Cybersecurity Still Struggles to Retain and Elevate Women…Why?
“Since co-founding Brinqa 17 years ago, the biggest lesson I have been taught is that talent is the hardest asset to build and the easiest to lose.
Breaches Up, Number of Victims Down, Impact Stronger
“Since co-founding Brinqa 17 years ago, the biggest lesson I have been taught is that talent is the hardest asset to build and the easiest to lose. In the early days of starting a business, every hire shapes not only the product but the culture and long-term trajectory of the organization,” says Hilda Perez, president and founder of Bringa. “In the cybersecurity industry, particularly, an industry-wide challenge has been made clear: Cybersecurity is not struggling to bring women into the field nearly as much as it is struggling to keep them,” she says.And, she’s right. After all these years, women make up just 22% of the security workforce, according to research from ISC(2), with just 7% holding senior roles, a sad assessment as International Women’s Day approaches. Perez says the drop off occurs in mid-career, “just as experience should be launching women into leadership roles, not shutting them out. From a business perspective, that is more than a representation gap. It is a loss of expertise at a time when the industry can least afford it.”And, now, more than ever, when threats are on the rise, the window between vulnerability disclosure and mitigation is narrowing, and AI and quantum are changing the face of security, that loss of expertise is more acute…and less acceptable.“Cybersecurity does not lack capable women; it needs to do a better job ensuring they stay long enough to lead,” says Perez.For Diane Downie, senior software architect at Black Duck, success in part has come from collaboration, which just happens to be the theme of this year’s International Women’s Day, “Give to Gain.” focuses on the benefits of collaboration. “I have always believed in the power of collaboration to achieve greater things than an individual could achieve on her own. Whether it’s solving a business problem or navigating your career, it’s good to share advice and ideas,” she says. “The community of women has benefited me and continues to support me in my career.” Because she entered the tech field in the early 1990s “without the narrative that women were rare in IT leadership,” Diana Kelley, CISO at Noma Security, says she benefited from a female mentor who “saw potential in me long before I saw it in myself and encouraged me to shift from editorial into IT.” Her mentor’s boss, a female CIO, was also supportive. “Because of that early experience, I assumed women in leadership was normal rather than exceptional, and that assumption shaped how I showed up,” says Kelley. But Kelley came to see that her experience might be unique. “Over time, I realized strong female IT leaders were not the norm everywhere,” a realization that “reinforced why building concrete stairs, structured mentorship, sponsorship, and intentional career pathways, is both powerful and necessary.”The industry needs “systems that help people move up, not just moments that celebrate them once they arrive,” she says. In cybersecurity, bias still creeps up in ways people may not anticipate or intend. “Assumptions about technical credibility, questions about dedication, or overlooking someone for critical opportunities can quietly shape careers,” says Kelley. Teresa Rothaar, senior GRC analyst at Keeper Security says, “The workplace culture in many cybersecurity environments can be unwelcoming to women, with issues such as gender bias, lack of recognition and sometimes a hostile work environment hindering their progress and retention in the field.” And, unfortunately and discouragingly, “gender pay gaps persist in cybersecurity, with women often earning less than their male counterparts for similar roles, a disparity that is particularly pronounced in tech fields,” she says.Despite the slow going, the industry has made meaningful progress. “As more women have advanced into leadership and deeply technical roles, long-held assumptions have been disproven through performance, results, and resilience,” she says, advocating for the continued removal of structural barriers that can impede progress. “Creating processes that consistently surface and support diverse talent, ensuring mentorship and sponsorship programs are real and resourced, and building cultures where people are evaluated by their contributions, impact, and potential, not by outdated stereotypes,” says Kelley. A mid-career cybersecurity professional woman “can break down barriers by using influence within their scope of control,” says Karin Olivo, assessment lead at Fenix24. They must advocate for equitable pay and objective performance evaluations “by bringing metric-driven data into compensation and promotion discussions,” she says, as well as “push for diverse candidates and standardized hiring criteria. Look to serve on panels where advancement decisions are made.”And start them young, encouraging not only college students but high schoolers and younger to consider careers in cybersecurity and to sharpen their coding skills. “Exposing this next generation to our purpose (fighting bad actors) and the interesting and challenging work that exists in cyber may give them ideas that they never even considered from a career perspective, says Kate Terrell, chief human resources officer at Menlo Security.
About Author
