In a panel at the ISC² Security Congress 2021, Sharon Smith, CISSP, Lori Ross O'Neil, CISSP, Aanchal Gupta and Meg West, M.S., CISSP, discussed the challenges and opportunities of being a woman in cybersecurity. From the factors that lead to women being underrepresented in cybersecurity to removing those barriers, the cybersecurity leaders discussed their ideas on how to bridge the gender gap in the field.

Contributing factors to the underrepresentation of women

Gupta believes that a cybersecurity awareness gap contributes to the underrepresentation of women in the field. With her background in software engineering, Gupta declined her first offer to pivot to cybersecurity, believing that she didn't possess the correct qualifications. Once she entered the field, she realized the vastness of the cybersecurity space and how people with varied skillsets thrive in the industry. Helping women understand that they don't need a cybersecurity or computer science degree to enter the field can attract more qualified women to the industry. Smith added that hiring managers should also be aware that qualified candidates exist outside of those majors.

Women looking to transition into cybersecurity mid-career can frame the change as adding cyber to their profession. O'Neil's passion is bringing cybersecurity to other disciplines — someone with an accounting or chemistry background can benefit from cybersecurity coursework in order to do their jobs safely and securely. Certifications are a great way to enter the industry, as well as seeking out online communities and information can help entering the field by immersing oneself in the cybersecurity sphere. 

How do we remove barriers from cybersecurity

Although the number of women in cybersecurity has increased over the past years, there is still a ways to go to achieve equal gender representation in the field. "We should get ahead of this problem by engaging with women and other underrepresented groups early on," said Gupta. Reaching young people with capture-the-flag style exercises, coding programs and cybersecurity information provides industry exposure at an early age and allows them to imagine what a career in cybersecurity might look like. 

Breaking down self-imposed barriers, changing a broken hiring system that relies on AI searching for keywords to select candidates and more men stepping up as allies in the field are all ideas suggested by Smith to bridge the gender gap in cybersecurity. Looking for opportunities to educate women and other underrepresented groups on cybersecurity roles can increase the amount of those groups in the field.

All women on the panel shared experiences when they were affected by sexism in the industry. West began as an associate in cybersecurity at a Fortune 100 company as the youngest and only female employee on the team. On one of her first days on the job, one of her coworkers told her that the only reason she got the job was to fill a diversity quota. West took this comment as a challenge — within about 3 years, she was promoted from being a cybersecurity associate to the Global Incident Response Manager at the age of 24. She created the role and advocated for her promotion with statistics of her accomplishments. "Just because an opportunity does not exist, that doesn't mean I can't create it myself," said West.

From constantly having to prove themselves to having simple concepts explained to them over and over, women face a very different set of obstacles when working on a cybersecurity team. O'Neil looks to amplify the voices of other people on her team — by lifting others up, she creates an environment where employees don't consistently need to advocate for themselves alone. Gupta spoke to the importance of mentorship on her career. When she doubted herself, her mentors encouraged her to go further in her career. Both industry and personal mentors can support someone looking to enter the cybersecurity field.