Addressing the Gender Gap in Security Leadership

Security is prime for a female revolution to rectify the persistent gender gap in leadership positions. According to a global study done by the Executive Women’s Forum, men are four times more likely to hold C- and executive-level positions and nine times more likely to hold managerial positions than women. The industry is centered around making one tough decision after another while translating tech speak into true business value. Having more female influence would benefit both the overall security and business communities.

In 1995, when I started in the IT space, there was an overwhelming imbalance between male and female IT leaders. In fact, it was quite challenging to find more than a handful of women CIOs within the space. Today, only 11 percent of females are represented globally in the cybersecurity profession. I was fortunate to join the workforce during a time of great change in not only technology, but also in social and moral focus.

Over the past two decades, IT leadership has blossomed into a more balanced and healthier environment though things are still not where we want to see them. Though IT is a career where highly technical skill sets are valued and desired, over time the need for communicating the value of IT solutions across an organization has given way to a more balanced need between technical excellence and focused influence. Women IT leaders grew up in precisely that space and were amazing at explaining the value of IT solutions as a business need. These women actually came from the business side of IT and truly understood how the inner workings of the company and its data flowed.

Cross-functional, business driven careers such as program management, compliance, and business applications spawned a new brand of women IT leaders that ultimately grew into the first true wave of Woman CIOs. I believe that this positive influx of fresh thought leaders changed how IT was viewed, teams were built, and the business of IT was managed. Today, women CIOs unfortunately still hold a significantly smaller percentage of the overall CIO positions. Women make up 9 percent of IT leaders globally and 10 percent in larger organizations according to a study done by Harvey Nash/KPMG. However, they have created a positive mark in the space and possibly a blueprint for other highly technical skill sets (such as CISOs) to undergo similar transitions toward greater balance.

For the Security space, we expect to see a greater selection of career trajectories leading to the path of the woman CISO. We may not see the vast majority move from Sec Eng/DevOps into CISO/CSOs. Perhaps they will arrive to the CISO position through another path such as Compliance, Security PMO, or Engineering Program leadership. But we are not there yet. As I write this, I am aware that there are less than 20 female senior Security leaders (i.e. CSO, Heads of Security) in the San Francisco Bay Area, which is arguably the largest and most mature modern CISO market in the US.

However, the news is not all bad; there are several solid programs working to strike a greater balance. In particular, the National Security Forums and events have been making a strong effort in recent years. For instance, BlackHat has a growing balance of female leaders on both their board and within their upcoming sessions. Parisa Tabriz, a true Sec Ops/SecEng leader, will be kicking off the event as the Keynote. (Yes!!!)
In a follow up piece, we will go over a few ideas for what we and others can be doing in the community to help bridge the gender gap and change this incredibly important space. In the meantime, we would love to hear from others witnessing the lack of diversity in the Security space. What challenges and improvements are you seeing? Please reach out to with your thoughts.