invention for radio frequency ‘signal hopping’ to defeat enemy jamming signals, allowing Allied Forces to hide their torpedoes from the Nazi forces. Signal hopping is the concept behind secure WiFi, BlueTooth and GPS used today.

At the time of her patent, Lamarr was more widely recognized for her beauty as a big-screen movie star than her brain as an inventor. But she did find allies in Howard Hughes and John F. Kennedy, who supported her with equipment to invent and experiment in her actor’s trailer.   Lamarr, who died in 2000, was inducted into the Inventor’s Hall of Fame in 2014.

Setting new standards

Finding allies is a big help when you’re a woman in infosec, says Renee Guttmann, one of the earliest females to hold information security leadership roles, starting with GlaxoSmithKline in 1994. There, Guttmann implemented firewalls and encryption products before there was a commercial internet to connect to.

Guttmann later built Capital One’s security program for customers’ first online activities (retrieving statements), and then became the first-ever director of IT security for Time, Inc., in 2000, eventually running security for both Time Inc, and Time Warner where she was VP of information security and privacy. She’s also won several awards for her work in the corporate sector, including the CSO Compass Award in 2008, and a Woman of Influence Hall of Fame award from the Executive Women’s Forum in 2007.

“I remember a meeting with other security women in 1993, including Donna Dodson from NIST, Dr. Dorothy Denning [from Georgetown University at the time], and other smart females leading the infosec charge back then. Many of them went on to start companies and powerful careers around infosec,” says Guttmann, who’s now CISO at Campbell Soup Company.

“I remember debating encryption and certificate management with them in a small meeting room with ten people and wondering if these things would ever matter to anyone but us,” Guttmann says.

Dodson, NIST fellow and chief of cybersecurity for the NIST IT lab, retired in 2020 from her final role there as the director for NIST’s National Cybersecurity Center of Excellence. She started at NIST in 1987, and NIST cites her contributions to artificial intelligence, internet of things, quantum-resistant cryptography, and privacy engineering (among others). She was awarded one of the top ten most influential people in government IT in 2011 and is recipient of the Presidential Rank Award in 2019.

Back in the early days, there were no CISOs, Dodson reiterated in her NIST retirement interview. So early female CISOs like Guttmann and Rhonda MacLean, who held leadership posts at Boeing and Bank of America in the late 1990s, came up truly creating the job on the fly.

When Guttmann started the job at Time Inc., for example, no one knew what a CISO-level manager was supposed to do. At first leading information security for a magazine company (in 2000) seemed like a pretty easy job. But then she went to the business units and started asking them questions about their business and potential risks—essentially helping to frame the business-focused role of a true CISO today.

“I remember wanting to learn how I could best support the mission of Time Inc. I met with the leaders of several business units to better understand the Company,” she explains. “One of the first groups I met with was Finance. I learned that we had millions of credit card numbers between our different magazine titles, and that we were also fulfilling subscriptions for other notable magazines. This was well before the Payment Card Industry standard even existed. But coming from Capital One, I had already built a program around card protection.”

Leading the discussion

Dorothy Denning was a key thought leader in cryptography at the time Guttmann met with her in 1993. Denning, still professor emeritus at the Naval Post Graduate School in Monterey, California, is a lifetime academic and author of four books and more than 200 articles, mostly around information security. In 1975, Denning’s doctorate thesis paper on securing information flow between computers was well ahead of its time, as was her first book, Cryptography and Data Security, published in 1982 while she was associate professor at Purdue. Computers weren’t connected back then and there was no internet for commercial use. Still, her paper looked ahead to the day when people would use computers to do things like prepare their tax forms.

Dorothy Denning

“The question I had was, how can I share sensitive information with this type of application, but in a way that the app could not squirrel away my sensitive information. I was looking at the flow of information going through a program so that you could stop it from leaking,” she explains.

“Then I kept on finding new topics to research. To me, security was always about the intellectual interest. I saw the challenging and interesting problems with security.”

Becky (Rebecca) Bace was also another influential woman in Guttmann’s orbit back in the 1980s and 1990s and stayed a presence until Bace’s death in 2017. Because she had epilepsy, Bace was advised to simply collect social security instead of working. Instead, Bace, who was a unique combination of Alabaman and Philippino heritage, went to several engineering schools and then joined the NSA in 1984.

Due to her funding of security technologies through the NSA’s incubator programs, she was nicknamed the den mother of intrusion detection. In 2016, the year before Bace’s death, O’Reilly Publishing created the Rebecca Bace Pioneer Award to celebrate other security heroes like her. 

Shortly before passing, Bace drove three hours to support Guttmann as she received an award for her accomplishments. “That speaks to her level of kindness and generosity with her time. She always gave back like that, which inspires most of us. We all need role models like Becky,” Guttmann says.

Investing in the next generation

After leaving the NSA, Bace went into private investments and continued funding innovative security startups. Now, other women are following in her footsteps, starting their own funding firms to support security startups.

One is Dr. Chenxi Wang, former Carnegie Mellon professor and Forrester analyst, and now founder and general partner at Rain Capital. Her portfolio includes numerous security startups.

Another female funding partner, Maria Cirino, founded 406 Ventures after pioneering one of the first female-run cyber security companies, Guardent, which she ran from 2000 until it was acquired by Verisign in 2004. Onapsis, Pwnie Express, and Threat Stack are among her portfolio companies.

The list certainly goes on. Today, there are thousands of women leading information security in a variety of roles,  and receiving more acknowledgement for their participation in the industry, who have a number of support and networking groups behind them.

The key is do what you love and forge your own path, say those who’ve gone before. “I love my work and continue to learn new things. Now at Campbell, I am making a difference in industrial OT. That’s exciting,” Guttmann says.

“Learn to understand and help others understand. Be curious! And don’t let anyone try to stop you from achieving your goals and being a change agent in cybersecurity.”