October is Cybersecurity Awareness Month, and there’s no better time for women to start gaining and leveraging that awareness. Because of the massive shortage of cybersecurity professionals today, it’s more critical than ever for historically underrepresented demographics to help fill the need.
According to Cybersecurity Ventures, there will be up to 3.5 million job openings by 2021. Meanwhile, women make up only 20% of the cybersecurity workforce. While that’s up from a mere 11% in 2013, there’s still a lot of opportunity to be seized in cybersecurity careers.
Being a trailblazer isn’t without its challenges, but according to the female cybersecurity professionals I speak with below, women are up to the task.
Why Is It Important To Close The Cybersecurity Gender Gap?
First of all, it’s important to have clarity on why this matters, because it’s more complex than hiring more women just to bump up the percentages. “The argument in favor of greater gender equality in cybersecurity is really not one of right vs. wrong or men vs. women,” says Priscilla Moriuchi, Director of Strategic Threat Development at Recorded Future. “Rather, it’s that having more women in the workplace is good for business. Diversity in perspectives, leadership, and experience is good for business.”
While that statement can apply to any role at a company, it is particularly relevant in the cybersecurity space. “We need people with disparate backgrounds because the people we are pursuing, (threat actors, hackers, ‘bad guys’) also have a wide variety of backgrounds and experiences,” Moriuchi explains. “The wider variety of people and experience we have defending our networks, the better our chances of success.
Plus, as the introduction touched on, cybersecurity has a real numbers problem right now. Because there are so many empty jobs, it’s ultimately detrimental for a factor like gender to narrow the pool of people pursuing the field. “The demand for capable, knowledgeable, hard-working security professionals is so high and the threat to innocent people and critical networks so broad that both women and men can have impactful, rewarding careers in this field,” concludes Moriuchi.
The Challenges Facing Women In Cybersecurity
First and foremost, cybersecurity (and tech in general) still has something of a perception problem. “Women often don’t see tech or security as viable career paths because they’re often considered masculine professions,” says Jessica Ortega of SiteLock.
Unfortunately, this point of view is often ingrained young. “The message is sent to women from an early age that men are good at STEM and women are not,” adds Rose Elliott, senior director of product engineering of Tenable.io.
And it’s a perception reinforced when women who pursue tech careers do, indeed, turn out to be the only one in the room. “In almost every engineering team I’ve been a part of, I’ve been one of one or two women,” says Elliott. “The lack of gender diversity is definitely apparent, especially when you attend events, such as RSA or Black Hat, and men make up the vast majority of attendees.”
When this happens, work culture can get stuck in a self-perpetuating cycle of unconscious bias. “Throughout my career I’ve noticed that women have to push a little harder for opportunities and recognition,” says Elliott. “Part of the reason behind this is that people, consciously or not, tend to hire and promote people who are like them. Women shouldn’t feel intimidated, but that’s often their reality in the industry.”
These problems are difficult to fix because they’re subtle and pervasive: issues wrapped up in culture and education. “At the end of the day, the only way to change the industry is for more women to get in and break down those barriers,” says Elliott.
And that’s exactly what they’re doing.
Why These Women Love Their Cybersec Jobs
While job enjoyment is a deeply individual thing, here’s why surmounting the challenges was (and is) worth it to these women.
“At its core, cybersecurity is about protecting people from harm and, when someone is victimized, discovering who did it,” says Moriuchi. “I enjoy protecting people from harm, pursuing bad actors, and continuously learning. I love my job.”
Pavi Ramamurthy, who has been in the security industry for 15 years, loves the day-to-day of cybersecurity work as well. “I love building a wide variety of security programs, or just being in the thick of a security incident and driving the incident response process. Each comes with its own set of excitement and challenges. It’s fulfilling to brainstorm with my team on ways to improve, and also keep up-to-date on security news, professionals and new technologies.”
Maggie McDaniel, Director of Finished Intelligence at Recorded Future, changed to cybersecurity mid-career and enjoys seeing the impact of her work.”I could have stayed where I was, delivering the same thing everyday, or I could go somewhere challenging and effect change,” she says. “The fast-paced environment keeps me on my toes and keeps my career interesting.”
Ortega, meanwhile, highlights the flexibility often featured in these roles. “Many tech companies now offer self-paced training, self-study certifications, and the opportunity to work remotely, making cybersecurity one of the best career paths for anyone who prioritizes work-life balance.”
Tips For Women Entering Cybersecurity
If you’re a woman looking to change careers into cybersecurity, there are a few things you can to do be better prepared.
1. Don’t be intimidated, and take chances.
“Taking chances and demanding respect in a male dominated field is absolutely necessary in order to gain the experience and knowledge needed to be successful,” says Ortega. “It’s no secret that tech is a male-dominated field often rife with detractors questioning whether or not women belong. I had to apply and fight for several positions multiple times in order work my way up to being a security analyst.”
If you catch yourself feeling intimidated, Ortega says, remember: “Security doesn’t require innate magical abilities. You can learn everything you need to know to succeed. Don’t be afraid to fight for what you want.”
2. Network and find mentors.
Once you’ve done initial preparation with reading and online courses, Elliott advises to start making connections. “Go to meetups and meet people who are in the industry. Join a group like Women in CyberSecurity (WyCyS) or Women in Technology International (WITI) and, of course, attend conferences.”
Finding a mentor is one step that can make a world of difference. “Reach out to someone who is in the industry, ideally a thought leader, and seek out mentorship,” says Elliott. “I’ve been extremely lucky to have mentors, both male and female, who provide guidance, answer questions and point me in the right direction.”
Ortega agrees: “A good mentor can provide invaluable advice on how to find your place in cybersecurity and facilitate networking opportunities. Ideally, find a woman cybersecurity professional that can teach you the ropes and most importantly, learn from her mistakes. There is strength in numbers. However, don’t be afraid to take advice from a male cybersecurity professional either. There are a lot of experts out there and a lot of knowledge available to leverage.”
3. Look for internal opportunities first.
There might not be a need to hop to a different company when you make your career change. “The best place to start is within your current company,” Ramamurthy says. “I would strongly encourage liaising with your own security team. There are so many opportunities in areas like security awareness and training, security program management, incident response, and tech writing, just to name a few.”
If there’s a gap that needs to be filled in your company’s security team, you might be able to combine self-teaching and on-the-job training to land yourself a new role.
4. Act with confidence.
This is often the most difficult tip for women to implement, especially if they’re feeling outnumbered or ignored. “I had heard a lot about women not feeling heard in meetings, but the first time it happened to me, my jaw nearly hit the floor,” says Elliott. “I thought, ‘Oh, this is what they’re talking about.’ I even approached the man who was leading the meeting afterward. But it happened again the next day. It’s terrible that this is just something you have to get used to, but I’ve learned to voice my opinion and feel confident about it.”
The trick? Speaking and acting decisively, even when you don’t necessarily feel that way. “Many women tend to speak less confidently if they’re not 100 percent certain of what they’re saying, while men speak with confidence even if they are relatively uncertain,” says Elliot. “I actually received an essential piece of feedback from a former male manager/mentor: when you feel strongly, push hard, because your intuition is usually spot-on.”
5. Embrace learning.
As with any career, cybersecurity is a learning journey. “I don’t believe anyone need be intimidated by this field, but you also shouldn’t expect to be an expert from the get-go,” says McDaniel. “We all have something new to learn, and there is room in this field for deep technical expertise, generalists, and managers. Every day there is a new challenge and a chance to learn something.”
So, is cybersecurity for you? Moriuchi has the answer: “This job is for anyone who is intellectually curious, willing to think unconventionally and engage in a lifetime of learning.”