According to the Women in Cybersecurity Report by ISC, women working in cybersecurity currently account for about one-quarter (24%) of the overall workforce. It is encouraging to see that this number is significantly higher compared to a few years back, but it is still not high enough to say that women and minority groups are well represented in this industry.
The only way to change the system, process, or thinking is to be part of it and participate in driving the shifts that need to happen. On International Women’s Day this year, some of the women of WhiteHat share their insights on the need for more women to join us in a career in cybersecurity and shed light on some of the common misconceptions, such as the idea that this field is only for candidates with a high level of technical skill.
The need for more women in cybersecurity industry
On the need to level the gender playing field in a heavily male-dominated industry, we talked to WhiteHat Security’s head of engineering, Kanthi Prasad, who was recently recognized as the Gold Winner of the Women in Cyber and Info Security award category in this year’s Cyber Security Global Excellence Awards. She acknowledges the huge shortage of skills in cybersecurity, the gender gap in the tech industry as a whole, and the urgent need to fill millions of cybersecurity roles globally.
Kanthi says, “There is a huge untapped potential here for women, as well as men, in the coming years to fill this growing skill gap. While the stereotype has been set for the cybersecurity industry as young guys in hoodies tapping on keyboard to do nefarious things, the reality is far from this image. The cybersecurity industry requires a fairly vast set of skills and caters to various interests. As the world shifts around us, we owe it to ourselves to not leave our future security to chance, but instead to be a part of the solution.”
Katherine Haworth, Application Security Engineer at WhiteHat Security says, “Women should join cybersecurity teams because it’s fascinating work. It’s a job that provides a high enough income to grant financial freedom, with a constantly evolving threat landscape to keep things interesting, and also provides the satisfaction of knowing that the work helps protect everyone – from large companies to individual people who could be the victims of a data breach. Women should also join cybersecurity teams because the teams benefit from diversity. The more different life experiences and ways of looking at a problem we can get at the table, the better the team as a whole is able to imagine diverse attacks and diverse solutions. Of course, no one woman can speak for half of the population, so there’s always room for MANY women on these teams! Women of color, immigrant women, trans women, all will have slightly different perspectives to bring.”
What skills should young women/grads in STEM develop to pursue a career in cybersecurity?
Kanthi Prasad shared her advice for young women and grads, “It is important to be aware that not all cybersecurity roles require STEM or software development skills. There are a variety of roles within the industry that require strong problem-solving skills, analytical thinking, great interpersonal and communication skills, etc. Additionally, as part of a STEM program, you should build your knowledge of security across various platforms like computer systems, network, cloud, mobile, etc. Specialization skills can be built on top of these skills by developing an understanding of ethical hacking and computer forensics. These sets of skills give you a glimpse of the variety that exists within the industry.”
Lauren McCaslin, Dynamic Application Security Testing Manager at WhiteHat Security, has this valuable advice for aspiring cybersecurity career grads, “Focus on developing solid communication and problem-solving skills. The ability to articulate an issue clearly and concisely is highly desirable in order to gain trust within your team. Additionally, proving that you can persevere and solve problems to aid your team in the mutual goal of a strong security posture goes a long way in proving your leadership capabilities. Be confident in the technical skillset you bring to the table and don’t be afraid to show it off sometimes.”
“More women should join cybersecurity because we bring a unique perspective and problem-solving capability to what are often homogenous teams.”
– Lauren McCaslin, Dynamic Application Security Testing Manager at WhiteHat Security
Katherine Haworth says, “What skills to develop is a bit dependent on the individual in question and what part of cybersecurity they’re interested in. You can figure out the technical skills and certifications a lot of employers like to see for your preferred role by doing a quick job search. In general, yes, a degree in Computer Science is a great asset for almost any role, but I’ve met people in this field from all sorts of backgrounds. Being able to think creatively and outside-the-box is indispensable, as well as being good at clear and compelling communication since you often have to explain vulnerabilities and/or how to fix them to others. An understanding of visual design can be very useful in presenting findings or explaining broad concepts to non-technical clients. Those skills are often left out of STEM coursework, so you’ll need to be proactive to make sure you develop them. I’d also encourage interested folks to try out independent bug-bounty pen testing, even if pen testing isn’t your end goal. Knowing what that work looks like and the tools commonly used is useful no matter if you’re marketing, educating, managing teams, or writing secure code (and having that experience on your resume isn’t bad, either!).”
Janet Kulp, Senior Security Program Manager at WhiteHat Security, has this advice for all young women in STEM: “Don’t neglect your non-cybersecurity skills. The weakest link is, and always will be, the human element. Anyone can learn how to code securely but being able to talk and communicate best security practices, technical and otherwise, so others can understand, will always be in demand. These “soft-skills” will make you an integral part of any cybersecurity team.”
Careers in Cybersecurity
It does not need to be a straight line from software development to information security. The paths can be multi-pronged and diverse. Skills and passions take their own course of development as we meander through our career paths. The point is to be willing to explore different ways to carve out your career path in the cybersecurity industry. Explore, learn, and network effectively to increase the presence and participation of women in the cybersecurity industry.
- CISA provides valuable guidance on cybersecurity career paths and progression, be sure to check out their advice here.
- Check out our webinar on Women Building Careers in Cybersecurity here.