Issues related to cybersecurity threaten to destabilize the internet and related technologies, causing ripple effects throughout other industries. To combat this, there is an ever-increasing need for educated, talented, and enthusiastic cybersecurity professionals.
The cybersecurity industry is a male-dominated one. But the problem isn’t that there are too many men in the industry, but rather that there are not enough women.
Thankfully, the gender gap has not gone unnoticed. Plenty of individuals and organizations realize we need to take action. Priorities include attracting more women to the cybersecurity field and empowering them to be successful in their careers.
Various initiatives are in place across the globe with the common goal of supporting women in cybersecurity. They often include education, training, networking, mentorship, and socializing, among other offerings.
In this article, we take a closer look at the gender gap and the challenges faced by women in IT security, before highlighting some of the initiatives dedicated to helping them.
Why it’s important to close the gender gap
A report by Cybersecurity Ventures states that women make up 20 percent of the cybersecurity workforce, while an (ISC)2 study using different criteria pegs the number slightly higher at 24 percent. Even though the percentage of women in cybersecurity has increased since 2013 — when women represented just 11 percent of the industry workforce — there is clearly still a gender gap.
Aside from a gender gap, there is also a severe talent gap, with 53 percent of organizations reporting a “problematic shortage” of cybersecurity skills. And we’re not just talking cybersecurity firms here. Most industries these days rely on technology to function, and thus have needs in terms of cybersecurity.
Having more women in cybersecurity would help boost the industry and fill the drastic need that companies have for top talent. Interestingly, the (ISC)2 study found that women in this field are, in general, better educated than men, and a larger percentage of women are reaching top positions.
Aside from that, there are other benefits to gender-balanced infosec teams including:
- Helping to bring different perspectives to the table
- Changing the status quo to improve internal and external perceptions
- Providing learning and growth opportunities
Let’s look at these in a bit more detail:
1. Bringing different perspectives to the table
Diversity can provide benefits in most industries, but it’s especially important in cybersecurity. As Priscilla Moriuchi, Director of Strategic Threat Development at Recorded Future explains to Forbes:
We need people with disparate backgrounds because the people we are pursuing, (threat actors, hackers, ‘bad guys’) also have a wide variety of backgrounds and experiences.
2. Changing the status quo
Infosec Institute writer Susan Morrow explains:
There is at least a perception that the industry is “techie” and therefore more suited to men than women. This is a societal issue. STEM fields, in general, have become associated with men.
And this doesn’t just apply to outsiders looking in. Lisa Kearney, founder of Canada’s Women CyberSecurity Society, was a director of product security at a British Columbia firm when she was told by a male colleague:
Don’t worry about attending this meeting; it’s technical.
Since these perceptions are based on the status quo rather than scientific evidence, closing the gender gap could help to correct them.
3. Providing learning and growth opportunities
(ISC)2 found that women in cybersecurity are generally better educated; 44 percent of men in cybersecurity have a postgraduate degree, compared to 52 percent of women. What’s more, women in the field are more likely to reach leadership positions. This shows that gender diversity comes with growth and learning opportunities. The entire workforce and organization as a whole can benefit from the recruitment of more highly-qualified and ambitious women.
Closing the gender gap will help pave the way for a future of gender diversity (and hopefully other types of diversity) in the cybersecurity field.
Why women are deterred from cybersecurity
Science, Technology, English, and Math (STEM) education is getting a huge push in curriculums in various parts of the globe, and many graduates emerge with the skills and desire to pursue a career in infosec.
However, with many more STEM-related industries to choose from, the obvious gender imbalance in the cybersecurity industry may create negative perceptions that deter some women from the field.
Reframing common misconceptions women have about cybersecurity is important for helping them see the opportunities in the field. Here are some examples of negative perceptions and alternative ways to view them.
Main challenges for women trying to break into the field
Even once a woman has decided to pursue a career in cybersecurity, she might face a number of hurdles. For example, a 2017 (ISC)2 study found that 51 percent of women in cybersecurity faced some form of discrimination.
While that figure is alarming, certain tactics can help overcome problems. Learning about what challenges women may face and being armed with potential solutions can make entering and staying in the cybersecurity industry more manageable.
Many of the solutions discussed here are supported heavily by the initiatives below.
Initiatives to get more women in infosec
While the gender divide in cybersecurity is clear, thankfully many women (and men) in the industry recognize the issue and are taking steps to close the gap. From the US to Ukraine, a plethora of initiatives across the globe help to attract girls and women to careers in cybersecurity and assist those already in the field.
Below is a list of some of the best initiatives I’ve discovered, including information about who each initiative serves and how to get involved. You’ll also find advice from representatives of some of the organizations aimed at helping women who are starting out in their cybersecurity careers.
1. WiCyS (Women in CyberSecurity) (Global)
WiCys is a nonprofit membership organization that aims to bring together women in cybersecurity to share experience and knowledge, and provide mentoring and networking opportunities.
Who is it for?
The initiative is for all women involved in cybersecurity, including in academia, research, government, and industry.
WiCys serves both women in cybersecurity and companies who can benefit from their expertise. Women enjoy learning and career development opportunities, no matter which stage of their cybersecurity career they’re in. WiCys also provides companies with a pipeline of qualified cybersecurity job candidates at all levels. It promotes the fact that aside from being highly qualified, female candidates can enhance diversity within the workforce and improve external perceptions.
How to join WiCys
If you’re interested in becoming a member of WiCys, annual membership fees are $15 for students, $55 for faculty members and government or nonprofit employees, and $95 for industry members. Attendance at the annual WiCys conference incurs additional fees ($35–$400).
2. Women’s Society of Cyberjutsu (WSC) (USA)
Another nonprofit membership organization, WSC was founded in 2012 and now serves thousands of women around the world. It focuses on women’s cybersecurity careers, including providing training, networking, and mentorship.
Who is it for?
While WSC can be helpful for all women in cybersecurity, it’s most beneficial for those thinking of embarking on a career in the field or just starting out. It has a ton of programs designed to give women a leg up in the industry, including workshops, networking events, job boards, and certification preparation study groups.
