top of page

Breaking Barriers Part 2: How We Can Support Women in Cybersecurity, What Progress Have We Made

This is part 2 of our #InternationalWomensDay series.


Women bring unique perspectives and diverse thinking to the field of cybersecurity, which is essential for advancing the discipline. By encouraging more women to pursue careers in cybersecurity, we can create a stronger, more diverse, and more effective workforce.

International Women's Day - Cybersecurity

We heard from women leaders from across the cybersecurity industry about what makes women so critical to advancing cyber and how the industry can support females and bring more women to the field. Nadya Duke Boone, Chief Product Officer, Huntress


“When I was first approached about the Chief Product Officer position at Huntress, I wasn’t specifically looking to get into cybersecurity. What I did know was that I wanted to be part of an organization delivering a cool product that I could be passionate about and bring value to a customer. Delivering cybersecurity to small and medium-sized businesses, who are vastly underserved, definitely fit the bill. Building our Huntress products requires not just the great product managers, engineers and designers on our team, but also the very specialized and experienced threat analysts, hunters and researchers.


I find that with the women I’m mentoring, I’m often helping them see how experiences are relevant in other fields. For example, I’ve found my experience building other deeply specialized technical products, such as products that relied on psychometrics and advanced statistical methods, has been a great start to building a strong partnership with our cybersecurity experts at Huntress. It’s nice to have my own example to point to!


For women looking to get into cybersecurity, I’d definitely encourage them to leverage transferable skills like data analysis, project management and coding. Plus, traits like curiosity, persistence, and a deep empathy for people, are incredibly valuable for hunting hackers and protecting potential victims. Depending on the part of the work that interests you, that might be enough to get your foot in the door.


For companies that are looking to add more women or other underrepresented people, definitely take a hard look at your job descriptions and hiring procedures to be sure you’re focused on what’s essential to success on day one, and what can be learned on the job. In my experience, the mindset of “we’ve always hired people who fit this criteria” can lead to a team that is too homogenous and I encourage hiring managers to ruthlessly challenge their assumptions.


I’m very proud to be contributing to cybersecurity today and celebrating Women's History Month with so many inspiring and accomplished women in the field. Fun fact: When I was in college I worked at the Women’s Resources and Research Center and was responsible for all our activities celebrating Women’s History Week. Yep, back then we just had a week, not a whole month.”

Phanneth Wood, Global Solutions Director, Deep Instinct


“The idea that bringing more cybersecurity awareness, prevention and protection to the world can make a difference in helping keep people digitally safe as our web-based lives continue to expand.


I didn’t know I wanted to be in security until I got here! I started my “career” post-college thinking I would be a financial advisor. I was working as a lender for a financial institution before the collapse of the housing market leading up to 2007 which changed the trajectory of my career and led me to a position with an IT Distributor's Security division. I found that I excelled in the areas of leadership, strategic sales, sales ops and running cybersecurity vendor programs. Doors open when you expand your aperture. I can geek out on security stats and products and help people and companies as much as I could have in the financial sector.


Early in my career, I would be asked if I would take notes in a meeting. But I always come to the boardroom prepared. Having done my research and gathered data on the meeting's topic, I would not be afraid to question what is working and what is not working. When addressing what is not working, be sure to always have suggestions to improve the issue and be ready to take point on the task of working to make it better. Don’t let other people tell you the assumed “role” you play based on gender. Since then, I’ve been fortunate to have leaders support me without my gender being a factor. On great teams where everyone has a seat at the table, a teammate's gender is neutral.


My advice to everyone is: Don’t box yourself in or box yourself out. Don’t assume there is anything you can’t do.Don’t be afraid to apply for the job you think someone else might do better than you and get out of your own way! Go for it! Find a mentor who has overcome similar obstacles, make sure your performance and work ethic demonstrate persistence and perseverance, learn the technology and highlight your experience and expertise.”


Heelee Kriesler, VP of Customer Success, Checkmarx

"Promoting diversity in general is certainly not easy and in the tech industry it is very difficult. In terms of what businesses can do to promote diversity in the security industry, the common answer is that the low representation of women is driven from the lack of women applicants/candidates for the relevant positions. While this is true, it can be changed.


In my experience, I believe that two elements will always inspire and drive diversity:


Tone at the top – If you are a business leader that understands the importance of diversity to the business success of your company, don’t just talk the talk, walk the walk. Make a conscious effort to diversify your leadership team. You will have to be highly intentional about it, and many times you will have to work harder to find the perfect fit, but it will be worth it.


