We’ve got a problem in cybersecurity that needs to be addressed—and it has to do with accessibility.

We know that women make up a woefully small percentage of cyber pros. While women comprise around half of the total workforce, they make up less than 25 percent of the global cybersecurity workforce. Why?

I can vouch for the fact that imposter syndrome is one factor. I’ve always been interested in computers and have wanted a career that would help me make the world a better place. I remember talking to my uncle through HyperTerminal when I was a kid, thinking it was the coolest thing ever. I would feed entries into Command Prompt just to see what they did.

And yet, I majored in English (technical writing) for undergrad and communication for grad school.

Do I regret that? No. But I know for sure that I chose liberal arts majors because I didn’t feel I “had it in me” to go into a STEM field. Therefore, my options felt limited.

Turns out, I'm not alone.

Why Women Say Yes (or No) to Cybersecurity Careers

SC Magazine recently published a piece to address why women are either driven toward—or away from—embarking on a cybersecurity career. This is worth a read, particularly since we’re shining a light on cybersecurity awareness this month as an industry. 

A finding that stood out to me is that most women who pursue a computer science career tend to experience a “breakthrough” point when first embarking on the journey. These are “experiences and connections that either encourage or discourage them from remaining in the industry,” and they’re categorized into five common responses:

• Having an early cheerleader or mentor
• Developing a passion for the underlying work
• Having a job where you make meaningful contributions to society
• Access to women-centric support communities
• “Meaningful” action or support from male colleagues

So, I got curious. Is this trend holding true at Huntress?

The Survey

To find out, I pulled together a quick survey and asked for some help from my colleagues at Huntress to collect some data. I got 14 responses—most were from my colleagues, while a few others trickled in from other women in the industry. So while this doesn’t represent a huge sample, I was able to accomplish exactly what I was hoping to: highlight some of the obstacles and successes of women in cyber—as told by Huntress employees and our friends in the industry.

The questions I asked were as follows:

• Name/pronouns/job title
• What made you want to pursue a career in cybersecurity?
• Have you had any of these "breakthrough" moments in your career? (Please check all that apply.)
• Have you ever been made uncomfortable during an interaction in the field because of your gender?
• If you answered yes to the previous question, would you care to elaborate?
• Do you have any resources to recommend to women who want to break into the cybersecurity field?
• Do you have any advice to give to folks who'd like to be an ally to women in cyber?

Unfortunately, as a fellow woman in cyber, the responses I got did not surprise me. 😔

The Responses

I’ll share some of the responses that stood out to me—the good, the bad and the downright ugly. Please note that some responses may have been edited for clarity, conciseness and to anonymize.

Q1: What made you want to pursue a career in cybersecurity?

Summary of Responses

I got a fairly mixed bag of responses here. While some respondents have been tinkering with computers since they were young, others fell into cybersecurity by accident. One respondent specifically noted they went into cybersecurity because of the low representation of women in the field.

Full Responses

• I already spent a lot of time troubleshooting and fixing computers. When I started learning about how to keep my computers secure, I found it interesting and then couldn't stop wanting to learn more.
• I wanted a career that was challenging and fulfilling.
• I joined the Cyber Team at my undergraduate university but had previously done some web development and programming in high school. I was sort of "recruited" by some close friends to join the team because they knew I had experience working with computers, and the club was brand new when I was a freshman. I started by playing CTFs every weekend, and when I graduated, my first job was in cybersecurity, performing vulnerability assessments and penetration testing.
• I never really did. I never imagined myself working in tech but I fell in love with the start-up world and found Product Marketing at tech companies was a great fit for me. I think I ended up in cyber to learn. It was an area I didn't know much about but knew was important. The 99% mission is what got me here—I knew I was the target audience. If I could understand and translate what the company did to other people like me, it could make a difference.
• I fell into tech kind of on accident but then became passionate about it. I want to know as much as I can so I can help others stay safe online.
• Honestly, I kind of just fell into the industry by way of event planning experience and fell in love with the industry, what they set out to solve and protect against and the community it's comprised of.
• I needed to get away from working at a helpdesk and find something more meaningful and impactful. Cybersecurity was the perfect place for me to use my skills to make a difference. Also, cheesily, there is an overall sense of mental and emotional security working for Huntress that I've not experienced in any other workplace.
• Honestly, I knew very little about cybersecurity before I came to Huntress. I come from a male-dominated role in the military to a government contractor and back to security. I have always had some security role in any of the jobs I've had in my life. My passion was to be a helpful ally in any position I chose.
  