The overall mission of this organization is to empower women to succeed in cybersecurity roles. By providing education and professional opportunities, it’s a one-stop-shop for female cybersecurity hopefuls.
How to join WSC
Annual membership fees for WSC start at $50 for military personnel and students and increase to $100 for other women. There is also a men’s membership which costs $50 and includes limited access to online content.
For any woman entering cyber, be fearless. Take the initiative to learn and grow. People are going to challenge you. Never give up.
Mari Gallaway, CEO, Women’s Society of Cyberjutsu
3. WoSEC: Women of Cybersecurity (Global)
This organization takes care of the social aspect of women in cybersecurity. It has a large Twitter following and Meetup groups in various US locations, as well as in Canada, France, Switzerland, India, Kenya, and other countries.
Who is it for
This group is mainly for those who would like to experience the camaraderie of meeting like-minded women in the cybersecurity industry. The number of locations for the Meetup groups are limited, so it’s really only suitable if you live in specific areas or are willing to travel (or perhaps start your own chapter).
Inspired by a Cyber Ladies Meetup group in Israel, cofounder Tanya Janca (@shehackspurple) wanted to create a similar environment for women (and anyone who identifies as a woman) to make friends in the cybersecurity industry. Members meet to discuss their work as well as to mentor each other and network. They also attend typically male-dominated events in groups, so as to never feel like the odd one out.
How to join WoSEC
There are no membership fees for WoSEC. A list of chapters can be found at the end of this Code Like a Girl blog post, along with links to the respective Meetup groups. You can also search “WoSEC” on the Meetup website to see if there is a group in your area.
4. The Diana Initiative (USA)
The Diana Initiative is a women in cybersecurity conference held in Las Vegas. It was developed by a group of women who felt there was a need for an infosec conference dedicated to females. The conference includes presentations by speakers in the infosec community, networking and mentoring opportunities, and “villages” that teach things like lockpicking and soldering.
Who is it for
The conference is for women and non-binary individuals working in or entering the information security industry or related disciplines.
Promoted as “a conference for women, diversity, and inclusion in information security,” the Diana Initiative seeks to promote diversity in the field and help to change workplace cultures.
How to join The Diana Initiative
The two-day conference takes place in August and you can buy tickets through The Diana Initiative website. You can bag yourself a free ticket by volunteering to help with the setup and running of the conference.
5. OWASP Women in AppSec (WIA) (Global)
The Open Web Application Security Project (OWASP) is a not-for-profit organization that focuses on improving software security. The Women in AppSec (WIA) is a division of OWASP that is dedicated to women in application security.
Who is it for
The OWASP WIA is for all women in application security, including instructors, students, and professionals in the information security industry or in application development. The initiative is based in the USA and OWASP’s flagship AppSec events are held in various locations, including in the US and Europe, but the group is open to women across the globe with Meetup groups forming in various locations.
One of the main goals of WIA is to attract more women to become active members in OWASP and other AppSec communities. It also seeks to provide training and mentorship opportunities to women in the industry, as well as offer financial support through sponsorship, grants, and scholarships.
How to join WIA
Membership is free and anyone can become a “participating member” by emailing the organization secretary. To become a “voting member,” you have to be a member of OWASP and a participating member of the group for three months. OWASP WIA is highly active on Twitter.
6. SANS Women’s Immersion Academy (USA)
The (SANS) Institute is a world-renowned provider of information security research, training, and certification. It created various “CyberTalent Immersion Academies” to kickstart participants’ cybersecurity careers while helping to close the skills gap in the cybersecurity industry. As its name suggests, the Women’s Immersion Academy is designed exclusively for women.
Who is it for
There are fairly strict requirements for the program, including that applicants are in their senior year in college, preferably enrolled in a field related to computers, IT, or other technical STEM subjects. It’s only open to US citizens or permanent legal residents. It’s not open to anyone who has achieved a Master’s or PhD in information security or to those with experience working in information security.
The SANS Women’s Immersion Academy provides an accelerated, intensive training program to help women quickly launch a career in cybersecurity.
How to join SANS Women’s Immersion Academy
One of the best things about Immersion Academies is that they are scholarship-based with no payment required. The 2019 program is full, but you can look out for details for when to apply for the 2020 program.
Network. Network. Network. Get to know as many people in the field as possible. And if you’re a woman looking to break into cybersecurity, don’t be afraid to lean on other females in the industry. I highly recommend building a strong support system among other women in the InfoSec field. Seek professional advice. Ask about where you should be focusing your time; what areas of study are most relevant; and what you need to do to get a job.
Xena Olsen, Cyber Threat Intel Analyst at Financial Services and 2017 SANS Women’s Immersion Academy graduate
7. Code Like A Girl (Global)
Who is it for
The content produced by Code Like A Girl is mainly centered around women in technology but much of it provides a worthy read for anyone interested in the field. Topics include female role models in technology, coding how-tos and troubleshooting, and advice on teaching kids to code. Lots of the material can be especially beneficial for employers looking to bridge the gender gap.
The mission of the team behind Code Like a Girl is to change perceptions of women and tech and to help encourage women of every age to consider a career in technology.
How to join Code Like A Girl
8. Ladies in Cybersecurity by DefCamp (Romania)
DefCamp is an annual hacking and information security conference that brings together leading cybersecurity experts to share their knowledge and research. Ladies in Cybersecurity by DefCamp is a similar infosec conference with an all-female lineup.
Who is it for
While the event only features female speakers, anyone can attend. As with other DefCamp conferences, it is held in Bucharest, Romania, but is open to attendees from across the globe.
The conference organizers want to shine a spotlight on women in the cybersecurity field and show that they can provide insight and guidance that can be beneficial to everyone, not just other women. Speakers talk about cybersecurity threats and their own stories in the infosec industry, plus hands-on workshops and one-to-one sessions.
How to join Ladies in Cybersecurity by DefCamp
The 2019 event was held in March but you can check the Ladies in Cybersecurity website for details on the next event.
