The shortage of women in tech is especially pronounced within the field of CybersecurityFeatured

Why do you think women should choose careers in cybersecurity?The shortage of women in tech is especially pronounced within the field of Cybersecurity. I’ve experienced this firsthand through my career as both a consultant and engineer. I’ve wondered why so few women go into the field considering Cybersecurity affects everyone and arguably has a more negatively impact on women than men. Women I discuss the topic with often tell me “it’s too hard”, or “it’s not relevant to me” or that they don’t relate to the [incorrect] stereotype that they need to be socially inept and live in their mother’s basement. At the risk of sounding like Morpheus from The Matrix, “Cyber” surrounds every one of us. It connects everything to everything else. Analysts at Gartner estimate that there will be over 12 billion consumer Internet of Things (IoT) devices (wearables, “smart” appliances, etc.) in 2020. These devices connect to other devices, and still more devices store all the data created by these IoT devices. When you leave your house, your car is connected to the internet. Go to a checkup and your doctor uses a laptop to update your health information during your appointment, which is connected to the office WiFi and contains a camera. Chances are you will be faced with the results of poor Cybersecurity implementation; perhaps your credit card information or identity is stolen, maybe the company that holds your medical records is hacked, or maybe it’s your email and cloud photo storage service. Or you may be a startup company and a disgruntled employee is looking to sell off your proprietary software code. The argument that “it’s not relevant” is far from reality. There will be a projected 3.5 million Cybersecurity jobs available in 2021 and women make up an estimated 20% of the current workforce. Cybersecurity jobs are not just extreme coding a la “Mr. Robot”, but since cyber interacts with nearly everything in nearly every industry, diversity of backgrounds and experiences give you a big advantage in the field and can be applied in many different types of roles. The argument that Cybersecurity is “too hard” is tough to defend when you can apply your existing skillset in a Cybersecurity context (e.g. as an auditor seeing uncommon actions, or within finance seeing transactions that shouldn’t be occurring, within HR it’s securely managing employee personnel information or as a hospital administrator understanding HIPAA requirements).People often choose to move into the field for job security, high compensation, or for a new challenge. Cyberseek has identified networking, software development, system engineering, financial and risk management and security intelligence as the most common “feeder roles” into Cybersecurity. Your skills from these backgrounds can be applied to secure hardware and software design, industrial infrastructure security (utilities such as telecommunications, water, oil and gas, etc.), IT and data information management, cyber law, risk and financial management and even psychological and military cyberwarfare.Even if you are not looking for a career change, adding an understanding of Cybersecurity to your list of skills is invaluable for your professional career and personal life. Whether you choose to take an introductory online course, or learn and apply secure coding methodologies to your existing software builds, you’re developing competency in during a time when companies have the pressure to ensure they are “cyber secure”.And if you do decide to enter the field, you get to work with some seriously cool and smart women.https://www.wicys.orghttps://www.cyberseek.org is a Cybersecurity advisor supporting Federal Government, military and Fortune 500 companies. A CISSP with a background in technology management and a MS in computer science. Cyberwarrior.
I have always been interested in cybersecurity, would love to attend the Diana Initiative conference one day!
Thanks for this post. I've been interested in Cybersecurity recently and trying to get my feet wet in the field. Are there any readings or online courses in particular that you recommend @MayDay?Also, for those interested in this subject -- I loved Emily Chang's recent op-ed which argues that we need to start thinking about digital privacy and cybersecurity as women's issues:
On my reading list is “The Smart Girl’s Guide to Privacy” by Violet Blue. I am curious on her advice on navigating this topic. As far a courses go, I like to recommend any that cover a broad understanding of Cybersecurity (i.e. not throwing you in to hacking tools or crypto with no background). The courses on cybrary allow you to search for beginner level courses on this (what is Security, security engineering principles), and I’ve heard many people give it positive reviews for ability to follow and understand. Ted Talks on ‘cyber’ are a good way to hear about different aspects of Cybersecurity (hackers, cybercrime etc.). YouTube channels: Infosec, Virginia Cyber RangePodcasts: Security Now, Command Line HeroBlog: Krebs on Security
Incredibly helpful list. Thanks for taking the time to reply so thoughtfully! Planning to dig in with the resources you mentioned this weekend :)
I want to advance in this field, currently going through the CISSP course on cybrary, but i need a pointer, a guide, a mentor so that i don't derail.
Check out they have a good tool that shows pathways to take your cyber career and info about salaries, education/skill sets most requested for each job. There’s also a map that shows area of the US where they are most in demand/shortage. For mentorship- there are a few organizations that have formalized programs:Executive Women’s Forum (pairs junior women with senior women)Women in Cybersecurity (WiCyS) (theirs is to be launched this year)Another idea would be to reach and join an organization, many have junior/student memberships:ISSAISC2Women’s Society of Cyberjutsu
LOVE this plea to get more women into cybersecurity. For me at least, there is a daunting amount of things to learn and so many folks who have been at it longer that sometimes it makes me feel like I am an imposter in this space - even though I've been working in it for nearly 5+ years. Attending conferences like defcon and going to the noob sessions have been great to help me feel like I have a community, but being the only woman at my startup demonstrates the shortage you've alluded to and importance of bringing more women into the field!
I am trying to hire more women (our first hire was female, and I found her), but I practically have to sit on !male people that I know to get them to apply. Also, I've been working in this space for 30 years, and IME, you never stop feeling like an imposter, but you can become comfortable with the feeling, over time. Remember that we are on the bleeding edge of what is going on in the world and often find ourselves dealing with things that have never existed before. Each challenge requires us to come up with a valid test plan on the fly for every new idea that gets dreamed up by devs and devopses. It's a never ending stream of failures and despairs, and it's very easy to overlook all the bad stuff that didn't happen because of the work you've done.Though sometimes I've seen what some sites have become and I regret testing them a decade ago. Nothing I can do about that, now, though.
