Women in Cybersecurity: Experts’ Testimonies Reveal Shocking State of Exclusion

Why Trust Techopedia

Key Takeaways

  • Women in cybersecurity face exclusion at a higher rate than men. This exclusion can take many forms, including being passed over for promotions, being underpaid, and having their skills undervalued.
  • A lack of respect for women is a major root cause of this exclusion. Women are often not given the same opportunities as men, and their contributions are often overlooked.
  • The cybersecurity industry loses out when women are excluded. Exclusion can lead to lower productivity, higher re-hiring costs, and a damaged reputation.
  • Organizations can take steps to create a more inclusive workplace for women. These steps include implementing diversity training, tracking diversity metrics, and providing mentorship and sponsorship opportunities for women.

Techopedia set out to report the inclusion gaps that women face in the cybersecurity industry. Several weeks ago we put out a call for experts to comment on the issue. The number of responses we got was overwhelming.

While, unfortunately, we cannot publish all the testimonies to honor and recognize the multitude of voices worth listening to carefully, we begin this investigative report with two of the most impacting testimonies we received.

Monique Becenti, Director of Product at Zimperium, told Techopedia:

“In my nearly eight-year journey in the cybersecurity industry, I’ve faced various challenges, particularly early in my career. Gender stereotypes often led to being underestimated or overlooked, hindering my progress.

“While I’ve been fortunate to have supportive superiors who valued individuals based on their contributions, navigating interactions with certain male counterparts proved more challenging.

“In some instances, my work was undervalued, and I encountered disrespectful behavior in public settings. These experiences were uncomfortable, requiring resilience and a tough skin to navigate.”

Poornima DeBolle, Co-founder and Chief Product Officer at Menlo Security, added:

“As a woman working in the cybersecurity field, I can say that women certainly experience challenges in the workplace, and it happens more often than I care to count.

“When I am in customer or partner meetings, people on the other side of the table will engage and ask follow-up questions with my team members in the meeting rather than me.

Advertisements

 

I have great allies on my team who gently redirect the question back to me. It has happened enough times that we are all well-versed in handling these situations.”

So, how can organizations transform this dire exclusion into a healthy state of inclusion in 2024?

Women in Cybersecurity and the 2023 State of Inclusion Benchmark

Women in Cybersecurity and the 2023 State of Inclusion Benchmark
Interviewed by Techopedia. From left to right and top bottom: Monique Becenti (Zimperium), Poornima DeBolle (Menlo Security), Lynn Dohm (WiCyS), Theresa Payton (Fortalice), Kate Terrell (Menlo Security), and Chaitra Vedullapalli (Women in Cloud).

On April 10, Women in CyberSecurity (WiCyS) — the nonprofit organization dedicated to the recruitment, retention, and advancement of women in cybersecurity — unveiled its groundbreaking 2023 State of Inclusion in Cybersecurity Report.

This first-of-its-kind report, done in collaboration with Aleria, found concerning disparities in the experiences of women in cybersecurity. WiCyS said that while previous inclusion studies have proven that women’s representation in the cybersecurity industry is lower than it should be, the organization set out to discover “why it is happening” or “how to improve” — questions which have remained elusive.

Key Findings: Exclusion and Women in Cybersecurity

WiCyS found that women are excluded 2x more than men. Additionally, women are 5x more likely to cite direct managers and peers as interfering with their satisfaction and ability to perform at peak.

WiCyS adds that recurring themes for women’s experiences of exclusion range from a glass ceiling (barrier to advancement affecting women and members of minorities), inadequate compensation, being passed over for promotions, underutilized skills, and more.

The WiCyS study also found that additional examples of workplace exclusion include disabilities and intersectionality.

A staggering difference in the overall experiences of women compared to men. Source: 2023 State of Inclusion in Cybersecurity Report
A staggering difference in the overall experiences of women compared to men. Source: 2023 State of Inclusion in Cybersecurity Report

Techopedia sat with the Executive Director of WiCyS and other women in cybersecurity to pull back the curtains and reveal the real problems of inclusion in cybersecurity.

Diversity, Equity, and Inclusion (DEI): Aggravating Gaps

The WiCyS report highlights the prevalence of exclusion by leadership and direct managers.

Techopedia asked Lynn Dohm, Executive Director at WiCyS, how organizations can address these issues and foster a more inclusive cybersecurity workplace culture.

“Any organization that has done its own ‘State of Inclusion Assessment’ can find out exactly what is happening to them,” Dohm said.

“However, a general conclusion from this report is that clearly a lot of employees hold their leadership accountable for many of their workplace experiences.”

Dohm explained that by analyzing the report, WiCyS identified some general patterns that emerged.

  • Leaders made public comments that seemed insensitive or inappropriate.
  • Leaders modeled behaviors that indicated that certain behaviors were permissible by others in the organization.
  • Performative actions — meaning that leaders would make certain statements, especially related to diversity, equity, and inclusion (DEI) — but then did not seem to exhibit actions that lived up to those statements.