Florina Dumitrache, Event Coordinator, Ladies in Cybersecurity by DefCamp
9. Australian Women in Security Network (ASWN) (Australia)
The AWSN runs events and initiatives geared towards helping women entering or working in the cybersecurity industry.
Who is it for
This initiative targets female-identifying persons in Australia who are interested in a career in cybersecurity or already work in the field and would like support from a community of like-minded women. There are chapters running in eight cities across Australia: Brisbane, Canberra, Darwin, Hobart, Melbourne, Perth, and Sydney.
The main goal of this network is to grow the number of women involved in the security community by providing support and inspiration. It runs local events and outreach programs, and provides mentoring, collaboration, and coaching. It also promotes volunteer and guest-speaking opportunities.
How to join AWSN
If you’re interested in finding out more about AWSN, you can contact the organization via its web contact form.
Be yourself! Don’t hesitate to give a go to every opportunity. As one of the Australian Women in Security Network (AWSN) leadership team, I have been approached by a number of senior managers and business owners working in cyber or information security and seeking more women, diversity more generally, for their teams. They frequently complain about the lack of women applicants for the positions they advertise. They are seeking diversity and mindful of the gender imbalance on their teams, and importantly, want to reach out to improve that imbalance going forward.
Chris Miller, Chapter Co-Lead of the Canberra Australian Women in Security Network
10. Cercle des Femmes de la CyberSécurité (CEFCYS) (France)
CEFCYS is a French organization dedicated to women in cybersecurity. It provides education, training, mentorship, and awareness programs, publishes reports and white papers, educates recruiters on the cybersecurity industry gender gap, and hosts and sponsors events.
Who is it for
The organization is for women working in the cybersecurity field or who wish to embark on a career in cybersecurity. It also welcomes men who want to work to help increase the number of women in the field. Most events hosted and sponsored by CEFCYS are held in France.
The goal of CEFCYS is “to promote and advance the presence and leadership of women in information systems security professions.”
How to join CEFCYS
Membership to CEFCYS costs €50 per year. To become a member, you need to be co-opted by two existing members. You can email firstname.lastname@example.org to request co-optation.
11. CybHER (USA)
CybHER encourages girls to enter the cybersecurity field by providing resources to K–12 students. So far, it has reached more than 14,000 girls with its efforts.
Who is it for
The initiative provides resources to girls in middle school through to those in collegiate programs.
CybHER directly targets K-12 students to educate them about the field of cybersecurity and encourage them to join the industry. Outreach efforts include presentations at STEM events, social media groups, and an awards event.
How to join CybHER
One of its most notable projects is the NSA-sponsored GenCyber Girls in CybHER® Security Camp 2019. This is a free summer camp for 6th–9th graders taking place at Dakota State University. This year’s camp took place at the end of June, 2019, but you can keep an eye out on the website for next year’s registration information.
12. Engaging Women in Cyber Defence (Canada)
This is an initiative on behalf of the Canadian military to conduct research into why there are so few women in cybersecurity roles in Canada. Engaging Women in Cyber Defence is a survey that seeks to discover the barriers that women face.
Who is it for
The survey is aimed at all women over the age of 18 in Canada.
The ultimate aim is to understand why women aren’t joining the industry so that the Canadian military can use that information to aid recruitment in Canada’s Cyber Defence.
How to join Engaging Women in Cyber Defence
13. ECSO’s Women4Cyber (Europe)
The European Cyber Security Organisation (ECSO) is a Belgian-based not-for-profit organization that was established in 2016. Women4Cyber is a new initiative for the organization announced in 2018. It brings together 20 top women in cybersecurity who will come up with actionable steps and guidelines for attracting more women to the cybersecurity field.
Who is it for
The initiative is in its early stages, so it’s unclear who exactly will benefit, but there are set to be spin-off initiatives that will help women in cybersecurity across Europe.
The Women4Cyber initiative seeks to create a “more gender inclusive cybersecurity field.” ESCO recognizes the need to attract and retain more women in the cybersecurity field and wants to take concrete actions to facilitate this.
How to join Women4Cyber
The existing team has been curated, but there will likely be opportunities to join future projects. You can keep up to date with Women4Cyber by following @ecso_eu or the #Women4Cyber hashtag on Twitter and LinkedIn.
14. Executive Women’s Forum (EWF) (USA)
The EWF is a membership organization for women in positions of influence in the information security industry. It was founded in 2002 by Joyce Brocaglia, who is the CEO of Alta Associates, a leading recruitment firm in the areas of IT risk and information security. Its flagship event, the three-day EWF National Conference, attracts over 500 global female thought leaders.
Who is it for
EWF is for female executives and emerging leaders in the information security, privacy, and risk management industries. The organization is based in the US but has members around the world.
The goal of EWF is to bring these women together to share ideas and build trusted relationships. It provides mentoring and leadership programs and hosts events, including networking dinners and meet-and-greets. A government outreach program serves to educate government members and staff and get women more involved in the legislative process.
How to join EWF
A standard individual membership costs $395 per year. A government and academic membership is $195 per year. You can join by first signing up for an account on the EWF website and submitting a membership request.
As the CEO of Alta Associates, the leading executive search firm that specializes in Cybersecurity and the Founder of the Executive Women’s Forum on Information Security, Risk Management and Privacy (EWF), the largest member organization for women in cyber; the key advice that I would offer is to get actively engaged in an industry association or organization like the EWF. By doing so, you will be able to build trusted relationships with professionals at all levels in cybersecurity, have opportunities for education, career advancement and creating your personal brand and reputation in the industry.
Joyce Brocaglia, Founder, Executive Women’s Forum
LLHS is an organization dedicated to promoting women in cybersecurity. It runs Meetups every month which involve talks, workshops, and more.
Who is it for
Despite the name, the initiative is growing and there is another Meetup group in Norwich (LNHS) and one in Bristol coming soon. It’s open to all women in the cybersecurity field, and men are welcome to give talks and run workshops.
The goal is to bring together women in cybersecurity who want to share skills and technical knowledge.
How to join LLHS
I would say to women starting out in cyber to stop asking permission, and stop waiting for opportunities. If you want to transition internally ask how your employer can help you, not if they will permit you.