Mentorship Programs – Launch mentorship programs where senior executives will mentor mid-level female employees, and help them navigate the various challenges they are facing. It will be a lot easier for women to make their way up the corporate ladder and bring others with them if they have an adequate support system in place.”

Aurelie Guerrieri, CMO, DataDome

“Generally speaking, what’s great about the cybersecurity industry is that by its very nature, it is open to diversity of thought. There is no school or degree to become a cyberattacker. Likewise, the best cybersecurity experts come from a variety of backgrounds and bring creative perspectives to anticipate threats and outsmart bad actors.

Relatedly, I have great admiration for female CISOs and CTOs. Not only have they had to break through the glass ceiling, but they also employ the full spectrum of hard and soft skills – creativity, caring, strategic thinking, etc. – to address a threat that is amorphous, extremely fast-moving, sophisticated and distributed. These women are true warriors!

Cybersecurity is also a broad, high growth field, creating lots of job opportunities. You don’t need to be a “techie” in order to succeed; there are jobs for everyone, from finance, business operations, marketing, sales, customer service, and so forth. This opens up the door to so many different types of people.

Speaking of hyper growth, this is one of the reasons why I entered cybersecurity. I very much enjoy working in growth industries. Unfortunately for the world, the cyber threat landscape won’t be shrinking any time soon. It’s an ideal industry to join and help scale.

What’s more, our clients’ customers are very diverse, often representing a significant percentage of women, particularly in the e-commerce, media, ticketing and travel industries. I’m very proud to help make the internet a safer place for everyone to shop.

As a leader of a hypergrowth company with an amazing culture (don’t take my word for it, check out our Great Place to Work rankings), what’s top of mind for me is how to we keep and enrich that culture as we scale, particularly in a remote-first or remote-friendly environment. Making culture a mandate and establishing cadences, processes, and KPIs ensures that DEI remains woven in the fabric of our company, even as we add diverse talent around the world.”


Jillian Belles, VP at Thales with a public sector focus

“When I first entered the workforce, there were very few job opportunities for women within the tech field. I found my calling and have been in the industry for about 28 years now. Women are beginning to break into a greater variety of roles within the tech industry, however the progress is slower than I would like to see. There are more women going into Technical Sales positions and Sales Engineering roles, but the ratio is still very low, and within leadership, this gap widens. Although there has been improvement over the last decade, there is still a long way to go to overcome stereotypes and unconscious gender bias.

Companies, as well as the tech industry in general, have an obligation to continue to do a better job with their outreach to young girls with community STEM programs to pique their interest early on. They need to continue to offer workforce education and mentoring programs and provide more opportunity for women to excel in all aspects of the industry.”


Lorri Janssen-Anessi Director, Director of External Cyber Assessments, BlueVoyant


“I began my career serving in the US Air Force as a technical language analyst working on one of the US government’s highest priority missions, counter-terrorism, after 9/11. As national priorities evolved and cyber attacks became more pervasive, I was called to work in the Cyber Security Mission at the National Security Agency, an organization that was truly a pioneer in the field of cybersecurity.


Finding this new field to be extremely rewarding, it kick-started my passion for all things technology and cyber related. As a result, I enrolled into the master of Electrical and Computer Engineering program at the Naval Postgraduate School.


My experience highlighted the need to foster passion and interest in STEM for both women and the next generation which were and continue to be grossly underrepresented in this field. Although my path to cybersecurity was non-traditional, I found that my diverse experiences and career opportunities have contributed to my success as I continue to challenge perspectives in the cybersecurity field and consistently seek out innovation.


In an effort to help promote diversity in the security industry, it is critical to ensure that there is cross-functional recruitment and teaming to achieve the most successful outcomes. A key part of this is ensuring there is a cross-representation of perspectives. Different skill sets, sector experience, cultures, and gender all facilitate removing bias that individuals may or may not have from their traditional roles or jobs. Bringing this diversity together will challenge the hypotheses and goals that the team has and will most likely drive a more comprehensive result, product, or service. I have experienced this firsthand.


When you have a team lacking in diversity, the results are not necessarily poor – but they are usually one-dimensional. Cybersecurity is more effective when played as a team sport.


Some of the misconceptions surrounding diversity in the security industry are that you must be highly technical to have an impact or that you must have many years of experience. These ideas are simply not true. The cybersecurity industry needs background knowledge from all kinds of fields. To the end, threat/cyber actors are people. Their behaviors and techniques come from their own knowledge and experiences. Threat actors’ targets include all sectors and differ in complexity. In order to be on equal footing, it's imperative that cybersecurity teams leverage all kinds of experiences and challenge problem sets with fresh perspectives. This will naturally foster and drive innovation.