  Cybersecurity was something I knew was growing, and nowadays, the "bad guys" don't necessarily need to be right in your face. Landing a role within a cybersecurity company was a plan I had envisioned when I started looking. I knew that, in some way, I would be able to help even if it was in a position that wasn't always going to see the "front line."
• An intersection of my interest in physical forensics and computers, leading to computer forensics.
• While I didn't end up in a tech-focused role, when I started working at Huntress, I was learning rudimentary IT concepts via a course on Coursera. Having always been interested in tech, I was eager to learn more and make a career in this field.
  
  I have a deep appreciation for what goes on beneath the surface when it comes to the technology that we have the luxury of using every day, along with respect for the fact that there is a dangerous side to it and a desire to assist the "good guys" in foiling the "bad guys" who choose to use this awesome tech for malicious purposes.
• I used to download viruses onto my parents’ computer to find out what they did. Turns out, there's a career for that!
• Cybersecurity has always been a passion of mine. I used to love reading up on it as I pursued a career in marketing. Finally landing a role where I could do both was like a dream come true!
• Honestly, I didn't really know I wanted to pursue this until about a month after I started at Huntress. Probably not the answer you are looking for, but it wasn't until I realized how much the average person doesn't know about cybersecurity.
• Job security, having a challenging career, high pay, low representation of women in the field.

Q2: Have you had any of these "breakthrough" moments in your career? (Please check all that apply.)

Summary of Responses

The overwhelming majority of respondents report having a passion for cybersecurity. Interestingly, access to women-centric support communities ranked last on the list. It begs the question—is this because of the lack of resources available, the lack of access, or something else?

Q3: Have you ever been made uncomfortable during an interaction in the field because of your gender?

71.4% of respondents answered yes to this question. 28.6% answered no.

Q4: If you answered yes to the previous question, would you care to elaborate?

Summary of Responses

Even if you skim the rest of this blog, I hope you take the time to read through each response listed below. Content warning: They’re disturbing.

Full Responses

• Not in cyber, just started to hit up events again. But PLENTY in other industries. I've been followed to my hotel room!
• When I got my first job in cybersecurity, I was told that "the only reason I got my job was because the company needed to bolster their diversity on the team by hiring a woman."
• I attracted unwanted attention several times by choosing to dress in a more feminine fashion. Once I started dressing like the other guys, that was greatly reduced, as was the assumption that I somehow had less technical knowledge than them.
• Unwanted attention from male colleagues in the form of unsolicited slack messages on topics unrelated to work, such as my appearance or relationship status. One eventually progressed to myself and another female colleague being written about on a male colleague's public blog in a very inappropriate and uncomfortable manner.
• Mine are more from when I worked helpdesk:

• In tech support, there were a few times that a new customer would ask for "the GUY in charge" or roll their eyes at me, disbelieving that my suggested solution would work.
• On my first day working in an IT department, my new boss gave me a tour of the campus and introduced me saying, "Look, women can do IT!" or "We can now prove that there are women in IT."
• I made some instructional videos on how to change computer settings, and my coworker said, "Wow, that's great! And a woman did it!"
• Men have tried to flirt with me while I was trying to diagnose their computer issue.
• I wore no makeup, started wearing only men's clothes and would bind my breasts in order to make it easier to fix the computers without being hit on or looked down on.
• An old man commented on me being a woman, then I tried to fix his computer, and he grabbed my hand.

