MacKenzie Brown ended up in her job as a cybersecurity researcher by accident. Once an aspiring actress, she went to Boise State as a theater major and then got a job with the state Department of Labor as an information technology security analyst.
Much to her surprise, Brown liked the nitty-gritty of security controls and auditing compliance. She loved learning about information technology, or IT, and about cybersecurity policies and procedures. She enjoyed working on the DOL’s internal website to make sure Idaho companies had access to the security policies and procedures they needed.
Michael Kalm, the chief security officer at the Idaho DOL, noticed Brown’s aptitude and interest and suggested that she pursue it. He suggested she get education and certification in cybersecurity and let her know that if she did, she could rise up from her position as an IT support tech to become a security analyst.
Now, at age 26, Brown works out of Boise as a research principal for Optiv, a Denver-based company that provides information security services to companies all over the country. Brown spends 75 percent of her time traveling as part of a team that shows Optiv clients, often large financial firms or technology companies, how mature and capable they are in the area of cybersecurity incident management. She loves her job and makes an annual salary of more than $60,000.
“It’s totally, literally falling into a manhole with this job,” Brown said. “I didn’t realize I would actually enjoy it and be passionate about it.”
The only thing missing from this scenario: other women in the field. According to the Idaho Department of Labor, only 21 percent of the people who work in IT and cybersecurity in Idaho are female. In technology jobs in general in Idaho, 23 percent are women. That low proportion puts Idaho ahead of the nation, where just 11 percent of IT and cybersecurity workers are women. Nationally, 25 percent of technology jobs overall are filled by women.
“This doesn’t mean we’re deficient or incapable of going into this career,” she said. “It says we’re not outsourcing or recruiting women at younger ages to go in this direction.”
Brown likes to get involved, so she created a nonprofit organization to tackle the situation. It’s called Ms. Greyhat, a reference to the terminology used in the cybersecurity world, where the white hats are the good guys who save the day, and the black hats are the hackers.
“Greyhat for me is having the understanding and capability of the black hat, but using the knowledge to be a white hat,” said Brown. “You understand the nefarious activity, you understand what they are capable of, and you use that knowledge to be a more successful white hat person.”
Ms. Greyhat received its official nonprofit status in May, and, so far, its board members are Brown; her mother; Shawna Hofer, the senior director of cybersecurity at St. Luke’s Health System; and Clark Harshbarger, an FBI cybersecurity agent for Idaho.
Brown intends the group to offer women in her field the peer support and connections that will help them succeed. She also wants to get the message out that you don’t have to adhere to any stereotypes to be successful in IT.
“We’re definitely not a bunch of older men in their mom’s basement eating Hot Pockets and playing World of Warcraft,” she said. “I am loud, I get really excited about organization, I am a perfectionist, I eat pizza but I also eat salads with my pizza, I love running and run in the foothills almost every day, I snowboard, I like biking.”
Brown, who is a member of other cybersecurity professional organizations locally, knows there are other groups with the same goal of addressing the gender gap in IT. She said she sees Idaho companies pushing hard to hire more women in IT roles. But she said she wants to start very locally, connecting women in Idaho, and then focus on the Northwest. She’s looking for Idaho women in technology jobs to join Ms. Greyhat and provide mentoring and support to others.
“Can you imagine the impact of going into a ninth- or tenth-grade classroom and teaching them that you can get paid to ethically hack someone’s network and tell them how to fix it and make it better?” Brown said. “You can travel the world and meet new people. You may not be saving lives, but you are doing something important.”