Yes! I am far too often the only female or the only non-secretary female in the room. Finding that supportive community has shown me that while I am the only one present at the moment, I am not the only one in the field. I have always felt that everyone knows way more than me (most folks I work with have 10+ years on me), and I try to think of it as 1) everyone else also felt this way when they started 2) in this field everyone is constantly learning because it changes so quickly 3) no one knows it all, if so, they are pretending they do ;)
I'm currently fighting hard trying to stay in the cybersecurity field, but I'm having a time getting past the door.
Hit me on LinkedIn if you are open to discussing!
I run a computational cybersecurity/threat intelligence company and I'm always hiring full stack developers, deployment/customer success reps with IT backgrounds, data scientists and sales. Must be a US citizen, able to pass security clearance, and work here in DC.
This is such an excellent post. It was particularly insightful for me as a young woman, with a start-up called 3A Security (, that I hope will expand into a much larger cybersecurity-focused business. I completely agree with the things mentioned above- and the statistics puts everything in so much perspective. From experience, it is really intimidating at first as most mentors I've been assigned have been older, white men, and a lot of the discussions I'm having have been with and in front of men. As someone who is a lot younger and also a female with limited help from other women in the specific field of cybersecurity, it's been difficult to be taken seriously! It would be amazing to get to work with "seriously cool and smart women". So thank you for the links you provided! 🤞🏽
My Masters is in Information Security, but I've never felt confident enough that I know any of the technical side of it - especially since I got my Masters 7 years ago and times have changed! And most of the cybersecurity/InfoSec positions within my company require some of that technical knowledge, so it's a barrier for me to even apply for those positions.I love the human side of cybersecurity, as in social engineering and human behavior but I don't even know where to start professionally being able to dive into that. Any advice?
The social engineering and security usability aspects are super important- it’s essentially a company’s first line of defense. For some inspiration, check out Kevin Mitnick’s The Art of Deception (written way way back in 2003), and any of the work done by Dr. Lorrie Cranor. She founded Wombat Security which focuses on security awareness and training. And if you want to test out your skills and meet others with this interest, DEF CON hosts a Social Engineering Village and CTF totally focused on this skill.
Part 2: my favorite story out of DEFCON is how one guy meet his future wife there- she socially engineered him on the ‘hack the badge’ competition.
Yes! Great post. I've been in Cybersecurity for almost 5 years, and although I am in a job I love now, the initial transition into security was not easy. Despite having 15 years of IT experience, I jumped into Infosec laterally and did not fully understand the breadth of what I was expected to know and do. That led to major imposter syndrome, a huge drop in my confidence, and I ultimately left that position feeling horribly unsupported and demoralized. Enter my next job (where I currently am) and my confidence has built back up because I feel supported and respected. It is a complete 180, and so much of it had to do with finding a good fit, and a having a mentor or boss that can help you find your footing and recognise your strengths. That, and having a community to turn to, via meetups, or even on Reddit or Slack (or here!). Of course, this is important in any field, but Cybersecurity is kind of crazy in that there are infinite paths you can take (any one of which could take years to fully master) and that can feel very overwhelming to a newcomer. This is like saying you work in "the medical industry", where you are simultaneously a lab tech, radiologist, researcher, surgeon, and an EMT. However, it is BECAUSE of this breadth that I really feel there is a place for EVERYONE in Cybersecurity, no matter your interest or past experience. It is hard to know where to start, but finding something you are naturally interested in, or thinking of something you're already good at, is a perfect seed from which to grow your skills. I'm happy to be a resource for beginners or anyone interested in the field not knowing where to start!
Yes! I love the analogy of “the medical industry” it’s totally true. What’s important is that everyone coming into this field has a different background, different perspectives and different experiences and honestly you need that because the ‘cyber world’ is not one dimensional and simple.
Great post! Thanks for writing it up. Would love, love, love to see more women in cybersecurity!I've been in the information security industry for 10+ years, and think its great (I just love it though!) but can be really tough as a woman. I've worked in incident response, corporate security, and just about all facets of security for a cloud company at one point. I currently run the Red Team (emulating hacker threats against the company) at Atlassian and it is a massively fun job. For anyone who is looking to stay in cyber, move into cyber, or advance their career in cyber just a call out that we have jobs open across all areas of security including production security/engineering, corporate security, ecosystem security (marketplace), incident response (security intelligence), offensive security (Red Team!), and more. They range in experience levels from intern to manager so no matter your experience level, we are looking to hire! It's one of the best companies I've worked for in terms of values and culture and is highly supportive of inclusiveness in the workplace. I'm also open to setting up some mentoring groups possibly in the future. You can message me on linked in if you would like more information about jobs or mentoring! Wishing the best of luck to all you cyber warriors XD
I feel this. I'm currently a manager for the Product Design team at Cloudflare. We've made strides recently on my immediate team, 4 womxn joined the past 2 months! But the co as a whole is very male dominated.
I've been trying for 3 years to get any job in the industry. IT, Help Desk, or otherwise, to no avail.When they start mentoring people, when they start accepting that the shortage will continue until they hire willing people and train then up, maybe they'll solve the problem.Not everyone in IT is fit to be in Cyber - I find the pressure to be almost panic attack inducing at this point in my life - but they are dooming themselves.
Agreed on needing to invest and being willing to train people - seemingly at odds with startup life of moving fast... We are trying it out with an intern to see how it impacts the team and if we can still hit deadlines. Let's see what happens.