• For reference, I was one of three females in my office at my first job, where both of the other women were upper management and not people I worked with every day. I have definitely been called "names" before and talked down to for "acting like I know more," especially by those who were older than me and even by people who worked for me.
  
  At the end of the day, I've had to grow a thick skin and let my results speak for themselves, but I definitely think that I've been questioned more so than my male counterparts over the years because of my gender. I was once told that my "attitude" was going to hurt my chances of ever being promoted and that I "needed to smile more," both of which were said to me by males whom I worked for.
• Our partner base is overwhelmingly male, and occasionally they cross lines with inappropriate comments and innuendos. It tends to be 'that guy' that I have been talking to for an extended amount of time that apparently mistakes conversation for flirting. I have been doing this long enough that I know how to exit the situation and am always aware of where my safe people are.
• Learning about certain sex crimes during my graduate studies and being asked to leave the room because my presence might be making my male colleagues uncomfortable while learning about this.
• Due to me being a female in the industry, oftentimes when I'm at the booth at an event, people will come up to me and assume I don't know anything about the product and want to talk about things that are completely unrelated like my appearance, etc. Women should be treated as equals in their knowledge and expertise—not demeaned and have assumptions made.
• I've been spoken down to for being a woman.

• Ideas and/or contributions are not considered because I put them forward.
• Told that I'm "too emotional" because of my gender.
• I've also been told I'd be better serving tea and biscuits???

Q5: Do you have any resources to recommend to women who want to break into the cybersecurity field?

Full Responses

• I first got some certifications (like Security+) and then began working on a master's in cybersecurity. I chose that path because I looked at a large subset of jobs I was interested in and added the requested qualifications to a spreadsheet. The ones that were mentioned the most across the job postings I was interested in are what I pursued first.
• There is a group called Women in CyberSecurity (WiCyS).
• Don't limit yourself to only what you know or think you'll be good at. Go for what you know is the right path. Huntress was the only company that looked at me not for what I knew but for who I was and knew that I was a good fit because of my values. Values are essential; the right people will see those values you hold and notice.
• I personally love listening to women-led security podcasts. One of my new favorites is The Cyber Queens podcast, but I also follow quite a few social media accounts, like @GirlsWhoHack, @blackgirlshack, and @girlshackvllg. I also recommend TryHackMe to anyone who wants to start learning some basic security topics.
• What worked for me was submitting my resume to any open job in cybersecurity that somewhat matched my skillset, interviewed for some duds, and then found Huntress.
• Getting involved with open-source projects is a great way to gain experience and visibility. There are plenty of existing projects, such as Volatility or Sleuthkit (for example), or you can create your own projects and release them on Github or similar hosting websites.
  
  I'd also recommend getting involved using social media. There are lots of people in the cybersecurity field who are involved on Twitter, Twitch and LinkedIn for example.
• Therapy. :) But honestly, I recommend that to everyone and do think it can be especially beneficial when working in a male-dominated and complex industry.
  
  Anything to help with general confidence and growth in whatever skill you're bringing to the table. Never stop trying to learn!

Working in the cybersecurity industry has a lot of imposter syndrome. There is still a lot of (conscious and subconscious) sexism, and it's (my experience) a very judgmental industry. It's important to be confident in what you bring to the table and who you are—you're there for a reason. Continuously remind yourself of that reason. It's so hard, and something you'll continuously work on, but it makes a difference.

• Don't compare yourself to others. Rather compare yourself to yourself. Once you compare yourself to others, that's where imposter syndrome becomes your own worst enemy. Harness what you're good at and where your passions lie, and only good things will come out of it.
• TryHackMe, finding a mentor, Meetup (the website to find similar goal-oriented people), etc.
• Cybersecurity Marketing Society
• Advancing Women in Technology Interest Group
• Women Cybersecurity Society
• Honestly, the folks at Huntress make no question off limits and have spent a TON of time explaining cybersecurity concepts to me like I am five. Otherwise, following women leaders on LinkedIn has been really helpful.

Q6: Do you have any advice to give to folks who'd like to be an ally to women in cyber?

