Women in cybersecurity: Busting the myths, once and for all

Women in cybersecurity: Busting the myths, once and for all

We’re excited to bring back Transform 2022 in person on July 19 and virtually July 20-28. Join AI and data leaders for insightful talks and exciting networking opportunities. Sign up today!


The story of the young cybersecurity tycoon who spent his youth trashing computers has been told so many times that it’s almost a cliché. He started coding in the family garage. He graduated at the top of his class with a degree in computer science. He launched his own startup (also from the garage), and the rest is history.

Fortunately, this is not the only way to launch a successful career in cybersecurity. Unfortunately, the persistence of this narrative tends to deter those who do not feel they fit the “traditional” mold. Too often this applies to women, and while some women do achieve titles like CTO, CIO or CISO, the cybersecurity industry is still heavily male-dominated. The cybersecurity field still struggles to attract women, in large part because they have a hard time picturing themselves in it.

Women finding success in cybersecurity should not be out of the ordinary, especially today, at a time when the field is experiencing explosive growth and talent is in high demand. Today’s cybersecurity companies also often cite diversity as a priority, with the stated goal of bringing new perspectives to the table. To achieve this, it’s time to dispel the myths that underpin cybersecurity’s intimidating reputation and break down the false barriers to entry that keep women out.

Myth #1: You need a computer science degree to work in cybersecurity

Despite what many people may believe, cybersecurity is something that can potentially just fall in Many cybersecurity professionals have college degrees in fields ranging from English to sociology. Some may start out as sales representatives or pharmacy technicians. It’s true that being successful in cybersecurity requires a lot of passion for the field, but that doesn’t necessarily mean spending your formative years preparing for and following a conventional path.

A computer science degree can be helpful, but it’s far from a requirement. This is not to say that degrees and certifications are not important, but skills can be taught. Ultimately, what defines a good security professional is how they approach problem solving. For example, a math or philosophy degree can provide a foundation for practicing logic and problem solving that translates incredibly well to cybersecurity.

Dedicated self-directed learning can also help bridge any knowledge gaps that are preventing a career in cyber security. One thing successful leaders tend to have in common is a willingness to keep learning. If you’re interested in programming languages, malware analysis, ethical hacking, or other relevant topics, there are ways to gain that knowledge outside of a traditional degree program. Take the initiative: Self-training and certification can make candidates stand out as motivated achievers. An increasing number of job candidates are arriving with self-taught skills, a history of IT-related volunteer work, and boot camp certifications. Knowledge does not come only from a university.

Myth #2: Cybersecurity is a male-only field

Despite having the qualifications, skills, and dedication to succeed in cybersecurity, women can be held back by the idea that it is a male field. And while it’s true that the field is still male-dominated, it’s far from exclusive to them. Women currently make up nearly 20% of the cybersecurity workforce. That may sound low, but in 2013 makeup women only 11% of the cybersecurity workforce, so the trend is quickly heading in the right direction. If ever there was a time to enter the field, it is now.

This is underlined by the fact that women today are more likely to finish college than men, representing a major turning point in gender parity and a key indicator for the future of the workforce. But even armed with higher education, many women still face imposter syndrome — especially in a male-dominated field like cybersecurity. They often feel inadequate, even with a proven track record of success. Traditionally, tech leaders have been promoted as male figures, and it’s easy to understand why women often struggle internally with the issue of measuring up. Finding the right fit, and the right corporate culture, can make a world of difference.

Companies with a strong, values-based culture that emphasize professional development, support, and constructive feedback are critical to success. It is also important that women help each other, serving as mentors and cheerleaders for others as they enter the field. There are allies throughout this industry and they will stay; after all, two thirds of women in cybersecurity say they plan to stay there for the rest of their careers.

Myth #3: Cybersecurity requires you to code or hack

It is true that there are cybersecurity roles that require coding or hacking skills. But they are outnumbered by positions that don’t. Unfortunately, many cybersecurity job listings include requirements that seem designed for a mythical unicorn who can code, hack, and understand every job in the industry. This can be especially discouraging for women, who studies have shown they are prone to underestimating their own qualifications.

Companies need to be more flexible with their job descriptions, or many women won’t even apply. On the other hand, prospective applicants should understand that while cyber security job postings may give the impression that only a select few individuals are qualified enough to apply, this is not the case. The technology industry faces a huge talent gap, and this is the most flexible time for candidates looking to enter the field.

Today there are almost 600,000 unfilled cybersecurity jobs only in the United States. Jobs are available at all levels, and many organizations are investing in training programs to bring their workers up to speed. This is an era marked by investment in employee skills, particularly in the field of technology. Gone are the days of traditional educational background; Cybersecurity recruiters look for candidates who are closely aligned with the technical skills for the job and, above all, the right attitude.

In the world of cybersecurity, any experience is a good experience. An entry-level job as a cyber threat analyst may focus primarily on reporting, but can be leveraged for more hands-on help desk work. The industry needs talent, and there will always be opportunities to expand your role and take on new responsibilities if you want them. When those opportunities present themselves, you simply need to be the one to raise your hand. Sometimes all it takes is the drive to volunteer.

entering the field

The field of cybersecurity is changing rapidly. With the right dedication, skill set, and support systems, today’s women find success in every corner of the industry. Old barriers to entry like the need for certain degrees, the idea that it’s “a man’s field,” or recruiters with unrealistic expectations should no longer keep women awake.

Women are behind some of today’s most important cybersecurity operations and innovations. They are slated to be behind even bigger industry advances in the next five, 10, and 20 years. From entry level to C-suite, they are already working. There is a significant opportunity to plus women play a role in that future.

For anyone who isn’t sure if they should go into cybersecurity: it’s time to raise your hand. If you wanted to raise your hand yesterday but didn’t, raise it today. Whether that means volunteering for a project, switching roles, or interviewing for a job, the best way to start your cybersecurity career is to jump in headfirst. Who is the game?

Heather Gantt-Evans is a CISO for sail point.

Data decision makers

Welcome to the VentureBeat community!

DataDecisionMakers is where experts, including data techies, can share data-related insights and innovation.

If you want to read about cutting-edge ideas and up-to-date information, best practices, and the future of data and data technology, join us at DataDecisionMakers.

You might even consider contributing an article of your own!

Read more about DataDecisionMakers

Leave a Comment