Every year on March 8th, the world celebrates International Women’s Day. It’s an opportunity to honor the political, social, economic and cultural achievements of women everywhere in every walk of life. That includes in the field of cybersecurity.
Women have already made considerable progress in that regard. According to the 2019 (ISC)2 Cybersecurity Workforce Study, higher percentages of women have reached senior positions in cybersecurity than men. These roles have included chief technology officer (7% of women compared to 2% men) and C-level/executive (28% women compared to 19% men).
And there’s still work to be done. In its study, for instance, (ISC)2 found that women constituted just 24% of the cybersecurity workforce. Those experts also made 31% less than their male counterparts, according to a 2020 report shared with SC Media.
Many who are reading this might have a story of women being excluded in cybersecurity. Their story might be about them. Which is all the more reason why all women of cybersecurity are worth celebrating.
In observance of International Women’s Day, Cisco got a group of women security experts together and asked them, “Who has meant the most to you as an ally? And how has this impacted your career?” Some of these experts’ responses are presented below.
People Who Encourage and Expand Your Vision
We all know that women don’t apply for jobs unless they’re 100% qualified, right? When it comes to making that bold move to take the next step in your career, you may need some encouragement from someone who knows you and your abilities – from someone whose judgments you trust. For me, this person was Aybala Tut (LinkedIn), one of our amazing people at Cisco.
Three years ago, I saw the post of my dream job as a systems engineer manager for security specialist engineers. I was hesitant to apply for it, as it was asking for security-related work experience. I was coming from a technical background, had security experience, and was very passionate around security, but I hadn’t been systems engineer before. There were so many apparent barriers in that job post that I was discouraged from applying and taking that step.
Aybala Tut did not see it as I did. She helped me put things into perspective and encouraged me to apply for the position.
Encouragement is not the only component that led to my success. Liat Shentser (LinkedIn) is an open-minded hiring manager who was willing to tap into the untapped talent pool, challenge the status quo, and hire not only for background but also for potential. This had a huge impact on my career, and I am forever grateful.
Finally, kudos to another person who inspired me and expanded my vision: Mike Storm, Distinguished Engineer at Cisco (Blog). The way he makes security fun and understandable for everyone while being so humble and willing to help, combined with deep technical knowledge and industry insights, is incredible. Mike is always inspiring, while making security approachable.
The Quiet Triumph of an Unsung Hero
Cat Murdock (Twitter | LinkedIn) has been a true inspiration for me! When I first met Cat, she struck me as a born leader. She was direct, firm, and confident, and I truly admired that. A few months later, I had the opportunity to ask Cat for help. Without knowing much about me, she was very responsive and shared trust, insights, and tips in the right direction with me that contributed to my success and towards winning the social engineering capture-the-flag contest at DEF CON.
Since then, Cat and I have become great friends. Her ability to selflessly support and lift others, while suspending her own ego and removing all aspects of competition from the equation, inspires me to push myself to do better. These qualities also motivate me to uplift those around me and quietly demonstrate my skills, integrity, and the quality of my work through actions and practical application.
Cat’s legacy is very much in the “yet to be fully realized” phase of her career. Cat has reached a level now where she can fully influence positive change within the organization where she works and beyond. She’s knowledgeable, concise, and meticulous in her strategy, planning, and execution. I continue to be impressed with the leaps and bounds Cat has taken in a relatively short amount of time, making tremendous strides in her career while remaining completely humble and unaffected by those who would seek to challenge her skills or complicate matters for her.
Her legacy will be one of quiet triumph, demonstrated through a solid program and secure infrastructure as well as backed by a truly well-thought-out and carefully implemented security program. Outside of her primary engagement, in her spare time, Cat contributes to various philanthropic efforts as well as supports the efforts of many others who are upskilling and driving towards similar career goals. Cat is clearly one of the many unsung heroes in the information security field, someone who doesn’t chase accolades or notoriety but rather chooses to allow the quality of her work to speak for her.
