March 5, 2020 By Jasmine Henry 9 min read

Women in cybersecurity now represent 20 percent of the workforce, according to Cybersecurity Ventures. There’s still a long way to go in closing the industry gender gap, especially when you consider that women make up over half the U.S. workforce. However, the security industry has also made progress, and that’s something to be proud of. In 2013, women were just 11 percent of the cyber workforce.

Continuing to move the needle toward equity is about more than filling empty cyber seats — though there are more than 4 million unfilled infosec jobs currently, according to (ISC)2. It’s about creating more diverse teams who are better prepared to solve challenging problems. It’s about creating unbiased artificial intelligence (AI) and higher-quality ideation.

It’s about better representation, but it’s also about the entire picture of women and diversity in cyber. It’s time to talk about increasing opportunities and creating pay equity. Leaders need to think about how to retain and promote women and other individuals who are underrepresented in cyber leadership roles.

The diversity problem is too big for any individual or organization to tackle alone. Creating an inclusive industry is going to require collaboration and radically different approaches. Luckily, 21 women in cyber have offered some advice on how to create better equity in hiring, management and retention efforts, as well as advice for women starting out their cybersecurity careers.

Cybersecurity Career Advice to Accelerate Your Growth

1. Don’t Be Afraid

A significant amount of women are interested in making the transition to cybersecurity. “Don’t be afraid,” advises Kara Federow, security analyst at Sucuri.

“Where would we all be if women like Admiral Grace Hopper, Ada Lovelace and Katherine Johnson had all decided that they were too afraid to do what they did? You are valuable, you have things to contribute. Surround yourself with supportive people, and don’t be afraid to be awesome.”

2. Find Your Fit and Be Patient

There’s an emerging number of specializations within cybersecurity. Now more than ever, motivated women in cyber have an opportunity to find a niche where they can flourish.

“Cybersecurity encompasses so many different things — risk management and response, policy and laws related to information security. [Plus,] social engineering and psychology,” says Mimi Zohar, senior software engineer with IBM Research. There’s also “application, network, cloud, IoT” and more.

Remember that “success will require a lot of time, patience and perseverance. Anything worthwhile normally does.” Zohar also advises women in cyber to consider culture before accepting a job offer: “Choose to work with nice, talented people.”

3. Catalog Your Accomplishments

Elaine Palmer, senior technical staff member at IBM Research, believes women in cybersecurity should pursue every possible opportunity for growth.

“Get as many academic and professional credentials after your name as you can — MBA, PhD, CISSP — and always use them in your signature,” says Palmer. “Keep your knowledge and skills up to date by joining professional organizations like ACM or IEEE. Take advantage of their free online libraries and cyber training courses. Keep a running log of your accomplishments and keep your resume up-to-date. When making career decisions, get fully informed, but trust your intuition.”

4. Increase Exposure

“There isn’t a step-by-step guide or specific track to success in cybersecurity, which makes it a great field for women to create their own paths,” says Carrie Bowers, director of Managed Detection & Response at Agio. “If you’re just beginning in this field, start looking for opportunities to increase exposure like project management and technical writing [or] editing.”

“Building a career in cybersecurity starts with self-awareness and knowing what keeps you challenged. Stay curious.”

5. Master Interpersonal Skills

“Having a technical aptitude is a valuable cybersecurity skill,” says Michelle Alvarez, manager, Threat Intelligence Production Team for IBM X-Force IRIS. Still, she believes “mastering interpersonal or soft skills, like being able to effectively communicate with peers, reports and clients, is essential.”

Alvarez relies heavily on soft skills for problem-solving, resolving conflicts and communicating. Her interpersonal skills also come into play when she’s managing large projects, such as the annual X-Force Threat Intelligence Index.

“Investing in the development of your interpersonal skills the way you might invest in technical skills will open up more cybersecurity opportunities,” says Alvarez.

6. Go Out and Meet People

Keren Elazari is a cybersecurity researcher, co-founder of Leading Cyber Ladies and co-founder of BSides TLV (Tel Aviv). She believes the best way for women to grow in their cybersecurity careers is to go out and meet people.

“There are hundreds of events, meetups [and] conferences. Sadly, we often don’t see many women participating as attendees, speakers and organizers. I’ve made some of my best connections and learned some of my most important technical and professional lessons by … attending, volunteering, speaking and organizing events,” says Elazari.

7. Find Your Voice

“While listening and observing are important, don’t be afraid to find your voice to speak up and engage,” says Anne Jobmann, manager on the Malware Reverse Engineering Team for IBM X-Force Incident Response and Intelligence Services (IRIS).