“Also, as related to DEI in particular, we had a lot of comments — both from members of the majority as well as members of underrepresented groups — that complained about how DEI initiatives were designed or implemented, and several of them indicated leadership as the source of the issues,” Dohm said.

When DEI Programs Fail and How to Course-Correct

Boston University researchers’ study on diversity, equity, and inclusion found that few workplace DEI programs robustly track their impact. The study reviewed DEI and antiracism training research (2000-2022) and found shortcomings in many studies. These included focusing on one-off training, having small sample sizes (under 100 participants), and lacking control groups.

Another 2024 study by the Aristotle Foundation for Public Policy found that diversity training is divisive, counter-productive, unnecessary, and can lead to more bigotry. This report challenges the narrative that DEI instruction generates lasting positive behavioral changes.

Are DEI programs failing? What can organizations do to turn this situation around?

Theresa Payton was the first female White House Chief Information Officer (CIO) for the Executive Office of the U.S. President from 2006 to 2008. Payton, now the CEO of Fortalice Solutions, spoke to Techopedia about DEI programs and how organizations can bridge the gaps.

“Organizations must actively work to eliminate leadership and managerial biases against women and disabled workers. They can achieve this by implementing comprehensive diversity, equity, and inclusion training programs emphasizing the importance of recognizing and challenging unconscious biases.”

Payton added that by creating mentorship and sponsorship opportunities, organizations can help underrepresented employees navigate their careers and advance into leadership positions.

“Establishing transparent and equitable hiring and promotion processes is critical, ensuring that all employees have fair opportunities to progress. I have seen companies make great strides in mentorship programs that could be used as a framework at other organizations.”

Glass Ceiling, Sticks, and Carrots

The WiCyS study found that common exclusion experience themes include gender bias, professional exclusion, underutilized skills, and a glass ceiling.

Poornima DeBolle, Co-founder and Chief Product Officer at Menlo Security, spoke about inadequate recognition and respect, career growth, and access.

“Every step of my career over the past 25+ years in cybersecurity, I have always needed to ask for my advancement.”

DeBolle said she would enumerate her accomplishments to make her case and deliver a multi-year plan for her new role. “Even then, there have been times I did not get the advancement,” DeBolle said.

“I have never seen my male colleagues need to be that deliberate in managing their career or advancement. In fact one of my mentors recommended I learn to play golf to help my career advancement.”

DeBolle strongly recommends that women manage their careers actively, knowing that this is the current state of affairs.

DeBolle’s advice for organizations and the cybersecurity community looking to facilitate an inclusive and supportive environment for women are two: Anti-bias training and women participation.

“Managers and all team leaders will get better outcomes by soliciting feedback from women and building a culture of women participation. Anti-bias training might seem like an easy shortcut, but I have seen the real-life impact of it.”

Why It Is Happening: Lack of Respect for Women in Cybersecurity

A study from the nonprofit ISC2 recently revealed a significant disparity between salaries in the cybersecurity industry when broken down by gender. According to the report, nonmanagerial and mid-advanced women earn $131,000 — 5% less than what men earn ($138,000).

The gap is even wider for women managers. Women in this role, on average, earn $138,000, 9% less than men in the same positions ($150,000). Women in the C-suite and executive level earn 4% less than men in the same role.

While these figures are shocking, they are not a surprise as similar reports have been warning about DEI salary differences for decades. These numbers speak of what is happening in workplaces but rarely answer why.

WiCyS’s new study set out to understand the root causes of discrimination and exclusion. To understand what is happening, WiCyS says that “Respect” is the category with the highest overall exclusion index.

“It is very common for the Respect category to have the highest score, especially in technical fields. However, what is unusual is the sharp difference in exclusion index between Respect and the rest of the categories, confirming that Respect is a major issue in cybersecurity.”

Dohm told Techopedia that women face recurring exclusion themes.

“Not being given the same access to opportunities that other colleagues/peers enjoyed, this included things like special training, access to better projects, or better clients,” Dohm said.

Dohm also highlighted that women receive less positive evaluations in spite of doing equal or more work.

The Call for Action

Kate Terrel, Chief Human Resources Officer at Menlo Security, a California-based provider of browser security — called on the cybersecurity community to take action.

“The cybersecurity community as a whole can certainly do more to foster a more inclusive and supportive environment for women in the field. There are many things to consider, starting with education focused on reducing blindspots regarding our own bias. We all have them.”

“And there are simple actions: If you notice a woman is being talked over, or surfaced an idea that was passed by until one of her male colleagues said it, take the time to advocate and redirect,” she added.

What Cybersecurity Loses When Exclusion Thrives

Dohm from WiCyS explained that lower levels of inclusion can be directly attributed to lower productivity (i.e., lower revenues) and higher re-hiring costs. Hence, there is a material financial impact.

“In addition, of course, there is significant reputational risk, both internal and external to the organization, which can result in lawsuits, or in the inability to attract talent or to penetrate broader markets.”