A Small Gesture with a Huge Impact
Wendy Nather (Twitter | LinkedIn) has impacted my career in more ways than she’ll ever know. Wendy has been a teacher, a FUD-checker, a network introducer, an encourager, a cheerleader, a “you should give it a shot” imposter syndrome buster, a mentor and sponsor, and alongside all of that – a friend you look up to and are proud to have.
I am confident that if you asked a random sample of other professionals in this business, 99 percent would likely say the same things about Wendy. She has touched more lives in this industry than anyone else out there. The impact she has had on me is personally significant, but the breadth of impact she has had on the industry is truly immeasurable.
One of the many reasons Wendy should be celebrated is for her constant desire to find more ways to do good for the security community and the people in it. She regularly goes beyond her daily responsibilities and makes time to empower her peers and the next generation of up-and-coming security professionals. Whether sponsoring or mentoring, keynoting at both industry or inclusion-focused conferences, or simply making time to meet with and encourage women and marginalized groups of professionals to find their superpowers, Wendy is truly the tide that lifts all boats.
It does not have to involve a big gesture for a person to have a big impact. Wendy held out her hand to me at multiple junctures in my career and said, “Come on in, you’re welcome here.” And for me, that’s all it took.
Wendy’s legacy will be one of inclusivity. Beyond her regular empowerment of diverse cybersecurity professionals, Wendy similarly promotes security technology that works and is available for a diverse set of businesses, not just the upper echelon. Wendy has worked for and supported organizations with widely varying budgets and resources. As such, Wendy coined the term “the security poverty line” to denote the point at which companies experience not only budgetary restrictions but also many other dynamics that affect security posture. This phrase has been used industry-wide in conversations around how to democratize security, and no doubt it will live on for many years to come. As will Wendy’s impact on all of us.
One woman in cybersecurity who has been really helpful in my career is Kate Brew (Twitter | LinkedIn). She started working as the editor of AlienVault’s blog in 2014. AlienVault was acquired by AT&T in 2018, and it was rebranded “AT&T Cybersecurity.” I’ve been working with Kate since her AlienVault days, and I continue to contribute to the blog today.
Kate has an excellent instinct for the kinds of information that people who work for enterprises and in data centers are interested in. Under her guidance, I’ve written about a broad range of cybersecurity topics – from malware to indicators of compromise, from incident response to information security policy, and everything in between. Kate has always encouraged me to pursue my curiosities and my growth as a writer.
As a woman in cybersecurity herself, Kate is very supportive of women in all areas of our industry. She believes that more diverse workforces make companies more effective. She leads by example.
Because her work is largely behind the scenes, I believe she deserves more recognition. The people in our industry with the brightest ideas need equally bright and diligent people to bring them to fruition. Cybersecurity is a very human aspect of computer technology, and facilitating creativity is something that’s greatly needed.
Beverly Walker (LinkedIn), the chief privacy officer for The Centers for Disease Control and Prevention, has been most influential in my career. Although I am a non-technical person, Bev empowers me to insert myself into technical conversations and make an impact. She encourages me to fill voids where necessary and to assert myself. She is not only the type of attorney but also the type of leader I aspire to be one day.
Following a Strategic Leader
I have been following the career path of Lieutenant Colonel Milena Realpe (LinkedIn), Cybersecurity and Cybercrime Advisor at the Defense Ministry of Colombia, for a few years. In 2020, she was a juror and speaker at our organization’s Top Women in Cybersecurity – Latin America award ceremony, which was hosted by WOMCY.org. Her trajectory in cybersecurity has been an inspiration to me and several women across Latin America, especially in a field highly dominated by men.
She has been a strategic leader in cybersecurity; she’s been in charge of graduate programs to further educate more professionals in our field. Education is an area that I am passionate about in order to close the skills gap and promote more diversity in this segment. Hearing her speak was an honor. I cannot forget how she closed the session with a powerful and impactful message: “If you look taller in heels, you will look huge in boots.” Without a doubt, this is what I call “breaking the glass ceiling”!
Any list of influential leaders in cybersecurity is not complete without the inclusion of Theresa Grafenstine, CISSP (Twitter | LinkedIn). I met Terry more than eight years ago when we participated in a panel together at a women’s leadership conference.