I would advise women to ignore traditional academia, you don’t need a degree to do this. Everything you need is readily available at your fingertips, if you have a computer and a working browser go and learn this stuff for free and add it to your LinkedIn profile and CV. Courses on udemy, udacity, pluralsight, cybrary and edx are either free or cheap and are more up to date and in keeping with the infosec industry than any traditional route.
I would also advise them to not over think and panic about what they don’t know. No one in this industry knows everything. It isn’t possible, there are a million sub divisions, you are never going to scratch the surface in all of them. Don’t worry, we all have imposter syndrome in infosec and a sure fire way to know someone is bullshitting you is when they refer to themselves as the world’s expert on a wide ranging topic. Avoid those people like the plague.
Eliza May Austin, Founder and Director, Ladies of London Hacking Society
ICMCP is a non-profit association empowering women and minorities to succeed in the cybersecurity industry. It provides lots of resources, including mentoring programs, skills assessments, and job opportunities and scholarships for women in cybersecurity.
Who is it for
The initiative is aimed at all women and minorities interested in cybersecurity or already in the industry. It has programs targeting students, but also does lots of work to help those who have already entered the workforce.
The ICMCP seeks to boost the representation of women and minorities in the field of cybersecurity. It does this through programs that promote recruitment, retention, and inclusion.
How to join ICMCP
Membership gives you access to various educational, career development, and networking tools. There are three membership tiers to choose from, with higher tiers offering additional resources. They are beginner ($15 per month), practitioner ($30 per month), and executive ($50 per month). Membership is free for students.
Develop some core technical competency. A CISSP is not enough. Pick one area of the broad security space and dig in. Read books and articles, attend classes, attend conferences, job shadow people with the specific expertise. Eventually, become a thought leader in that topic, taking it from the angle that works best for you.
Vanessa Pegueros, Board Member, International Consortium Of Minority Cybersecurity Professionals
17. Girls Go CyberStart (USA)
Girls Go CyberStart is a series of interactive challenges designed to get highschool girls interested in cybersecurity.
Who is it for
The program is run in 27 states, including California, Pennsylvania, and Texas, and is open to those identifying as female. To be eligible, girls must be 13 years old by mid-February of the program year and be enrolled in grade 9, 10, 11, or 12.
Girls Go CyberStart is aimed at helping to address the shortage of US cybersecurity experts by encouraging high school girls to consider careers in the field.
How to join Girls Go CyberStart
The 2019 intake is closed, but the Girls Go CyberStart website has a form for you to register your interest for next year.
Don’t let the gender gap stop you doing what you want: stay motivated and believe in yourself. Take advantage of all the competitions and resources out there and don’t be afraid to break all the stereotypical views of cybersecurity – in fact, see the lack of women in cybersecurity as an opportunity.
Sarah Hoyle, Girls Go CyberStart
18. Girl Scouts HPE Cybersecurity Patch (USA)
The Girl Scouts organization is keeping up with the times and now offers a patch that rewards knowledge of cybersecurity. The patch program and accompanying game was developed by Hewlett Packard Enterprises (HPE). The program teaches best practices for online safety and privacy and the game simulates cybersecurity threats such as phishing and cyberbullying.
Who is it for
The patch program is for Girl Scout Juniors aged 9–11.
The primary reason for the development of this patch is to give girls the knowledge and tools they need to stay safe online. There is also the hope that by working with women in cybersecurity at HPE, girls will get excited about technology.
How to join Girl Scouts HPE Cybersecurity Patch
To get your child started with Girl Scouts, you can fill out an online form to find troops in your community.
19. Mastercard’s Girls4Tech (Global)
Girls4Tech is a Mastercard-driven STEM initiative to help encourage young girls to build technology and related skills. It involves events where attendees learn about and practice STEM skills.
Who is it for
The core initiative targets girls, aged 8–12. But a new program, Girls4Tech 2.0, will be aimed at older girls, aged 13–16. It is based in the US but events have been hosted in 25 countries and the program has been translated into 11 languages, including Spanish, Chinese, and sign language.
The program exposes girls to new technology and teaches and inspires them through role models and hands-on activities. Its ultimate goal is to empower young girls to become technology leaders.
How to join Mastercard’s Girls4Tech
Girls4Tech is run through partnerships, the major one being with Scholastic. There are also collaborations with organizations across the globe, including a humanitarian program with American Airlines and a sports and STEM program in partnership with Major League Baseball (MLB). You can check out the Girls4Tech website for more details.
20. IAPP’s Women Leading Privacy (Global)
The International Association of Privacy Professionals (IAPP) is a policy-neutral information privacy organization. It publishes news, hosts meetings and conferences, and provides privacy training and certifications. IAPP’s Women Leading Privacy “section” is a dedicated space for female privacy professionals to come together.
Who is it for
This initiative is geared toward women who are already in the privacy field and want to advance their careers.
Women Leading Privacy provides a space for female privacy professionals to share career support, network, and find job opportunities.
How to join IAPP’s Women Leading Privacy
To join this section, you must first be a member of IAPP, the annual cost being $50 for students, $100 for government, not-for-profit, retired, and higher education members, and $275 for professionals.
21. Women in Technology (WIT) (USA)
WIT is a Cyber Security & Technology Special Interest Group (Cyber & Tech SIG) for broadening opportunities for girls and women in information security and technology. It offers technology education, mentoring and networking opportunities, and leadership development.
Who is it for
WIT is geared toward women at all levels of a technology career, from school-age girls to female executives. The organization is fairly localized with members mainly located in Washington DC, Maryland, and Virginia.
The primary goal of WIT is to advance women in technology. Specifically, it wants to increase the number of women in management positions, to educate women in technology, and to provide a networking environment for women to collaborate and learn from one another. It provides online training materials and in-person education programs, and hosts regular events.
How to join WIT
You can join online by paying a membership fee of $115 per year ($50 for federal or state employees and students).
