March 8, 2019 By Jennifer Glenn 5 min read

It’s International Women’s Day — so where are the women in cybersecurity?

Years ago, while working in product marketing for a network security vendor, I attended my employer’s big user conference to demonstrate our threat intelligence service to prospects and clients. A colleague brought over a big-name customer of another product in the portfolio, and while making introductions, my colleague — a very nice and intelligent man — introduced me as “the pretty one” on our team.

I believe this colleague meant no ill will and was not posturing. Rather, he simply defaulted to the one characteristic that differentiated me from everyone else on the team: I was the only woman.

My story here is not unique. In the years since, I’ve spoken with many female colleagues in the industry and heard a lot of similar stories. The most common thing I heard was women in technical or professional roles being asked to order and/or clean up lunch or take notes for the team. On the surface, these tasks might seem innocuous; being a team player is important. However, they are often given to women, perhaps subconsciously, because they are more “care-oriented” or associated with roles that have traditionally been filled by women.

I do think the industry has come a long way in a short time. As I’ve continued on my own security career journey, I’ve had the opportunity to work for a number of bosses, both men and women, who are very sensitive to this type of bias and do their best to curb it wherever possible. However, these situations illustrate an important point that is still relevant in the industry today: equal representation of people from diverse backgrounds, in all kinds of roles, matters.

It’s important to note that representation is imperative for everyone regardless of gender, ethnicity, religion, race or sexual orientation. However, in honor of International Women’s Day, I’d like to dig in further into why representation of women in cybersecurity is so crucial.

What Do Women Bring to Cybersecurity?

The number of women in security has risen since the incident I referenced above thanks to direct efforts by multiple women in cyber groups. However, it is still quite small: Cybersecurity Ventures predicted that women will represent only 20 percent of the global cybersecurity workforce by the end of 2019. When you consider that women make up 50 percent of the population, it’s shocking to think that so few are working in cybersecurity.

I’ve focused most of my professional life in security, so I can’t speak to other technology areas. However, I’ve always felt the security industry was much more “edgy,” more willing to rewrite the rules to get the job done well. Maybe that means we can be a catalyst for changing the balance of women in technology.

Security attacks don’t discriminate; attackers use any avenue available to reach their intended target. This includes but is not limited to: poor patch management, inadequate access controls with suppliers and social engineering of employees. To effectively combat these varied attacks, organizations must tackle threat investigation, attack mitigation and risk prevention with the same all-hands-on-deck approach.

Here are just a few of the ways women bring value to the cybersecurity field:

Diverse Skills

Finding risks and stopping threats is just one aspect of security. For cybersecurity teams to really succeed, they need members with a variety of business and nontechnical skills, including experience in business, leadership, communications and behavioral sciences such as economics. While not unique to women, an infusion of women into the cybersecurity workforce can only add to this diversity of skills.

Industry Expertise

Even though there aren’t many women working in cybersecurity, women make up a substantial piece of the general workforce. Women working in other fields such as healthcare, insurance, finance, education and retail can fortify your team by filling gaps in vertical-specific attack vectors and risk identification.

Balanced Views

If women make up 50 percent of the population, it stands to reason that your business is also selling to women. If a customer-first strategy is a pillar of your business goals — and security should be central to that — then you definitely need the perspective and balance of the people you’re selling to.

A Skills Shortage Is an Abundance for Women in Security

The cybersecurity skills shortage is well-documented. For women in cybersecurity, though, this translates to an abundance of opportunity.

IBM Security is fortunate to count among its ranks some of the top minds in the industry, many of whom are accomplished and influential women in the space. Let’s take a look at how they established themselves in cybersecurity, the work they did to develop their own careers and advance in the field, and the advice they offer to women looking to follow in their footsteps.

Limor Kessem: Build Upon Your Existing Strengths and Talents

Limor had planned to open her own clinic for naturopathic medicine. However, with her entrepreneurial spirit and an ability to translate very technical information into something easily understood and actionable, Limor’s strengths were a natural fit for a career in cybersecurity. Today, she leads the governance, risk management and compliance (GRC) processes for content at IBM Security.

Danna Pelleg: Embrace Your Passion

With a passion for psychology and fighting “bad guys,” Danna found a way to combine the two into a rewarding career in cybersecurity. Danna is a fraud specialist and security operations team lead at IBM Trusteer. She channels her passions for threat intelligence and research to deliver insights that, when translated into business terms, help clients improve cyber awareness.

Rhonda Childress: Take the Right Risks to Advance Your Career

The first woman at IBM Security to become an IBM Fellow and the first woman in IBM Services to be named an IBM Master Inventor, Rhonda Childress is no stranger to firsts. She embodies the adage that growth and comfort cannot coexist. In her 25-year career at IBM, Rhonda has had lots of opportunities to take risks to advance her career. In that time, she has submitted more than 200 patent applications and has more than 130 approved patents for inventions related to cybersecurity, the internet of things (IoT) and systems management.

Opening the Doors for Tomorrow’s Leaders

Mentoring is a common thread among all the women highlighted above. In addition to helping them learn and grow, mentoring has become an important way for these women to give back and share their skills. Programs such as IBM Cyber Day 4 Girls and Pathways in Technology Early High Schools (P-TECH) help capture the attention of young people interested in technology and cybersecurity. Others, such as the IBM Tech Re-Entry Program and the New Collar initiative, help experienced professionals apply their experience and skill sets in new ways. These programs help increase representation not only for women, but also people across various ages, ethnicities and industry experience.

Why It All Matters

There are obviously great business reasons for increasing the number of women in cybersecurity. However, as mentioned above, representation is crucial. Right now there are girls and young women — our daughters, granddaughters, sisters, nieces and friends — who are looking at the world and wondering what they can do to make it better. What better way to protect the world than with a career in cybersecurity? These girls and women need to see that it’s possible, and the only way to do that is to make it a reality right now.

More from CISO

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Boardroom cyber expertise comes under scrutiny

3 min read - Why are companies concerned about cybersecurity? Some of the main drivers are data protection, compliance, risk management and ensuring business continuity. None of these are minor issues. Then why do board members frequently keep their distance when it comes to cyber concerns?A report released last year showed that just 5% of CISOs reported directly to the CEO. This was actually down from 8% in 2022 and 11% in 2021. But even if board members don’t want to get too close…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today