Sadly, this doesn’t surprise me that women represent 24% of the cyber workforce globally. In any field, people want to see their own characteristics and attributes represented in the current structure of an organization. They want to be able to see clear growth and career paths that are realistic and achievable. When you look at the majority of achievements there is a homogeneous representation of leaders at the highest levels of cybersecurity. It is changing, but slowly and definitely not equitably. The fact is there are many women that have been historically foundational in the fields of cybersecurity and STEM. I think that perhaps changing the narrative to highlight those successes more often and more explicitly will pave a way for women and minorities in younger generations to be motivated to pursue opportunities in cyber. Breaking down barriers, and clearly defining what is needed to be successful in a career in cybersecurity will also encourage a more diverse applicant pool.


My advice is that it is important for individuals to find something they are passionate about, then learn and continue to grow in their knowledge of that “thing”. Expertise will always breed confidence. If you know what you are talking about and have built up your subject matter expertise, the composition of the people around you won’t always matter. You will be able to drive innovation and successful outcomes. Don’t be afraid to be heard, use your voice, and share your knowledge and opinion. Also, apply to positions that scare you. Human nature makes us question our capabilities and abilities, but if you are offered an opportunity and you don’t feel quite ‘enough’ my advice is take it anyway. You will learn, challenge yourself, and grow. Your teammates will reap the benefits of that growth and encourage everyone to grow together. “


Mona Ghadiri, Director of Product Management, BlueVoyant


Despite starting my career as a process engineer/project engineer, I wanted to get into software project management and move out of plastics manufacturing. At the time, I had applied to work for a company called Trusted Computer Solutions, which is in the University of Illinois Research Park in their startup incubator space. As you may guess from the name, the name really gave me very little indication of what exactly they did. It didn’t stop me, and in a lot of ways, I’m glad I went in with an open mind about software design and engineering instead of thinking that I wasn’t competent enough.


Once I started learning about Linux and network security, and I realized the commercial cloud was just picking up steam, I got hooked. I knew I had to be part of product development and designing the ways security teams were fighting (and keeping out) the bad guys during this age of digital transformation unseen in our collective histories. I had the honor of working on tools and systems that protected warfighter counterterrorism missions and safeguarded protected intelligence information early in my career, so doing something meaningful was my other inspiration to enter and remain in the security industry.


A career in security was not planned but I couldn’t be more grateful that I found my way regardless. My path largely shifted because I felt I hit the glass ceiling in manufacturing. I started getting into six sigma and quality assurance and realized the same things need to be in software. Then I learned about Agile, and software development felt like more of an open world with more options for me, and that’s what changed my direction. After getting into software project management, my path shifted slightly from agile project management to product management, but overall I can’t see myself not doing cybersecurity something for the rest of my life.


To promote diversity in the security industry, business leaders should look in nontraditional places and partner with national or local affinity groups and organizations. Undergrads through PhD graduates in social sciences are my personal treasure trove. I also have a lot of respect for retraining programs. We all have the skills to identify patterns, do semantic analysis, and often just really want a chance.


When thinking about diversity in the security industry I consider socio-economic diversity or age – did you grow up with a computer in your house? Did you learn how to type in school? The answers vary widely and that diversity is what we need to be talking about. BlueVoyant supports a STEM program in Baltimore every year to bring coding to students who wouldn’t have otherwise been exposed to it. I was lucky, my dad taught classes on or about computers, and we always had them around when I was younger. I think about what difference that has made in my life, and I want that for others.


There probably isn’t a single woman out there who hasn’t felt like their gender has been challenged in their career. It was hard to figure out what was because I was young and thought I knew a lot of stuff and what really was because I am a woman. I don’t think I can separate out what challenges were because of what factors; the reality was it was hardest to find others who were like me in the meetings I was in, or at conferences I attended. I was just at Microsoft BlueHat 2023 and the gender split was such that every time I went into the bathroom, there was another woman in there! Veteran cyber ladies will know what I mean. I can’t think of a single conference I’ve ever been to that was like that. For example, 7 years ago, for example, at AWS Reinvent, I couldn’t say that.


I’m not particularly surprised that Forrester’s report cites women as 24% of the cyber workforce globally. However, I am more curious about what Forrester thinks the projections will be 5 years from now and for us to discuss whether that is satisfactory progress."


###

Comments


bottom of page