22. Women in Security – Kansas City (WiS-KC) (USA)
This is a very localized non-profit organization, based in Kansas City, Missouri. It provides workshops, mentoring, and networking, and sponsors scholarships for women pursuing degrees or certifications in cybersecurity or information security.
Who is it for
It aims to serve women at all levels in the local information security community.
The goal is to inspire and support women in information security and provide them with a focus. It does this through education and training, and hosting regular events.
How to join WiS-KC
There is no membership or registration for WiS-KC, but you can check the website for details on attending monthly meetings or subscribe to the mailing list for updates.
Don’t be afraid of failing – failing is a way you can grow as an individual. If you’re going to fail; fail fast, fail forward and fail often.
Amber Stone, President, Women in Security – Kansas City
23. Women in Security and Privacy (WISP) (USA)
WISP is a California-based initiative helping women to succeed in privacy and security industries. It provides education, networking, mentoring, and leadership training, including hosting and sponsoring national events.
Who is it for
The organization has resources and events for all women interested in cybersecurity. However, it mainly serves members of its core chapters in Seattle, Washington DC, Los Angeles, and Boston. New chapters are set to be formed in New York City and Dublin (Ireland). Membership is most suitable for women looking to advance their career in the privacy and security sectors.
WISP’s core mission is “advancing women to lead the future of privacy and security.” To do this, it provides in-person security training sessions, workshops (such as secure coding, privacy engineering, and lock picking), and a peer-to-peer mentorship program (WISP Tandems), and sponsors various high-profile infosec events.
How to join WISP
To become involved with WISP, you can sign up for their newsletter or follow them on Twitter, Facebook, and LinkedIn.
24. Women in Defense (WID) (USA)
Incorporated in 1985, WID is a National Defense Industrial Association (NDIA) affiliate helping to engage and advance women in areas of national security. It is represented by 20 chapters across the US.
Who is it for
The WID alliance members include men and women from a variety of fields, including industry and defense organizations, the US Armed Forces, government agencies, and academia.
This initiative is in place to try to help create a diverse workforce within national security and to improve women’s knowledge, connections, and leadership skills. On a national scale, the organization collaborates to advocate for best practices, policies, and technology for those involved in national security. Locally, members participate in chapter events and mentoring, as well as a women in cybersecurity scholarship program.
How to join WID
You can join WID through the organization’s website. Membership is free for active military personnel and government employees. For academia and industry members, there is an annual fee of $40.
25. BAE Systems’ Women in Cybersecurity (WiCS) (Global)
BAE Systems is a UK-based multinational company, specializing in security, defense, and aerospace. Its WiCS initiative is driven by its Applied Intelligence firm, which specializes in security. It provides training programs, including anti-bias training for senior management, and hosts and attends security event talks.
Who is it for
This initiative appears to be more internally focused, with WiCS helping to make waves within Applied Intelligence itself. However, it does impact the cybersecurity as a whole through talks at various cybersecurity events.
The goals of WiCS are to motivate and empower women to excel in their respective areas of security, attract more women to the industry, and offer support to women throughout their careers.
How to join WiCS
To find out more about the group or to invite a member to speak at an event, you can contact WiCS at WomeninCyberSecurity@baesystems.com.
26. LATAM Women in Cybersecurity (WomCy) (Latin America)
WomCy is a Latin American membership organization dedicated to increasing the number of women in cybersecurity.
Who is it for
The organization is targeted at females of all ages in Latin America, including school-age girls and women already in successful cybersecurity careers.
The goal of WomCy is to close the cybersecurity gender gap in Latin American countries. It does this through talks and career mentorship for school-age girls, and education, mentoring, and recruitment services for women seeking to advance in their cybersecurity careers.
How to join WomCy
There is a perception that to follow a career in Cybersecurity one needs to have a computer science degree or advanced engineering skills. Yes, there are roles that require those. But there are also a wide variety of other positions that do not require a technical degree. And if you are one of those women interested in this career who excel at positions that apply leadership, communication and team collaboration, then Cybersecurity is also for you.
Second, start looking at the roles itself and their requirements to help match with your previous experience, even if in another area. There are Cybersecurity positions out there that require exactly the skills I mentioned: managers, product marketing, finance, analysts, compliance, data privacy. They also go unfulfilled. Finally, network and learn from other women who are already in these roles. Women tend to be giving human beings who thrive to share how they started in their careers and how they succeeded. Mentorship can be done in several ways, not only through formalized programs. Bring this conversation to the universities – Liberal Arts, Social Studies – and show the students that these roles do exist in Cybersecurity. Initiatives like this help bring a realistic image to the students and not misconceptions that Cybersecurity is for only geeks.
Leticia Gammill, President, LATAM Women in Cybersecurity
27. Uniting Women in Cyber (UWIC) (USA)
UWIC’s flagship event is an annual symposium with dozens of female (plus a few male) speakers and hundreds of attendees. It sponsors other activities and meetups over the course of the year.
Who is it for
The symposium brings together women leaders who share their knowledge and experience with other women in cybersecurity.
UWIC seeks to leverage the success of female cybersecurity leaders to help discover and address issues that may be hindering other women from reaching leadership positions. UWIC has partners from corporate, academia, government, investment, and nonprofits.
How to join UWIC
The 2019 symposium took place in May, but you can sign up on the UWIC website to receive updates about upcoming events.
28. She Secures (Africa)
She Secures is an initiative to raise awareness about cybersecurity and get more women involved in the field at a younger age. It hosts networking events, bootcamps, webinars, mentorship sessions, and hackathons, and connects members with internship opportunities. It also helps members find security jobs for women.
Who is it for
This initiative started in Nigeria, but has members all over Africa and other parts of the world. Some programs aim to help youngsters discover cybersecurity, while others target women wanting to enter or grow their career in the cybersecurity industry.
She Secures wants to get young people involved in cybersecurity, especially young women. It also aims to help women already in cybersecurity to reach their career objectives.
How to join She Secures
You can join She Secures for free by joining the initiative’s WhatsApp group (the link is at the bottom of this page).