“Be prepared to bring new ideas or solutions others might not have thought of yet. Don’t be afraid to ask questions.”

8. Learn From Your Mistakes

Resilience is how fast you can recover from … setbacks and push your career forward. In the long run, learning from mistakes is what makes you stronger,” says Glenda Lopez, director of IT Governance and Global Information Security at the Henry M. Jackson Foundation.

9. Prepare for Pay Equity Pushback

“Build your reputation,” says Lauren Hasson, senior software and infosec engineer and founder of DevelopHer. “People who influence your career need to know you, and they need to know the great work that you do.”

In addition to building your influence, build your negotiation skills and start early. Lauren is a passionate advocate for tech pay equity. She recommends that women approach salary negotiation with a firm grounding in data based on research from multiple salary data sources. Also, prepare for pushback.

“You can handle that pushback with confidence by asking your hiring manager a key question like, ‘Where did you get your numbers?'” says Hasson. “Since your salary negotiation numbers are grounded in actual data … you’ll be able to have a conversation with professionalism that will impress your employer and set you up for success.”

10. Lead by Influence

“Managers need to be leaders, but you don’t have to have direct reports to be a leader,” says Kim Wachtel, VP of Growth Engineering and UX at JumpCloud. She believes cyber women have an opportunity to lead by example at any stage in their career.

“This thought process was a huge part of my career growth and journey,” says Wachtel. “When I stepped into a technical product management role, it was the first time I had to figure out how to lead by influence and really help engineers feel inspired … without having any management authority over them.”

11. Don’t Hold Yourself Back

“Don’t hold (yourself) back if there is a job you want or a problem you see where you feel that you can make a difference,” says Beth Dunphy, director, deputy business information security officer (BISO) and privacy leader at IBM Security. “Too often, us women take ourselves out of the running for an opportunity due to a belief that somehow we are lacking a skill or experience or are not a perfect fit for the role, when objectively we actually may be the best candidate or have the right expertise to solve the problem at hand.”

12. Be Aware of Opportunity

“The first thing I start with, particularly with younger women professionals, is educating them on the opportunity that the security industry presents,” says Catherine Frame, director, North America Technical Sales and Client Success with IBM Security.

“Security risks and threats have become more pervasive, which has then opened up a whole new industry for employment, skills and jobs. The opportunity that presents itself today for new professionals is the ability to enjoy the industry — if it’s something that excites you — for an entire career.”

Advice for Cybersecurity Management to Retain Diverse Teams

1. Support Security Conferences

Networking and conference attendance can be a gamechanger for diverse cybersecurity talent looking to find mentors and uncover new opportunities. Gina Yacone, cybersecurity consultant at Agio, believes “we have a responsibility to younger generations of women to learn what barriers are preventing them from attending, like money, opportunity and insecurity.”

“We have to help break those barriers,” says Yacone. “We must pay it forward by sharing and offering scholarships to big events or covering dues for organization memberships.”

2. Hold Conferences Accountable

“When invited to speak at a conference, ask about how they are encouraging women and diverse candidates to speak,” recommends Kirstin McIntosh, Head of Partnerships at CyRise.

Kirstin is also a proponent of accountability in personnel management, supporting technology that enables more inclusive hiring and better retention efforts. “Textio [is] a bias-free language tool for job adverts,” says McIntosh. And, “Applied.com is a gender-neutral online recruitment tool.”

3. Think in Terms of Team Chemistry

“We need to move away from the single ‘hero’ paradigm to a more healthy, creative, collaborative environment,” says Mimi Zohar. “Dr. Margaret Heffernan gave the keynote at LINUXCON 2016 titled ‘Beyond Measure: The True Power and Skill of Collaboration,’ on what makes a team repeatedly successful. The answer was not IQ or individual brilliance. Instead, it was empathy, helpfulness, trust and diversity.”

4. Support the Needs of Neurodiverse Talent

“In cybersecurity, it is well-known that those who are neurodiverse, [such as] those who are autistic, have ADHD or other neurodiverse conditions, are well suited to careers in the industry,” says Lisa Ventura, CEO and founder of the UK Cyber Security Association.

“Having a diverse team doesn’t just make your company look good, it goes a long way in promoting an environment of innovation and out-of-the-box thinking.”

“If I go to a conference, or I’m on a panel or speaking or something, I build in a day or two afterward, so I can just have some time. Those kinds of events can be really overwhelming to me,” says Ventura. She hopes conferences and leaders will consider inclusive management techniques such as “quiet zones where people like myself can go to get away from all the noise in the background.”

