Women in Cybersecurity: Challenges, Opportunities, and the Future of the Field

Find schools

Meet the Experts

Sarah Isaacs

Sarah Isaacs is the co-founder, chief operating officer, and managing partner at the Chicago-based cybersecurity and risk management company, Conventus. Conventus is a third-party consultancy firm for businesses in need of assistance in implementing security solutions. A 15-year cybersecurity veteran, Isaacs previously worked at Arthur Andersen and Symantec before co-founding her own cybersecurity consultancy company in 2006.

Isaacs attended Ball State University and later gained a master of science degree in telecommunications from DePaul University.

Jennifer Taylor

Jennifer Taylor is the head of products at the San Francisco-based cloud network platform and cybersecurity company Cloudflare. Before joining Cloudflare in 2014, Taylor worked at several high-profile startups and tech companies in the Bay Area. She was the senior vice president of product management for data.com and search at Salesforce, the manager of platform product marketing at Facebook, and the senior director and head of gaming solutions at Adobe.

Taylor has a bachelor's degree in public policy from Brown University and a master of business administration (MBA) from Harvard Business School.

Why Are There So Few Women in Cybersecurity?

While we as a society would like to think that our culture has moved beyond sexist stereotypes, the old-school belief that women are not as well-suited to careers in technology and engineering is alive and well. This is even true in Silicon Valley, which portrays itself as an egalitarian mechanism for change.

This reality is evident in headline-making stories at some of the tech industry's biggest companies, including Kleiner Perkins, Uber, Tesla, and even Google. In 2017, a software engineer at Google, James Damore, sent a memo to more than 40,000 Google employees arguing that women are less biologically suited to careers in STEM as their male counterparts.

Reshma Saujani is the founder of Girls Who Code, a non-profit with the goal to increase the number of women in computer science. She believes that girls are more hesitant to pursue careers in the technology field because they are taught to aspire to perfection, while boys are encouraged to take risks—contrary to Damore's theory about biological differences in aptitude between the sexes.

In her 2016 TED Talk, Saujani cites a study that was conducted by psychologist Carol Dweck in the 1980s that observed fifth-grade boys and girls in a test-taking environment. It showed that while girls scored higher in every subject than boys on average, they were quicker to give up when faced with test question outside of their ability-level compared to their male classmates. The boys that were observed were more like to increase their efforts when faced with adversity.

Interestingly, the study also found that the higher a girl's IQ, the more likely she was to give up on a question. Saujani thinks that this difference in attitude—this overly-cautious, lower-risk behavior—is fundamental to the gender imbalance in STEM.

Sarah Isaacs is an advocate for increasing the number of women at technology-oriented organizations. As the managing partner and chief operating officer at Conventus, she co-founded the Chicago-based cybersecurity company in 2006 at a time when women represented a small fraction of security professionals.

“There is still a shortage [of women in cybersecurity]. It seems to be trending in the right direction,” Isaacs says. “But we really need to look at when we are targeting women or girls and what age we are developing that interest.”

Isaacs believes that one factor preventing female students from pursuing STEM careers is the failure to engage them in subjects like math and science during their formative years. Organizations like the Melinda Gates Foundation, Girls Who Code, and the Girls Scouts, which has added coding challenges to its roster of badges, aim to provide a learning environment for girls and young women to explore STEM subjects. Their goal is to address the need to encourage female interest in tech-related careers at a younger age—mirroring the effects of the gaming community in stimulating the attention of boys.

The effects of these efforts are already apparent. The percentage of women in STEM careers has doubled in the last six years, but there is still a ways to go. Only one in five STEM professionals is female.

The Value of Diversity in Leadership

Jennifer Taylor, head of products at Cloudflare, holds an MBA from Harvard Business School. When she graduated from Harvard, she decided to shift her focus public policy into tech. Taylor says that her company prioritizes diversity not in an arbitrary endeavor for fairness but to ensure their company's success.

“Now, people are talking about it, thinking about it, and being deliberate about it,” she says. “I think it will change the face of our company, and as other companies hopefully follow suit, it will change the face of the industry.” That said, Taylor acknowledges that reaching diversity goals is not “an overnight thing.”

Taylor emphasizes that there are different kinds of opportunities in cybersecurity outside of what one may think when imagining a career in tech. Not everyone needs to have a computer science degree to be involved in the tech industry. The field also needs liberal arts majors, financial experts, and policy veterans.

