Women in cybersecurity: breaking the myths once and for all

We’re excited to bring Transform 2022 back in person on July 19 and pretty much July 20-28. Join AI and data leaders for insightful conversations and exciting networking opportunities. Register today!

The story of the young cybersecurity tycoon who spent his childhood taking apart computers has been told so many times it’s almost a cliché. He started coding in the family garage. He graduated top of his class with a degree in computer science. He launched his own startup (also from the garage), and the rest is history.

Fortunately, this is not the only way to start a successful career in cybersecurity. Unfortunately, the persistence of this story tends to put off those who don’t feel they fit the “traditional” mold. All too often this is true for women – and while some women hold titles such as CTO, CIO or CISO, the cybersecurity industry remains heavily male-dominated. The cybersecurity field is still struggling to attract women, largely because they find it hard to imagine themselves in it.

Women who are successful in cybersecurity should not be outliers – especially in this day and age when the field is booming and talent is in high demand. Modern cybersecurity firms also often cite diversity as a priority, with the aim of bringing new perspectives to the table. To achieve this, it’s time to dispel the myths that underpin cybersecurity’s intimidating reputation and remove the false barriers to entry that keep women out.

Myth #1: You need a computer science degree to work in cybersecurity

Despite what many people may think, cybersecurity is something you can potentially make just fall in. Many cybersecurity professionals have bachelor’s degrees in fields ranging from English to sociology. Some may start out as a sales representative or pharmacy technician. It’s true that succeeding in cybersecurity requires a lot of passion for the craft, but that doesn’t necessarily mean you have to spend your early years preparing and following a conventional path.

A computer science degree can be helpful, but it is far from required. This is not to say that degrees and certifications are not important – but skills can be learned. Ultimately, what defines a good security professional is how he handles problems. For example, a degree in math or philosophy can provide a foundation for practiced logic and problem solving that translates incredibly well to cybersecurity.

Dedicated self-directed learning can also help bridge knowledge gaps that stand in the way of a cybersecurity career. One thing successful leaders have in common is a willingness to keep learning. If things like programming languages, malware analysis, ethical hacking, or other relevant topics interest you, there are ways to gain that knowledge outside of a traditional education. Take the initiative: Self-training and certification can help candidates stand out as driven achievers. A growing number of job applicants are arriving with self-taught skills, a history of IT-related volunteering, and boot camp certifications. Knowledge does not only come from a university.

Myth #2: Cybersecurity is a profession exclusively for men

Despite having the qualifications, skills and dedication to succeed in cybersecurity, women can be held back by the idea that it’s a field for men. And while it’s true that the field is still male-dominated, it’s far from exclusive to them. Ladies currently makeup nearly 20% of the cybersecurity workforce. That may sound low, but in 2013 women made up only 11% of the cybersecurity workforce — so the trend is fast moving in the right direction. If ever there was a time to get into the field, it’s now.

This is underlined by the fact that today’s women more likely to finish college than men, which is a major turning point in gender equality and an important indicator of the future of the workforce. But even armed with higher education, many women still face impostor syndrome — especially in a male-dominated field like cybersecurity. They often feel inadequate, even with a track record of proven success. Tech leaders have traditionally been touted as masculine figures, and it’s easy to see why women often struggle internally with the problem of measuring up. Finding the right match — and the right company culture — can make a big difference.

Companies with a strong, value-driven culture that emphasizes professional development, support and constructive feedback are critical to success. It’s also important for women to help each other and be both mentors and cheerleaders to others as they take the field. There are allies all over this industry, and they will remain – after all, two-thirds of women in cybersecurity say they plan to stay there for the rest of their careers.

Myth #3: Cybersecurity requires me to code or hack

It is true that there are cybersecurity roles that require coding or hacking skills. But they are vastly outnumbered by positions that don’t. Unfortunately, many cybersecurity job postings contain requirements that appear to be designed for a mythical unicorn who can code, hack, and understand every job in the industry. This can be especially discouraging for women, who studies have shown tend to underestimate their own qualifications.

Companies need to be more flexible with their job descriptions or many women won’t even apply. On the other hand, potential applicants should understand that while cybersecurity job opportunities may give the impression that only a select few are qualified enough to apply, this is not the case. The tech industry is facing an acute talent gap and this is the most flexible time ever for candidates looking to break into the field.

Today there are almost 600,000 unfilled cybersecurity jobs only in the US. There are job opportunities at every level and many organizations invest in training programs to keep their employees informed. This is an era marked by investment in workers’ skills, especially in the technical field. Gone are the days of traditional educational backgrounds; cybersecurity recruiters are looking for candidates who closely match the technical skills for the job and most importantly the right attitude.

In the world of cybersecurity, every experience is a good experience. An entry-level job as a cyber threat analyst may focus primarily on reporting, but can be used for more hands-on technical support work. The industry needs talent and there will always be opportunities to expand your role and take on new responsibilities if you want to. When those opportunities arise, all you have to do is be the one to raise your hand. Sometimes all it takes is the drive to volunteer.

Step into the field

The field of cybersecurity is changing rapidly. With the right dedication, skills and support systems, today’s women find success in every corner of the industry. Old barriers to entry, such as having certain degrees, the idea that it’s “a man’s field,” or recruiters with unrealistic expectations should no longer keep women up at night.

Women today are behind some of the most important cybersecurity operations and innovations. They are meant to be behind even greater progress in the industry over the next five, ten and twenty years. From entry-level to C-suite, they’re already working on it. There is a great opportunity for Lake women to play a part in that future.

For anyone unsure about pursuing cybersecurity, it’s time to raise your hand. If you wanted to raise your hand yesterday but didn’t, raise it today. Whether that means volunteering for a project, changing jobs, or interviewing for a job, the best way to kick-start your cybersecurity career is to jump right in. Who’s playing?

Heather Gantt-Evans is CISO of SailPoint

DataDecision makers

Welcome to the VentureBeat Community!

DataDecisionMakers is where experts, including the technical people who do data work, can share data-related insights and innovation.

If you want to read about the latest ideas and up-to-date information, best practices and the future of data and data technology, join us at DataDecisionMakers.

You might even consider contributing an article yourself!

Read more from DataDecisionMakers