The future of cybersecurity is gender-balanced

“I just don’t think women are in many cyber roles because they just can’t see themselves in them. That’s what we need to change. More women in the industry need to use their platforms to show other women that they can be in tech.”

Only 24% of cybersecurity jobs globally are held by women, showing a huge disparity in the industry that needs to be addressed, as it’s not only an imbalance but can also impact our overall security. 

So, why do we need more women in the cybersecurity industry?

• Encourage creative problem-solving: An even mix of genders, experience levels, and roles will foster a culture of creativity and a new approach to problem-solving, which is necessary for staying ahead of constantly evolving threats.

• Nurture diverse backgrounds: A gender-balanced cybersecurity team removes unconscious bias, by having a wider variety of backgrounds, new perspectives are brought on board.

• Fill key leadership roles: Compared to men, higher percentages of female cybersecurity professionals are reaching positions such as chief technology officer (7% of women vs. 2% of men). Having more women on board will fill more of these leadership roles, which are essential to cybersecurity teams.

We spoke to Bailey Marshall, Senior Consultant at Mandiant, and creator of The Security Rex, about her experience in cybersecurity, and what tips she has for women looking to enter the industry.  

Why do you think women are underrepresented in cybersecurity roles?

“I don’t think it’s for lack of trying, I truly just feel like the visibility isn’t there. People typically hone in on a career path in high school, because often they need to decide on whether or not to attend college and which ones to apply to. 

But how many cybersecurity programs are targeting teenage girls out there? Not many, and some of the ones that do revolve around fun hacking and incredibly technical skills, but cybersecurity is so much more than that. 

There are a lot of non-technical cybersecurity roles that need to be filled, but we as an industry aren’t targeting the audiences ready to make those decisions. 

In addition, not everything has to be hackers and motherboards, but I see this a lot in clubs geared toward young adults.”

I just don’t think women are in many cyber roles because they just can’t see themselves in them. That’s what we need to change. More women in the industry need to use their platforms to show other women that they can be in tech.

 

Bailey Marshall, Senior Consultant at Mandiant, and creator of The Security Rex.

What/who inspired you to pursue a career in cybersecurity? 

“Honestly, I inspired myself! I didn’t think I wanted a tech career, and it’s not because I didn’t want to be here, it just never crossed my mind. 

I had my own pursuits I was engaging in at the time, and a course I was taking offered me a Security+ voucher. So, I said, heck, why not? 

Because I am so stubborn and determined to do the best I can at whatever I am doing, I studied day and night for a whole month for this Security+ book I bought at Barnes and Noble. 

The day came, I took my exam, and I passed! 

After the dust settled and I calmed down from the achievement high, I did a bit of self-reflection and realized that: one, I liked the security side of things, and two, I was actually good at it. 

So, I decided to pursue cybersecurity in my career at that moment. I think a month later I applied for a Master’s Degree program in cybersecurity, and started on in the next semester. The rest is history.”

What would you tell women looking at getting into the industry that they may not be aware of?

“People mean well, and it’s not often blatant disrespect that occurs in the industry (though it is out there) it is the subtle ways people treat you or don’t treat you if you consider someone else getting preferential treatment, that will really hit hard. 

I can talk to you all day long about how to get into the industry and what certifications to get or what roles to pursue but understand that there is a quiet difference in the way the people interact with you versus your male colleagues.”

And to reiterate, it’s not often out of malice, it's a culture. You may work with a male partner who makes the same pay as you, does the same daily operations, and performs at the same level, but you will find that typically when someone needs something done or a question answered, they will go to him first. It is still very much a male-driven industry.

Bailey Marshall, Senior Consultant at Mandiant, and creator of The Security Rex.

What advice would you give to women on landing a job in cybersecurity?

“Figure out what you enjoy and pursue that path with vigor. Find others who have ventured down your chosen field and pick their brains with questions. 

Cybersecurity is such a broad term, there are several different roles you can pursue. Decide what you want to do and then determine how to get where you want in that designated role. 