Dohm strongly recommended that individual organizations consider doing their own “State of Inclusion Assessment,” which would give them a much clearer understanding of what is happening specifically to their employees and what they can do to improve matters.

Callie Guenther, Cyber Threat Research Senior Manager at Critical Start, said that women in cybersecurity often feel marginalized due to a predominance of male colleagues, which can lead to a sense of isolation and underrepresentation — compounded by instances of unconscious bias, where women’s contributions are often undervalued and/or overlooked.

“To navigate and overcome gender-related biases, the importance of finding mentors and allies within the field, both male and female, who can provide support and guidance – cannot be understated.”

Guenther added that culture and brand building, speaking engagements, publications, and active participation in cybersecurity communities can help counteract stereotypes and establish credibility.

“Additionally, ongoing education and certifications are key strategies for women to reinforce their qualifications and assert their competence in the face of gender-related biases.”

What Can Be Done: Women in Cloud Answers

Techopedia asked experts how organizations and businesses of all sectors can progress to acceptable standards of inclusion and continue to enhance the value of women in cybersecurity workplaces, programs, and projects.

Chaitra Vedullapalli, Co-Founder and President of Women in Cloud, an organization that has just partnered with Microsoft for a nationwide campaign to usher more diverse women into the cybersecurity field by providing $30 million in scholarships, talked to Techopedia about solutions.

“In my 25+ years of experience within the tech ecosystem, exclusion happens at two levels — first, structural and cultural; and second, related to lack of preparedness, which in turn leads to not showing up correctly.”

To address it effectively, Vedullapalli says companies need to focus on two types of programming.

  • The first is preparedness and confidence building. “Be proactive in establishing skilling and prepared programming that allows women and underrepresented people to be prepared,” Vedullapalli said.
  • The second is structural and cultural. “This needs to start with the Board and CEO,” Vedullapalli added. “They can establish the right KPIs and accountability to drive changes around pay equity, harassment, and racial bias.”

“To combat these challenges (bias and preparedness), companies should implement preparedness and confidence-building programs. Proactively establish certification-based skilling and development programs that solve company-wide challenges tailored for women and underrepresented groups to enhance skills, confidence, and readiness for career progression.”

“It is also important to foster a supportive network of allies and mentors. Encourage the formation of support networks within the organization that offer guidance, mentorship, and advocacy for women and people with disabilities,” Vedullapalli said.

“Lastly, participate in developing and implementing workplace policies that support representation, equity, and inclusion, making the tech ecosystem more accessible and fair for everyone.”

Diversity Metrics and Cultural Shifts

Payton, former White House CIO and current CEO of Fortalice Solutions, said that organizations can measure progress towards a more inclusive cybersecurity workplace by tracking diversity metrics.

Payton highlighted metrics such as the representation of women and people with disabilities on your candidate slates for interviews and in various roles and leadership positions.

“Change your mindset that women and people with disabilities will find your job openings and go and proactively recruit them,” Payton said. “Surveys and feedback mechanisms can assess the inclusivity of the workplace culture. Additionally, monitoring the success rates of diversity initiatives, such as mentorship programs and diversity training, can provide insights into their effectiveness.”

Payton concluded:

“Cybercriminal syndicates pay for performance. They do not require certifications or degrees which are often expensive and hard to come by. They require skills.

 

“If we want to beat cybercriminals, we must change our thinking and remove the barriers to entry. By excluding talented cybersecurity professionals, especially women and those with disabilities, companies miss out on diverse perspectives that can enhance problem-solving and innovation.”

The Bottom Line

As Vedullapalli explains, the challenges for women in cybersecurity often begin as early as high school, where exposure to cybersecurity issues typically involves cyberbullying, account hacking, and identity compromise. Experiences that foster fear rather than empowerment and gaps in education lead to a deficiency in confidence when it comes to acquiring technical skills.

We end this report the same way it began listening carefully to the voices of leading women working in the cybersecurity industry. They demand immediate attention.

“As a business owner, I can confidently say, if you exclude talented cyber security professionals, your company is at imminent risk of compromising customers and partners, reducing profitability, losing new customers, and facing severe board issues,” Vedullapalli said.

“As an organizational leader, begin by defining and measuring what it means to have an inclusive cybersecurity workplace.”

FAQs

What percentage of women are in cybersecurity?

Is cybersecurity a good career for women?

Why are women in cybersecurity important?

Advertisements

Related Reading

Related Terms

Advertisements
Ray Fernandez
Senior Technology Journalist
Ray Fernandez
Senior Technology Journalist

Ray is an independent journalist with 15 years of experience, focusing on the intersection of technology with various aspects of life and society. He joined Techopedia in 2023 after publishing in numerous media, including Microsoft, TechRepublic, Moonlock, Hackermoon, VentureBeat, Entrepreneur, and ServerWatch. He holds a degree in Journalism from Oxford Distance Learning, and two specializations from FUNIBER in Environmental Science and Oceanography. When Ray is not working, you can find him making music, playing sports, and traveling with his wife and three kids.