5. Create Networks of Support

There’s an opportunity to support “women and minorities in this field by [creating] relationships with universities [and] women’s organizations like the Executive Women’s Forum and Minorities in Cyber,” says Catherine Allen, chairman and CEO of Shared Assessments. In addition, Allen believes organizations should create internal networks of support, such as “Accenture and KPMG.”

“Mentoring is critical,” says Allen. So is “seeing ‘someone like me’ in leadership.”

6. Make Retention a Priority

“What I have seen work well is a cultural change that starts with HR and sweeps through the entire hiring process. That process begins with how job descriptions are worded and goes on to having diversity on the interviewing team,” says Limor Kessem, executive security advisor with IBM X-Force IRIS.

“But hiring is not enough. Retaining talent is a challenge. What I have seen work well is recognition, inclusion and psychological safety at work. Another major [retention] factor is flexibility in work hours and locations.”

7. Adopt Collaborative Tools

Lisa Forte, partner at Red Goat Cyber Security, once worked for a manager who was into “amateur dramatics.” This team used a performing arts technique for tech collaboration.

“The rule was when someone put forward an idea, you could only start discussing it if you started your sentence with ‘yes, and …'” According to Forte, the improvisation tactic was really effective for inclusive collaboration. “Firstly, it stopped people just shutting down other people’s ideas,” says Forte. “Secondly, we developed some hugely creative ideas out of it because you had to think about how to get it to work instead of just saying no.”

8. Support Industry Events

“Reach out to community events in your region [and] seek recruitment candidates there,” says Keren Elazari.

“Support such events [and] host them at your offices. Give your team members the choice and support of travel and time to participate in their choice of professional and community events. Managers so often invest vast amounts of money in new tech, whereas the investment in talent is a fractional percent of that.”

9. Hire Critical Thinkers

“As organizations are discovering more and more, cybersecurity talent is not about technical skills,” says Debbie Gordon, CEO of Cloud Range Cyber.

“The most important skill is critical thinking. Cybersecurity skills can be learned, but someone who is a critical thinker has a high likelihood of being successful versus someone with a bunch of certifications.”

10. Remove Bias From Hiring and Promotion

“We need employers to be more creative about fostering gender equality and ending double standards during the interview process,” says Gina Yacone.

“All business leaders should undergo bias training to minimize the impact of favoritism in the hiring and promotion processes. [One] method companies should consider includes ensuring the same questions are asked of all interviewees, regardless of their age [or] gender. Studies have shown that group interviews help curtail bias during interviews as well.”

11. Be Deliberate About Diversity

“The cybersecurity industry continues to have lower diversity representation than the IT industry overall,” says Sonya Miller, HR director with IBM Security and Enterprise & Technology Security. Miller recently testified in front of Congress in favor of developing the cybersecurity workforce.

“Ensure that diversity is made a priority in hiring. Deploy programs to ensure diverse talent is given equal opportunity to develop and gain appropriate exposure for progression,” says Miller.

“Building and retaining a diverse workforce must be deliberate. The returns on business performance and innovation will follow.”

12. Stay Attentive to Bias

“It is proven that a diverse workplace contributes to the overall satisfaction of employees and, consequently, to the business results,” says Vanessa Pugliese, Latin America Marketing Leader at IBM Security.

“You want to make sure you are promoting a healthy, diverse and non-intimidating workplace. Be attentive to comments and attitudes that may sound inoffensive but can trigger a negative emotion — unconscious bias is far more common than conscious, explicit prejudice. Always make use of empathy and, should you identify [biased] behavior in your team, address it immediately.”

13. Revise Team Structures

“If you want to hire and retain diverse teams, then how you hire and structure the roles has to change,” says Beth Dunphy. “If we continue to recruit, interview and operate in the same way as we always have, then we are less likely to build diversity in our teams. Through initiatives like New Collar Worker, PTECH and Veterans hiring programs, IBM is diversifying our security teams to fill critical skills shortages and bring new perspectives.”

The Future of Cyber Is Female and Diverse

Women in cybersecurity and individuals who aspire to security careers can grow from this advice. Nothing good comes easy, including a well-paid, intellectually satisfying infosec job, but rest assured there is more than one path to that goal.

Leaders have a responsibility to create better career opportunities for women, minorities and individuals who bring a diversity of thought, experience and viewpoints to cyber teams. It’s time to fill seats with empathetic, hard-working, critical thinkers by casting a wider net for talent and creating a more level playing field to retain diverse talent.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today