Asking advice from others who have gone before you is crucial!”

What challenges have you faced as a woman in the cybersecurity field? 

“Both my age and my gender play a role in how frequently people ask me advice or questions within the workplace. 

I am in a senior role, and yet I am not often treated as a senior expert in my field. Being a consultant, my primary job is to be available for clients and to provide subject matter expertise in a field. 

 

I have had clients walk right past me to ask my male colleagues a question that I was well suited to answer. I have also had clients come ask me where my male colleagues were, only to tell me that they’d ask them their questions when they returned. 

 

I can answer those questions! Hello, pick me! 

All that said, it really hurts my feelings (female stereotype, running on emotions!) but it could hurt anyone because it makes me feel undervalued and it seems as though my input is not appreciated or desired. 

It’s hard, but you have to keep your head up and be the best you can be. Make noise when you can and don’t sit idly by and allow this to happen. Call others out on the behavior. It will happen anywhere you go, this is not one organization’s problem, it is the industry’s.”

What’s the proudest moment of your cybersecurity career so far?

“Getting my CISSP. It sounds cliché, but at the time, I literally just passed the threshold five years of experience needed to become a fully-fledged CISSP. 

I was pregnant with my first child at the time and I wasn’t feeling my best and wasn’t getting my best sleep. Still, I studied relentlessly, made a game plan for chapter reading and practice tests, and scheduled my exam so I would have a defined date that I needed to look to. 

February 12th was the day, and I hobbled my big belly down the sidewalk and into the test center, sat for three hours, and answered 125 questions of security through aches, pains, baby kicks, and hunger (if I wasn’t eating every five minutes at the time, I was starving). 

I got the immediate notification upon submission that I had passed, and I squeaked out an excited noise before standing up and taking my printout. 

To be a 26-year-old CISSP was a huge accomplishment for me, and I was so excited that I think I took myself on a Chipotle date for lunch.”

Brands that “walk the walk”

While it’s valuable to talk about the importance of women in cybersecurity and to raise awareness of the gender imbalance, brands must take this on board and take action. 

Women in Cybersecurity was created with a commitment to recruit, retain, and advance women in cybersecurity to build a robust and diverse cybersecurity workforce. They are a fantastic resource for women looking to get into cyber or support those who are. 

Kunjal Tanna, Co-Founder of LT Harper, a cybersecurity recruitment firm, hosts an InClusive InCyber networking breakfast for women in the industry, with guest speakers providing advice on getting into cybersecurity. It’s a great opportunity for women in the industry to meet and be inspired, helping to bring more people into the industry. 

Ofcom is also leading the pledge to get more women into technology, IT, and cybersecurity roles. Ofcom and seven of the biggest companies in the sector–BT Group, Openreach, Sky, TalkTalk, Three, Virgin Media O2, and Vodafone–signed a pledge committing to improve representation for women in technology roles.

These brands and individuals are leading the way for women in cybersecurity and these initiatives will break down the walls that have slowly been built up over the years.

Closing the gender gap in cybersecurity

While cybersecurity has notoriously been a male-dominated field, we can expect to see this change, with predictions that by 2025, women will hold 30% of cybersecurity roles. This is a significant step in the right direction. 

But we shouldn’t stop there. By boosting cybersecurity awareness from a young age, we can encourage young people to consider it a viable career choice, for both men and women. After all, we desperately need more talent in the industry, and a balance of genders will only boost our security posture. 

Want to hear more from women in the industry? Watch our recent webinar, The Future of Women in Cyber: Building an inclusive workforce.

Author bio: Fiona Leake (fileake), Content Writer, Hack The Box Fiona Leake is a Content Writer at Hack The Box. Digging deep into how people think to create meaningful content that solves problems is what gets her out of bed in the morning. Fiona loves simplifying technical topics and enjoys occasionally trying her hand at only the most beginner-friendly HTB Machines. Feel free to connect with her on LinkedIn.