“Technology is so pervasive and cybersecurity needs to be as pervasive, so having people with diverse backgrounds is really important,” she says.

“There's a growing focus we have on diversity and bringing in people of diverse backgrounds, training and thinking,” she continues. “I see so many people working in STEM today that may not have been traditionally trained in STEM, but in creative arts and liberal arts, that are having a strong place in the STEM community.”

The Cybersecurity Industry Today

Taylor and Isaacs agree that one of the top trends gaining traction in cybersecurity is automation. Companies like Conventus and Cloudflare use automation and machine learning (a form of artificial intelligence) in the same way that hackers do: by setting up their own armies of bots that constantly reassess areas of risks.

With the rise of automation, there is a general public misconception that technology stands to eliminate jobs by replacing human employees. While automation is a game-changer for all companies as they digitally transform, Isaacs and Taylor believe that automation is changing the types of workers needed rather than eliminating the need for workers.

Taylor says that the “cat and mouse” nature of fighting off hackers makes automation an ideal fit for cybersecurity strategy. “As soon as you provide a security solution to an issue, the issue will morph and change,” she explains. That is where automation comes in. “In order to provide automation [to address these issues], you provide inputs and learning patterns in order to train the thing that is being automated.”

The need for cybersecurity workers will shift toward designing and facilitating automation processes, as opposed to performing the manual, time-consuming tasks, and in turn, the kinds of opportunities for entrants to cybersecurity are becoming increasingly creative.

“It is not just thinking like a hacker, but how to overcome a hacker,” Isaacs said. “Now it's more about critical thinking and problem-solving.”

Pursuing a Career in Cybersecurity

That's why cybersecurity companies and in-house cybersecurity teams are not just looking for technically-proficient employees, but team members that can think conceptually—an attribute that artificial intelligence cannot replicate.

Taylor explains that while coding is important, “it's not all about writing code.” Facets of cybersecurity operations that require empathy are in high demand, like user-experience and project management, which create opportunities for individuals of all different backgrounds.

“We look for kids that have a basic level of understanding—it doesn't necessarily have to be cybersecurity-focused—just those who want to continue learning more,” Isaacs says. “You really just need to show interest, whether that is joining a specific club, networking with individuals that are like minded in cybersecurity, going above and beyond just doing the bare minimum to differentiate yourself.”

Isaacs's company is looking for sales, marketing, and legal associates with different levels of educational backgrounds and experience. The door is open for established professionals—not just graduating students.

“I'm seeing really interesting [applicants] from previous careers that are not necessarily related to cybersecurity at all,” she says. “They've made the jump and are extremely successful.”

So, what are the first steps that one can take to start their path toward a career in cybersecurity?

“My advice to everyone is, continue to follow your curiosity. Stay precocious. Explore and seek communities that share your passion and your interest,” Taylor shares. “One of the things that help women and people, in general, is early on finding kindred spirits and sharing a community.”

Related Features

Artificial Intelligence in Job Recruitment: How AI Can Identify Top Talent

Diversity and inclusivity aren’t purely idealistic goals. A growing body of research shows that greater diversity, particularly within executive teams, is closely correlated with greater profitability. Today’s businesses are highly incentivized to identify a diverse pool of top talent, but they’ve still struggled to achieve it. Recent advances in AI could help.

Artificial Intelligence Systems & Specializations: An Interview with Microsoft’s Sha Viswanathan

The ability of a computer to learn and problem solve (i.e., machine learning) is what makes AI different from any other major technological advances we’ve seen in the last century. More than simply assisting people with tasks, AI allows the technology to take the reins and improve processes without any help from humans.

Building Web3: Expert Interview on Non-Fungible Tokens (NFTs)

Unlike fungible items, which are interchangeable and can be exchanged like-for-like, non-fungible tokens (NFTs) are verifiably unique. Broadly speaking, NFTs take what amounts to a cryptographic signature, ascribe it to a particular digital asset, and then log it on a blockchain’s distributed ledger.

Building Web3: Smart Contracts, Solidity, and the Ethereum Network

First proposed by computer scientist Nick Szabo in the 1990s and later pioneered by the Ethereum blockchain in 2010, smart contracts are programs that execute themselves when certain predetermined conditions are met.

Business Systems Analyst – A Day in the Life

This is a role for tech-lovers, for logical thinkers, for those who like being given an answer and then are told to find the question. But it’s also a role for communicators, for relationship builders, for people who enjoy cross-departmental collaboration.