Full Responses

• If you see or hear any form of discrimination occurring, be an ally and ask the person how you can help! Let the person know that you support them, and ask how you can best do that.
• Don't assume they know less than you just because they are female. Everyone is a person, so we should strive to treat everyone as if they are on the same level playing field and try to remove any preconceived misconceptions.
• Incorporate viewpoints from women in security into your daily routine. This can be as simple as following some women in the area of security you're interested in on Twitter, subscribing to their blog or finding a podcast done by women.
  
  Another very simple thing to do is to volunteer for things that are often given to women, such as the meeting note-taker or organizer, especially if you know that a particular woman doesn't like to do those things.
• Treat us the same way you do your male colleagues. We wouldn't be here if we didn't have the mental aptitude to be here.
• Be more vocal about lending the guidance and support women and cyber often need. Create a seat for them at the table.
• Listen, hear and consider that when we love what we do, we will always do the right things for the right reasons. Speaking from myself, it shouldn't matter what gender you are in any field. Let it be if a man or woman can do the job. Respect that being a woman in a very male-dominant role didn't stop us from pursuing it. If anything, it pushed us to prove it can and will be accepted.
• Speak up, speak out and be aware of what's happening.
  
  Look around the room and take note of who is represented. And then take note of who is talking. If there are women in the room and they're not talking, prompt them/support them/call out others for interrupting them. Take time to figure out how to make them comfortable enough to speak.
  
  Don't discount people who don't have the same experience as you do. "Working in cyber" means something different to everyone, and none of the industry infrastructures would exist if we only listened to those who are experts in cyber or have the expertise you personally have decided holds value. There are a lot of smart people who make this industry what it is. Listen to them and support them. There are probably a lot more "women in cyber" than you think.

• Help raise our voices. Credit us if you use our idea/concept. If what we said is repeated by another colleague, credit us. If you notice we are not being heard in a meeting, repeat what we said while acknowledging we said it first. If you notice someone talking over us, chime in, "I believe they were speaking," and give us back the floor. Sometimes we need a little help making sure our voice is heard. Be our amplifier.
• Honestly, just treat women the same way you do everyone else in the workforce. Also, please take any concerns that women bring up, especially around discrimination and harassment, seriously.
• Don't assume that everyone wants to be the same level of "technical" in cybersecurity. I am okay with a lower level of "technical" than most. It took me a long time to 'okay' with that, and I now realize that my lower technical level allows me to have business case conversations.
• If you see or hear any form of discrimination occurring, then be an ally and ask the person how you can help! Let the person know that you support them, and ask how you can best do that.
• Don't refer to my gender at all, please. My brain and skills don't have anything to do with my anatomy. Stop others from doing so. It's such a relief when someone stands up for me. My current team is fantastic at this.
• Learn to listen to your female colleagues. Often when women finally feel comfortable complaining about a male colleague's actions, they are dismissed because that person is seen as a "good guy." Often, women are dismissed because their potential allies are only able to see the world through their own lenses. Therefore, learn to listen and believe what she is saying.
• First, just listen! Generous, world-class listening requires focus, sincerity, empathy, refusal to interrupt and genuine valuing of both her experience and her willingness to share it with you.
  
  Second, engage in supportive partnerships. The best ally relationships are reciprocal and mutually growth-enhancing. Share your social capital (influence, information, knowledge, and organizational resources) with other women but ask them—don’t assume—how you can best support their efforts.

In Short: Don’t Be a Jerk

I hope these responses show just how common these types of experiences are toward women in the cybersecurity industry—and more importantly, I hope you feel encouraged to say something if you see something. Until we’re seen as an equal force in cyber, we need help being visible, heard and appreciated for our skillsets, regardless of our gender or sex.

And if you really have to be a jerk, redirect that energy to bad actors who prey on small businesses. We’re cool with that.

***

I couldn’t have written this blog without the 14 women who participated in this survey taking the time to share their stories and experiences in hope of a better, more inclusive, accessible cybersecurity landscape. Thank you all so much!