Women have long played important roles in cybersecurity, yet they are still underrepresented in the cybersecurity workforce. According to the 2019 Women in Cybersecurity study, women now represent 24% (up from 11% in 2017) of the total cybersecurity workforce, but when it comes to holding leadership positions in cybersecurity, the number is significantly smaller.
I talked to several female executives and CISOs, leading the charge in this very challenging field which is notoriously lacking in gender diversity. This is what they had to say.
On what is special about the woman CISO
According to Olivia Rose, CISO at Mailchimp, "what women bring to the table are technical skills accompanied by some great women traits such as partnering, communication, emotional IQ, understanding different perspectives and project organization. I'm not saying that men can't do that. I'm just saying that it's more innate for women to be successful with these traits."
Rose adds, "As a CISO, you need to constantly make a business case with security, you have to constantly get other teams to change their behavior, change their mind, and partner with you, which takes a lot of convincing and persuasion. This is where women shine."
Naomi Buckwalter, Director of Information Security and Privacy at Energage, agrees, "Women just quite frankly have a higher EQ. Study after study has shown that women just work better in groups and can lead better teams because we have an intuitive understanding of people and can empathize easily."
Buckwalter is a proponent of a "relationship building" approach to security. Buckwalter notes, "Unfortunately, because security is so male dominated, it seems like the standard approach is to make a decision and push it down. It is not seen as a very democratic process."
Buckwalter believes that women leaders bring a more democratic approach and build relationships. She argues, "If we can't build relationships with our business partners, we're never going to get anything done. Security is not supposed to be the cart leading the horse. We are a service for the business. We are not there to police them or to stop them from doing anything. We're just providing them the information that they need to move ahead in as risk-free a manner as possible."
On why there are so few women in cybersecurity leadership positions
Lisa Plaggemier, Chief Strategist at MediaPRO, notes that she has always been in the minority in the security organizations that she's worked in. On asked about the dearth of women in leadership positions, Plaggemier reasoned, "It's because we don't raise our hands. We wait until we're 100% ready to take a leadership role before we apply or make our desires known, right?"
Plaggemier continued, "If the CEO comes to you and says, "I think you're ready to be a vice president of XYZ," and you don't feel 100% ready, you tell him, "I don't feel 100% ready." A man when they're 80%, ready, or 70% ready, 60% ready will say, "Oh, sure. I can do that." We're more self-critical, I think and more risk averse. We like to feel like we really know what we're doing before we're going to put ourselves in a leadership position. I think that's very common and the solution to that isn't for women to change. I think the solution is men in leadership positions who know how to manage women through that situation."
On what advice would they give to women starting their careers in cybersecurity
Rose believes that cybersecurity desperately needs diversity and different points of view that women can bring. She notes, "It's important to make it very realistic for women who are entering this field, that this is a very highly male-dominated field. Recognize that while you bring a lot of needed and positive skills and trade to security, you also have to develop your communication skills. There are certain feminine traits that you may have to curb. And you may have to adapt to your behavior in how you speak and how you communicate. All while not losing what makes you great as a woman. If you truly want to be successful in this career, you have to know how to communicate well."
Plaggemier encourages women starting their cybersecurity careers to, "Really get to know your business. You need to be subject matter experts in security, but if you want to progress, you need to have a business brain too." Plaggemier referred to a session she had attended several years back which was titled, "How to do security with your business not to it." She emphasizes, "The only way you can do security with your business is if you're a part of the team and you really understand the business side of your organization."
Buckwalter urges, "Try to influence within your sphere because you're going to need that practice. When you get higher and higher throughout your career, you need to build those relationships beyond just your immediate team and your peers. You need to reach out across departments and positions, and influence leaders in those departments. You need this because security is all about relationships."
Women have so much to offer in terms of creativity, soft skills, and diversity of thought in this highly demanding industry. Women leaders and influencers like Rose, Plaggemier, and Buckwalter who have reached the pinnacle in cybersecurity industry against all odds, continue to encourage more women to enter the profession by sharing their journeys and hopes for women following in their path. As Rose put it so succinctly, "Cybersecurity is a great field for women to be in. Women just need to get out of their own way, get out of their own insecurities. That's my hope and goal."