Blog
Tips for Building a Career in Cybersecurity from Women Who've Been There
On March 8, 2021, in celebration of International Women’s Day, five accomplished female security professionals met for a wide-ranging and spirited panel discussion on how to encourage more women to join the cybersecurity field, and provided highlights from their own journeys in the profession.
The panel was moderated by Sharon Smith , CISSP, cybersecurity strategy and advisory consultant, and included the following security industry leaders:
- Clar Rosso , CEO, (ISC)²
- Aanchal Gupta , CISSP, vice president of Azure Security, Microsoft
- Lori Ross O’Neil , CISSP, senior ICS cyber security researcher & project manager, Pacific Northwest National Laboratory, vice chairperson, (ISC)² Board of Directors
- Megan Hargrove , CISSP, cyber security incident response manager, Tech Data
Today, roughly 25% of cybersecurity professionals globally are women, and on average, women make $15,500 less than their male counterparts globally, according to the 2020 (ISC)² Cybersecurity Workforce Study. While it’s worth listening to the entire discussion, we wanted to highlight some of the practical advice that was shared and strategies women can employ today to continue to make strides in cybersecurity.
You already have the skills and the talent to try to tackle cybersecurity
While the panelists took different paths to their careers, all of them highlighted the need to “demystify” the field when they were asked how to get started in cybersecurity. Smith encouraged women to look beyond job titles, noting that “Cyber is not just IT. Candidates should look at the skills that are listed as needed and translate what they already have into cyber.” Skills in risk management, analytics and communication can be just as important as technical ones.
The candidates highlighted existing skills again when asked about the importance of getting STEM degrees. While these degrees are important, not everyone can afford them so it’s important to look at what skill sets candidates do have, and it’s important that the cybersecurity industry start to embrace “soft” and non-technical skills. Rosso recommended that women “dig below the surface into the categories in the cybersecurity common body of knowledge,” noting that it’s “very broad and ready to be inclusive of people from different educational backgrounds,” adding another layer of diversity to the industry.
Hargrove took this one step further, offering this practical advice for women applying to cybersecurity jobs: Print out the job description, look at the words and skills the interviewer is looking for and rewrite your current resume to highlight where you already have those skills.
Say yes to everything
Many of the panelists referenced studies that show how women are less aggressive than men in applying for jobs and asking for more money, and how confidence is extremely important in making it in the field. Gupta described how her own internal barriers almost caused her to forgo a cybersecurity career. A mentor had recommended that she apply for a job, but she looked at the job description, decided she didn’t have the skills and said no. “You don’t have to meet every requirement,” she said, “Give yourself the freedom to explore what you’re interested in and don’t put yourself in a box.”
“When everyone else thinks you’re qualified and ready, you’re ready,” added O’Neil. “Try everything.”
Smith added, “Sometimes you have to take the leap and build your wings on the way down. You will figure it out as you go and knowing what you don’t like is just as important as what you do.”
Create your own path
Many of the panelists discussed what Rosso called the “you can’t be what you can’t see” problem. When women don’t see a lot of diversity at the senior levels of their companies, they don’t believe that those jobs are for them.
Hargrove described carving out a role for herself in incident response that hadn’t existed before at her own company. She realized that she was gravitating toward fixing certain problems and that it would be valuable to the company to have a dedicated resource in that role. “Create your own path and be persistent,” she said. “Insert yourself into areas that you are passionate about.”
“Take your seat at the table and physically raise your hand,” added O”Neil. “Be seen and be sure to amplify others. Ask questions and speak up. This helps create dialogue.”
Lift up others
All of the panelists highlighted the importance of mentorship, but many pointed out that this doesn’t necessarily have to mean a formal training program that could potentially scare off people already loaded with responsibilities. These can be regular 1:1s and sync ups with colleagues to bounce around ideas, as well as meeting people through networking groups specifically geared towards women or cybersecurity professionals. As Gupta quipped about one of her less formal resources, “I don’t think he even knew he was my mentor.”
The panelists also discussed the importance of amplifying the voices of other women and minorities within the workplace, and to really explore the promotion gap internally, making sure to share good practices around recruiting and biases in hiring and promotion. Gupta also noted the importance of getting more women on boards and seated throughout organizations.
Recognize that diversity makes us stronger
All of the panelists shared that they believed that more diverse teams are what is needed to tackle really complex cybersecurity issues and they ended by sharing some specific areas the industry can tackle right now.
O’Neill recommended that we do more outreach to women and suggested that women introduce “cyber to something else you already do” to help demystify the industry for others.
Smith talked about the importance of creating early awareness of careers in cybersecurity with kids and with their educators because they can be hugely influential.
Gupta and Hargrove shared a number of free resources and networking groups that women can participate in today, and Rosso ended with the reminder to “Lift as you climb and think about who else you can help along the way. “
You can still register to watch the full webinar episode playback here: https://www.isc2.org/en/News-and-Events/Webinars/ThinkTank?commid=470265