Women in cybersecurity: Shattering the myths, once and for all

The story of the young cybersecurity magnate who spent his youth tearing apart computers has been told so many times it is almost a cliché. He got his start coding in the family garage. He graduated top of his class with a computer science degree. He launched his own startup (also from the garage), and the rest is history.  

Fortunately, this is not the only way to launch a successful cybersecurity career. Unfortunately, the persistence of this narrative has a tendency to dissuade those who don’t feel they fit the “traditional” mold. All too often, this applies to women — and although some women do achieve titles like CTO, CIO or CISO, the cybersecurity industry remains heavily male-dominated. The cybersecurity field still struggles to attract women, in large part because they have hard time picturing themselves within it.

Women who find success in cybersecurity should not be outliers — especially today, at a time when the field is experiencing explosive growth and talent is in high demand. Today’s cybersecurity companies also often cite diversity as a priority, with a stated goal of bringing new perspectives to the table. To achieve this, it is time to dispel the myths propping up cybersecurity’s intimidating reputation, and to tear down the false barriers to entry that are keeping women out. 

Myth #1: You need to have a computer science degree to work in cybersecurity

Despite what many people may believe, cybersecurity is something that you can potentially just fall into. Many cybersecurity professionals have undergraduate degrees in fields ranging from English to sociology. Some might get their start as a sales representative or a pharmacy technician. It’s true that succeeding in cybersecurity requires a great deal of passion for the field, but that doesn’t necessarily mean spending your formative years preparing for and following a conventional path. 

A computer science degree might be helpful, but it’s far from required. This isn’t to say that degrees and certifications aren’t important — but skills can be taught. Ultimately, what defines a good security professional is how they approach problem solving. For example, a degree in mathematics or philosophy can provide a foundation for practiced logic and problem solving that translates incredibly well to cybersecurity. 

Dedicated self-directed learning can also help bridge any knowledge gaps impeding a cybersecurity career. One thing successful leaders tend to have in common is a willingness to keep learning. If things like programming languages, malware analysis, ethical hacking or other relevant topics interest you, there are ways to acquire that knowledge outside of a traditional degree program. Take the initiative — self-training and certification can make candidates stand out as driven achievers. A growing number of job candidates are arriving with self-taught skills, a history of IT-related volunteer work and boot camp certifications. Knowledge doesn’t just come from a university. 

Myth #2: Cybersecurity is a field exclusive to men

Despite having the qualifications, skills and dedication to succeed in cybersecurity, women can be held back by the idea that it’s a field for men. And while it is true that the field continues to be dominated by men, it is far from exclusive to them. Women currently make up almost 20% of the cybersecurity workforce. That may sound low, but in 2013 women made up just 11% of the cybersecurity workforce — so the trend is quickly heading in the right direction. If there was ever a time to get into the field, it is now. 

This is underscored by the fact that today’s women are more likely to finish college than men, which represents a significant turning point in gender parity and a key indicator for the future of the labor force. But even armed with higher education, many women still face imposter syndrome — especially in a male-dominated field like cybersecurity. They often feel inadequate, even with a track record of demonstrated success. Tech leaders have traditionally been touted as masculine figures, and it is easy to understand why women often wrestle internally with the problem of measuring up. Finding the right fit — and the right corporate culture — can make a big difference.

Companies with a strong, value-led culture that place an emphasis on professional development, support and constructive feedback are critical to success. It is also important for women to help each other, serving as both mentors and cheerleaders to others as they break into the field. There are allies all throughout this industry, and they will stick around — after all, two-thirds of women in cybersecurity say they plan to stay there for the remainder of their careers. 

Myth #3: Cybersecurity requires me to code or hack

It’s true that there are cybersecurity roles that require coding or hacking skills. But they are far outnumbered by positions that do not. Unfortunately, many cybersecurity job listings include requirements that seem to be designed for a mythical unicorn who can code, hack and understand every job in the industry. This can be especially daunting to women, who studies have shown are prone to underestimate their own qualifications.

Companies need to be more flexible with their job descriptions, or many women will not even apply. On the other side, potential applicants should understand that although cybersecurity job listings may give the impression that only a select few people are qualified enough to apply, this is not the case. The tech industry is facing an acute talent gap, and this is the most flexible time ever for candidates looking to break into the field. 

Today, there are almost 600,000 unfilled cybersecurity jobs in the U.S. alone. Jobs are open at every level, and many organizations are investing in training programs to get their workers up to speed. This is an era marked by investment in employee skillsets, particularly in the tech field. Gone are the days of traditional educational backgrounds; cybersecurity recruiters are looking for candidates who are closely aligned to the technical skills for the job and, above all, the right attitude.

In the cybersecurity world, any experience is good experience. An entry-level job as a cyberthreat analyst might focus mostly on reporting, but it can be leveraged into more hands-on technical support work. The industry needs talent, and there will always be opportunities to expand your role and take on new responsibilities if you want them. When those opportunities present themselves, you simply need to be the one to raise your hand. Sometimes, all it takes is the drive to volunteer. 

Stepping into the field

The cybersecurity field is changing rapidly. With the right dedication, skillset and support systems, today’s women are finding success in every corner of the industry. Old barriers to entry like needing certain degrees, the idea that it is “a man’s field,” or recruiters with unrealistic expectations should no longer keep women up at night. 

Women are behind some of the most significant cybersecurity operations and innovations today. They are slated to be behind even bigger industry advances in the next five, 10, and 20 years. From entry-level to C-suite, they are already putting in the work. There is significant opportunity for more women to play a part in that future.

To any person unsure if she should pursue cybersecurity: it’s time to raise your hand. If you wanted to raise your hand yesterday but did not, raise it today. Whether that means volunteering for a project, changing roles or interviewing for a job, the best way to kick off your cybersecurity career is to jump in headfirst. Who’s game?

Heather Gantt-Evans is CISO of SailPoint.