We’d say be curious and be more than willing to learn even if you don’t know jack about what you’re trying to get into, when folks see you’re willing to learn and not just waiting for them to spoon feed you with tools and resources, they would be happy to lend you their time or ears because they know you’re not one of those lazy people who’s coming to waste their time.
Also never give up the opportunity to meet new people in the industry through cybersecurity meetups, happy-hours or conferences….The saying ‘your network is your net-worth can never be overemphasized’, so keep it balanced, join any women in cybersecurity group or circle in your community, and attend as many of those meetings as you can, and follow-up with those contacts you met when you leave. Lastly stay up to date with cybersecurity news/trends – through blogs, news sites, or your favorite cybersecurity industry players on social media.
Sophina and Lilian, Founders, She Secures
29. Meta Defence Labs’ SHe CISO Exec. (UK and Sri Lanka)
Meta Defence Labs is a cybersecurity company based in both the UK and Sri Lanka. Its initiative SHe CISO Exec. is a platform for mentoring and training women in cybersecurity leadership. It appears to be in its early stages but runs meetups, boot camps, and networking events.
Who is it for
SHe CISO Exec. is mostly geared toward women who are interested in cybersecurity or are in the early stages of their careers. Men are also welcome to join the programs. So far, events have been held in London, UK, and Colombo, Sri Lanka.
The main goal is to create a bigger and better talent pool in the information security sector. While SHe CISO Exec. recognizes the need to attract more women to the industry, it is not exclusively for women.
How to join SHe CISO Exec
There isn’t an official signup process, but if you’re interested in attending events, you can email the organization directly at email@example.com.
30. Seidea (UK)
Seidea is an initiative focused on encouraging black and ethnic minority women to help close the cybersecurity gender gap. It conducts webinars, lectures, and roundtables with prominent figures in the cybersecurity industry.
Who is it for
The group is for black and ethnic minority women with an interest in cybersecurity. Most activities take place in London, UK, but there are some online programs.
Seidea hopes to help close the cybersecurity gender gap by introducing young women to role models within the industry whom they identify with, and by providing training and education programs.
How to join Seidea
Be self aware, understand your skill sets and your areas of strengths. After assessing yourself, I would recommend looking at the various jobs within the sector and understanding what suits you based on your personality, skillset and experience. This would help you understand where you are at, where you are aiming to go, enabling you to identify the gaps. Identifying the gaps are important as it allows you to come with strategy plan. I would also suggest an accountability partner to keep you on track.
Stephanie Itimi, Founder, Seidea
31. Cyber Shikshaa (India)
Cyber Shikshaa is the product of a collaboration between the Data Security Council of India (DSCI) and Microsoft, and provides cybersecurity training programs for women. The intensive programs are four months in duration and take place in training centers across various locations in India.
Who is it for
The training programs are for women in India who are interested in pursuing careers in cybersecurity. Applicants must be aged 21–26, hold an engineering degree, and have a family income of less than seven lacs.
The main objective of Cyber Shikshaa is to help boost the careers of otherwise underserved women in India while helping to bridge the talent and gender gaps in the cybersecurity industry.
How to join Cyber Shikshaa
Eligible candidates can register for the program completely free. Start dates and locations vary, but there are multiple programs running throughout the year.
32. The CyberWire’s Women in Cyber Security (USA)
The CyberWire is a Maryland-based cybersecurity news outlet. Its Women in Cybersecurity initiative is centered around an annual reception that celebrates women in the field.
Who is it for
The reception takes place in Washington, DC, and welcomes women from across the region. It is specifically aimed at various levels of female cybersecurity professionals in academia, the private sector, and governments
The reception highlights women in the cybersecurity industry and provides an environment for those pursuing cybersecurity careers to connect with mentors.
How to join CyberWire’s Women in Cyber Security
The Women in Cyber Security reception is an invite-only event, but you can request consideration for an invitation. Details for requesting an invite will be posted to the event page.
33. Women CyberSecurity Society (WCSS) (Canada)
This non-profit women’s security society provides career development programs and services, coaching, and mentoring for women in cybersecurity careers.
Who is it for
The organization is for girls and women who are already in cybersecurity or thinking about embarking on a cybersecurity career. It’s based in Vancouver, Canada, but has six chapters around the world.
The goal is to empower women and girls who have an interest in cybersecurity to succeed in their careers. This is achieved by providing educational programs, support, and services to help overcome the challenges faced by women in cybersecurity.
How to join WCSS
The annual membership fee is CAD $59 which gives you access to educational tools and resources, and events.
Have a Career Development Plan and research organizations you’d thinking of working for and the training you’re looking to invest your time and money in.
Lisa Kearney, Founder & CEO, Women CyberSecurity Society
34. ISSA India Women in Cyber Security (W-CS) (India)
W-CS is a special interest group affiliated with the India chapter of the Information Systems Security Association (ISSA). It hosts online events and in-person meetups.
Who is it for
This initiative is geared toward any women in India who are interested in or already in a career in cybersecurity.
W-CS aims to help form connections between women in the cybersecurity industry and inspire the next generation of women pursuing a career in the field.
How to join W-CS
Joining W-CS is free and simply requires that you fill out an online form.
Have faith in your abilities and keep marching on. Understanding the nuances of security is hard and takes practice. So believe in yourself and don’t give up!
Pragati Ogal Rai, Chairperson, Women in Cyber Security, an ISSA India Chapter
35. LinkedIn groups for women in cybersecurity
A quick search on LinkedIn will yield many pages and groups dedicated to helping women in cybersecurity and related fields. Here are some of those that stood out to me:
- Mentor & Mentee Women in Cybersecurity (2,250 members)
- League of Women in CyberSecurity (LoWiCyS) (784 followers)
- Women Know Cyber Group (249 members)
- Women in Security Group (326 members)
- Help A Sister Up (881 members)
- AFWIC African Women in Cybersecurity (1,983 followers)
- Women in CyberSec | Switzerland (37 members)
- Seattle Women in Cyber Security and Information Security (SWiCSIS) (104 members)
- Women in Cyber Leadership (270 members)
- Women and Minorities in Cybersecurity (61 members)
- Women in Cybersecurity NB (20 members)
- Women in Cybersecurity of Spain (126 members)
- Women in Cybersecurity Community Amsterdam (39 members)
Key advice for women interested in infosec as a career path
Clearly, there are a ton of initiatives to get involved with to help you begin or advance your career in cybersecurity. In fact, with so many options, no matter where you are in the world, it may be overwhelming to think about where to begin.