Back then, I was struck by her unique and impressive background. Terry’s skills have continued to expand over the years. She possesses a mix of core competencies, honed through years of experience in esteemed positions within government, audit, finance, security, and much more. There is an inability to put her in a box.
Terry previously served as Inspector General for the U.S. House of Representatives – the first woman to ever hold the position. She alerted Congress about the fact that there were not enough women in cybersecurity, that women bring unique skills and strengths to bear on cyberwarfare, and that we should collectively work toward a greater balance between men, women, and minorities in the field.
Terry also served as the global chair of ISACA as well as on the board of the AICPA, where I was an executive. She always seemed to show up in leadership roles, positions traditionally occupied by men. And she now works as the Global Chief Auditor, Technology, for Citi.
Terry has been an example for me of how risk management serves as a common thread and a bridge between finance and security. It was her example that encouraged me to expand my career beyond the accounting profession and take on the CEO role at (ISC)2. Her contributions and influence on so many women throughout her career are immeasurable. I’m thrilled to have the opportunity to bring light to her story of trailblazing and leadership.
Kindness is an absolute
I’ve never really had a formal mentor, though throughout my life, I’ve certainly been grateful for those who have made an impact. For example, growing up, my mum was always so supportive. She told me to study hard, work hard, be independent, and be the best version of myself. She was always my cheerleader! Then, moving into my final year of high school, I had a teacher who gave me the opportunity to study computers (even though I was a year late to the class), which ultimately led me to where I am now.
Over the years, I’ve had a ton of positive and also a few negative experiences. I remember working on some research back in 2017. I was riddled with self-doubt, but a super supportive work colleague told me the research I did was brilliant and that I should submit it to the Black Hat security conference. I did, it got accepted, and I was on stage talking about what I love. Standing by and supporting each other in the workforce is critical as is being a good motivator, mentor, and positive influence on your peers.
I found that a lot of men were champions of me early in my career. There was the inspiring CISO who gave me advice about my long-term career. And there was my boss at my first security job who actually gave me five percent more salary than what I asked for. He told me I deserved it, and at the time, it was so inspiring because I didn’t know my true worth.
In the past, I have worked for someone who had a negative impact. However, I learned from that to be kind, make sure I was the best version of myself, and to be attuned to how I want to treat people. Recently, I had the honor of meeting Daniel Cuthbert (Twitter | LinkedIn) via the Black Hat community. Daniel is not only a true gentleman but also someone who treats people with kindness. He possesses a unique willingness to help people with blogs and their CFP submissions, to teach others, and to call out the bad stuff as it is. His friendship and true strength of character is something I value every day.
Face it, you can’t always be available for everybody, but you must always remember that kindness and sincerity are important.
The lesson for me is that all of these past experiences – positive, negative, somewhere in the middle – accentuate why mentoring is so important. When I started out, there wasn’t really anyone that had experience in the industry, and those who knew more did not freely share their knowledge, so a lot of people had to make their own path. That has given me the inspiration to give back and help others.
You absolutely have to be kind. I’m coaching at Black Hat and BSides Melbourne to help the next generation coming through, and that’s something that all those amazing people I’ve met through my career have helped me to achieve.
Celebrating the Queen of Awesome
Who has had the biggest impact on my professional career? Well, it has to be Dr. Jessica Barker (Twitter | LinkedIn). She has not only mentored and supported me in my early career, but I’m also now lucky enough to call her my boss and a dear friend.
Jess has inspired me in so many ways, both in my professional and personal life. She’s taught me that following your passion is so important as well as to always be excited by your work and the people you work with.
I want to celebrate Jess because she is the queen of awesome! She works harder than anyone I know but always finds the time to support and engage with individuals young and old who want some advice on cybersecurity and getting into the industry.
What legacy does Jess have in cybersecurity? Jess is a thought leader on the human side of cybersecurity. She 100% breaks down the barriers and makes cybersecurity accessible and understandable to not only organizations across the globe but also to the everyday individual. Her ability to communicate complex issues is phenomenal.
Read Cisco’s eBook, Lifting Each Other Up: A Celebration of Women in Cybersecurity and Their Advocates
For additional perspectives and insights on women in cybersecurity and their allies