
By Kathi Whitbey, Business Operations Manager, Unit 42, Palo Alto Networks
As we approach International Women’s Day on March 8, 2023, there is always talk about the lack of women in cybersecurity. How do we “fix” this problem, when women make up about 50% of the world population – but only about 25% of the industry’s workforce? If our objective is to increase the number of women in the industry, we need to do a better job at highlighting the diversity in backgrounds, knowledge, and experience we each have, and that you don’t have to be a “computer person” to ultimately land in a cyber career.
Cybersecurity is often reduced to simply defined roles of adversaries, hackers, and analysts, but the skill sets required are much more complex and necessarily diverse. This is an opportunity to attract people with a broader set of backgrounds, including more women, to the industry. The amazing women in my circle bring backgrounds and essential talents to the table every day, and each of us hope to educate more women that there are many points of entry to and paths within cyber careers.
Many of my female colleagues found their beginnings in cyber serving in the military, specializing in areas such as computer crimes investigations, cryptology, intelligence analysis, and adversary research and tracking. This training prepared them for the private sector as threat analysts, security architects, tools developers, and subject matter experts. Each hit the ground running and are making an impact every day.
The hands-on, operational and response side of cybersecurity is not the only critical part of the industry. There are also those who can articulate it through the written word. These women came from fields like journalism and technical writing and training. They take the complex world of cyber and share it in ways that allow everyone to understand via teaching, presenting at conferences, or even writing blogs like this.
Finally, the various teams and working groups are kept on track and headed in the right direction by women who serve as project or program managers, ensuring schedules are kept and milestones are reached. With so many different groups often working on a single project, these highly organized planners keep things moving from start to finish, reporting highlights and identifying needs to most efficiently reach our desired goals.
There are women who came from careers in the military, software development, journalism, and even as emergency medical technicians (okay, that last one is me). Each of these fields gave us baseline experiences that we were able to apply, often bringing new views of a problem or solutions to the team while understanding the complexity and time limitations common in cybersecurity incidents.
Each of us need to use every opportunity possible to bring more women into the field. From mentoring young girls in local STEM programs as early as elementary school, to volunteering your time to speak at conferences designated for college-aged women, finding creative ways to engage girls earlier is key to tackling this challenge.
For example, I worked with the Girl Scouts of the U.S.A to help create their cybersecurity badge program, and taught these workshops for troops across the country. In addition, I have attended career fairs at local middle and high schools highlighting my career, and spoken at conferences involving women and other groups under-represented in the industry. I continue to share what I know and love most about this field and how it is part of a bigger purpose.
My challenge to each of you is to also become personally involved, not only for International Women’s Day, but in the months and years to come. By volunteering your time to present, mentor or champion programs in your local communities, we can reach more girls earlier and spark their interest. We all must become evangelists for recruiting more women into the field and find ways to continue drawing in the best and the brightest, regardless of their specialties or majors. We all have amazing stories, and bring our experiences to our organizations to make cybersecurity a field in which everyone has a path.