To help, here are some of the key things to think about when mapping out your path:
- Build a support network
- Find a mentor
- Explore different areas
- Practice, practice, practice
- Believe in yourself
- Do an internship
- Look for diversity reports
- Follow relevant hashtags
Let’s look at these in a bit more detail:
1. Build a support network
Most successful professionals in virtually any industry will tell you that a support network is essential. Aside from providing outside perspectives, a support network can enable you to tap into the experiences of others, and may provide you with training and skills development opportunities. Building strong relationships with others in the field may even lead you to your next job.
2. Find a mentor
A key component of a solid network is a great mentor. Having someone to bounce ideas off and look to for career advice can be invaluable. Mentors may also be able to help you form connections with key players in your field, leading to other networking or job opportunities.
As Steve Morgan, Founder and Editor-in-Chief at Cybersecurity Ventures and co-author of the book “Women Know Cyber: 100 Fascinating Females Fighting Cybercrime” tells us, women entering the field should…
[…]build a network of women and men to collaborate with, get advice from, and learn from.
He goes on to say:
Social media helps make that possible. Send a personal note telling people why you want to connect with them on LinkedIn, and you’ll get the best results that way. Attend local cybersecurity conferences and get to know other people in our industry. There’s power in unity.
Noureen Njoroge of the LinkedIn group Mentor & Mentee Women in Cybersecurity agrees:
Cybersecurity career is a journey and not a destination. There are many domains of security that you will have to navigate through until you find your niche. In this industry you must be adaptable to change as the threat landscape is constantly evolving. For those of us beginning this journey, I would highly recommend getting a mentor. He or She is the bridge between your education, work experience and success in Cybersecurity. Be passionate about your goals in Cybersecurity, for the pursuit of a mentor reveals the passion of the protégé.
3. Explore different areas
Some women simply love what they do and can’t imagine doing anything else. But if you’re curious about other areas of cybersecurity, allow yourself to explore. Some key areas that may be of interest are risk assessment, threat intelligence, governance, security operations, security architecture, frameworks and standards, and user education.
For example, someone interested in cybersecurity risk assessment may specialize in penetration testing and help companies find security vulnerabilities that could be exploited by hackers.
The figure below illustrates some of the paths your cybersecurity career could take.
You can check out educational tools provided by some of the groups we discussed earlier, but there are also lots more free and paid online cybersecurity courses available.
4. Practice, practice, practice
Once you have some basic cybersecurity knowledge, there is no shortage of programs, events, and competitions to help you hone your skills. Here are just a few of the different types of activities you can get involved with:
- Capture the Flag (CTF): These events are competitions where individuals or teams race to solve a security problem, such as taking over or defending a computer system.
- Hackathon: Hackathons often take place over multiple days and involve programmers collaborating on software projects in an intensive manner.
- Bug bounty: Many companies offer a monetary or other type of reward to people who discover and disclose vulnerabilities in the company’s systems. For example, Facebook’s bug bounty program offers rewards of up to $40,000. BugCrowd provides an up-to-date list of bug bounties.
A quick search for any of these (or cybersecurity competitions in general) will yield a host of online and in-person events for you to participate in.
While it might seem intimidating at first to enter these events, there are likely others like you who are just starting out.
As Njoroge advises
[…]be bold, be confident and do not be afraid to fail. You would be surprised with how much you could achieve in life, if you are willing to try, fail, learn from your failure, and try again and again until you succeed.
Valentine and Andrea, community founders of the LinkedIn group Women in Cybersecurity Community Amsterdam have similar advice:
No matter what, just go for it. There is no secret formula to achieving a cybersecurity career. If you want something, ask for it, but always remain humble. Dare to ask questions and dare to go for the opportunities that come to you. And most of all: learn as much as you can along the way!
5. Believe in yourself
While you’re bound to hit some roadblocks along the way, remember that this is par for course across industries, and doesn’t mean cybersecurity isn’t a good fit for you. Emili Evripidou, Product Owner at Hellenic Bank and co-founder of the Women in Security Group Ltd. has some advice on this topic:
Every girl and every boy starting out their career should remember that they are the best ambassadors of themselves and they can succeed only if they believe they can do it.
Often you will find yourself in situations where people might try to put you down, either because they do not know what you can achieve yet or because that suits their individual needs. If that happens, remember who you are and all the progress you have made so far, in academia, in your career and in your life. No one can put you down if you do not let them.
Needless to say that you will have more ammunition the more you develop yourself and your skills. So try to get the best education you can, even after the university, and put yourself in situations where you can gather experiences, both in your profession and in your personal life.
6. Do an internship
If you’re struggling to gain experience in the cybersecurity field, you may want to consider completing an internship. With so many online opportunities, you might even be able to take on a part-time remote role that allows you the freedom to work from home on your own time.
Aside from checking out some of the many initiatives listed above, CyberInternAcademy is a helpful resource if you’re looking for an internship with no previous experience.
7. Look for diversity reports
Note that while our list of initiatives exemplifies that many companies are acutely aware of the gender gap and are actively seeking to close it, the same can’t be said for every company.
Looking for a company that is visibly vying for gender equality will help you two-fold. First, it could increase your chances of being hired in the first place. Plus, it means you’re more likely to find a company culture that welcomes diversity and that you’d like to remain in.
A good sign that a company embraces and promotes diversity is an internal report on the subject. For example, Intel outlines its commitment to diversity within its workforce in its 2018 report.
To find these, you can search a company name along with “diversity report.” Alternatively, you can search the dedicated DiversityReports.org site, which even ranks companies according to how many women hold various types of roles within the business.
For an at-a-glance look at gender diversity in some of the top tech companies, this Information Is Beautiful chart provides some eye-opening statistics.
Although there is a plethora of information related to women in cybersecurity, thankfully it’s relatively simple these days to stay abreast of what’s happening in the field.
Just by following relevant hashtags on Twitter and LinkedIn, you’ll be able to keep up to date with news about initiatives, events, networking opportunities, job openings, and more.
Here are a few suggestions to get you started:
17+ real-life stories to inspire and motivate
Are you thinking about a career in cybersecurity but need an extra push? These articles, podcasts, and videos highlight women in cybersecurity and are sure to inspire and motivate you.
- I’m a Woman in Cybersecurity: A Code Lover’s Story: Raluca Ada Popa, an Assistant Professor of Computer Science at UC Berkeley, describes her passion for cybersecurity and coding.
- Meet the woman in charge of defending Microsoft from cyber attack: The story of Ann Johnson, Corporate Vice-President in charge of the Cybersecurity Solutions Group at Microsoft.
- Former CIA Officer Combats Social Engineering Scams At Civilian And Military Agencies: A report on Rosa Smothers, Senior Vice-President of Cyber Operations at KnowBe4.
- HPE’s CISO Elizabeth Joyce On Ireland, Cybersecurity, And Girl Scouts: A profile of Elizabeth Joyce, Senior Vice-President and Chief Information Security Officer at Hewlett Packard Enterprise (HPE).
- Interview in Washington DC with FBI about Cybersecurity: A video interview with Amy Hess, Executive Assistant Director of the Criminal, Cyber, Response, and Services Branch of the FBI.
- EP 30: Shamoon: A podcast interview with Chris Kubecka, author of the book Down the Rabbit Hole An OSINT Journey.
- Should I work in cyber security? Advice from women in the industry: Cybersecurity career advice from some of the leading working in Symantec.
- Interview with outstanding women in cybersecurity – International Women’s Day: Interviews with Sheila A. Berta, IT security analyst at ElevenPaths in Argentina, and Silvia Barrera, Inspector with the Spanish National Police.
- Women in Cyber Security: Interview with Sara Newman: An interview with Sara Newman, Practice Lead and Co-Founder of Securys Limited.
- Why Deidre Diamond Wants More Women in Cyber Security: An interview with Deidre Diamond, Founder and CEO of CyberSN and #brainbabe.
- What It’s Like to Work in Cybersecurity: A collection of interviews with DefCamp speakers
- What It’s Like to Work in Cybersecurity (Part 2): Additional interviews with DefCamp speakers.
- Women in tech: Two prominent female security experts speak out (CxOTalk interview): Interviews with Jo Stewart-Rattray, Director of Information Security and IT Assurance for BRM Holdich in Australia and Chair of the Women’s Leadership Advisory Council for ISACA, and Tammy Moskites, Managing Director and Security Executive for Accenture.
- Women in Software and Cybersecurity: Dr. Lorrie Cranor: A podcast interview with Dr Lorrie Cranor, Director of CyLab.
- Women in Cybersecurity: Video interviews with women in cybersecurity at Cisco.
- Hackers: the internet’s immune system | Keren Elazari: A TED Talk (video) by cybersecurity expert Keren Elazari.
- Cybersecurity Talk with Shannon Lietz: Getting women into cybersecurity with Hacker Girl Foundation: A video interview with Shannon Lietz, Leader and Director of DevSecOps at Intuit.
- 1 Why it’s important to close the gender gap
- 2 Why women are deterred from cybersecurity
- 3 Main challenges for women trying to break into the field
- 4 Initiatives to get more women in infosec
- 4.1 1. WiCyS (Women in CyberSecurity) (Global)
- 4.2 2. Women’s Society of Cyberjutsu (WSC) (USA)
- 4.3 3. WoSEC: Women of Cybersecurity (Global)
- 4.4 4. The Diana Initiative (USA)
- 4.5 5. OWASP Women in AppSec (WIA) (Global)
- 4.6 6. SANS Women’s Immersion Academy (USA)
- 4.7 7. Code Like A Girl (Global)
- 4.8 8. Ladies in Cybersecurity by DefCamp (Romania)
- 4.9 9. Australian Women in Security Network (ASWN) (Australia)
- 4.10 10. Cercle des Femmes de la CyberSécurité (CEFCYS) (France)
- 4.11 11. CybHER (USA)
- 4.12 12. Engaging Women in Cyber Defence (Canada)
- 4.13 13. ECSO’s Women4Cyber (Europe)
- 4.14 14. Executive Women’s Forum (EWF) (USA)
- 4.15 15. Ladies of London Hacking Society (LLHS) (UK)
- 4.16 16. International Consortium Of Minority Cybersecurity Professionals (ICMCP) (USA)
- 4.17 17. Girls Go CyberStart (USA)
- 4.18 18. Girl Scouts HPE Cybersecurity Patch (USA)
- 4.19 19. Mastercard’s Girls4Tech (Global)
- 4.20 20. IAPP’s Women Leading Privacy (Global)
- 4.21 21. Women in Technology (WIT) (USA)
- 4.22 22. Women in Security – Kansas City (WiS-KC) (USA)
- 4.23 23. Women in Security and Privacy (WISP) (USA)
- 4.24 24. Women in Defense (WID) (USA)
- 4.25 25. BAE Systems’ Women in Cybersecurity (WiCS) (Global)
- 4.26 26. LATAM Women in Cybersecurity (WomCy) (Latin America)
- 4.27 27. Uniting Women in Cyber (UWIC) (USA)
- 4.28 28. She Secures (Africa)
- 4.29 29. Meta Defence Labs’ SHe CISO Exec. (UK and Sri Lanka)
- 4.30 30. Seidea (UK)
- 4.31 31. Cyber Shikshaa (India)
- 4.32 32. The CyberWire’s Women in Cyber Security (USA)
- 4.33 33. Women CyberSecurity Society (WCSS) (Canada)
- 4.34 34. ISSA India Women in Cyber Security (W-CS) (India)
- 4.35 35. LinkedIn groups for women in cybersecurity
- 5 Key advice for women interested in infosec as a career path
- 6 17+ real-life stories to inspire and motivate