Three Lessons Learned as a Female Cybersecurity Leader

The 2023 International Women’s Day celebration is almost here, with the theme #embraceequity aimed at forging harmony between all genders. It is an opportune time to rehash the insights I shared with a close-knit group of cybersecurity ladies in January. The feedback was phenomenal, so I thought I’d share them here to inspire more people.

Amazon's Global Chief Information Security Officer, Lakshmi Hanspal, said - “I have found that more diverse teams bring a variety of different perspectives, which help us better understand and empathize with our customers” From experience, the most rewarding projects I have been on had a good mix of both genders.

I have led several information /cyber security teams - including cybersecurity governance, risk, and compliance teams, penetration testers, incident response teams, and those saddled with the tasks of conducting cybersecurity assessments. From experience helping several companies navigate their cyber risks through the toughest times - in their history, I have worked with loads of people and felt the representation of women in the cybersecurity field is lacking, and I am not alone.

This “Shecession” identified in PwC’s 2021 Women in Work Index was not caused by a lack of work or a reduction in the demand for cybersecurity services but rather a lack of additional support for women. In the wake of the pandemic, many families were without childcare and left with the responsibilities of being “the caretaker” (including those in the cybersecurity industry). Some left work to home-school and take care of the home front. Organizations seeking to give equity a huge embrace and increase their cyber talent pool would do well to increase their support for women.

There are many lessons I’ve learned as a woman, a leader, and a cybersecurity professional. I highlight three lessons here, with quotes and insights gleaned from online interviews done by other inspiring female cybersecurity leaders. Hopefully, this article inspires and encourages those looking to enter or progress in this field and help continue the important conversation around diversity and inclusion in cybersecurity.

1. Learn from Others - to boost your knowledge and career as you grow.

According to John Maxwell - " it’s said that a wise person learns from his mistakes. A wiser one learns from others' mistakes. But the wisest person of all learns from others' successes". Before getting into the Cybersecurity industry, I went to an experienced professional for advice - acted on it, and it worked.

At another phase in my career, I was about to quit my job because I could barely manage the home front and work. How did I pull through? With advice from experienced and working women, I was empowered to take charge. I controlled both worlds by learning from the leaders ahead of me. As a budding information security consultant, I learned many things from a phenomenal leader and cybersecurity matriarch - Adedoyin Odunfa. She is an exemplary leader, kind, and supportive. I also applied the learning from books focused on helping the working lady. One book I'll recommend is the pressure cooker by Nkiru Olumide Ojo - (a communications expert, mother, and mentor). I loved the book! I marked it all over and still refer to it when I can.

As children, we learned fabulous lessons from stories such as the - David and Goliath story and little red riding hood. Cybersecurity career stories have profound lessons too. Every shared story is a chance to make someone feel less alone. The unique success stories shared in the books and articles highlighted here can unleash the potential of more women. In them, you will see industry, career, and personal insights from hundreds of cybersecurity luminaries. Check out - the tribe of hackers by Marcus J. Carey and Jennifer Jin, African Women in Security by Cephas Okoth Mwanah and Judy Ngure, Women Know Cyber by Steve Morgan and Di Freeze, and the - Epic women in Cyber series by Sonya Moisset. There are more books, podcasts, articles, and groups to help you get ahead in cybersecurity. You are not alone.

There is so much you can learn. I have learned: grit, personal branding, cybersecurity skills, integrity, facilitation skills, business development, poise, and more from cybersecurity men and women.

The reality is that even coping mechanisms can be learned. There are the highs and lows of working in the industry. For example, burnout is an existential issue in the cybersecurity industry - the inspiring Fatimah Adelodun, special assistant to the Director General of NITDA on cybersecurity and enterprise solutions, tells us her story and the strategies that helped her overcome this issue. She suggests setting boundaries, prioritizing self-care, staying informed, and seeking support as helpful.

I recall discussing with a job seeker about joining the Cybersecurity industry. Even though her question was – What is Cybersecurity? After working with her and showing her a few things, she got a - good cybersecurity job.

Additionally, you can work this piece of advice both ways. Educate and correct yourself from the mistakes/errors of others. I like this African/Yoruba proverb that says: He who sinks in a hole has taught his followers what to do. When you see that someone made a mistake or has revealed a common pitfall, you don't follow blindly and fall into the same pit. You must learn - what to do and not do as you take your cybersecurity career notes.

I have learned from mentors, peers, books, the mistakes and successes of others, and industry groups – you can too.

2. Invest in yourself - to change your life and up-skill for growth.

There are investments you can make in yourself today - to change your life and up-skill for growth. You can develop your skills, advance your education, use available training content, expand your knowledge, stay current, or increase your daily cyber learning. "Invest in yourself" - The wonderful Sherifat Akinwonmi, Business Information Security Officer, TD, also mentioned this point at an ISC2 Nigeria panel session for women in October 2021.

• Invest in expanding your knowledge: There are loads of cybersecurity training online. At some point, you may need to make personal sacrifices to fund your certification training. It pays to make those investments. Sherifat Akinwonmi also discussed how she stayed committed to her yearly certification goals. It would be beneficial to do this with some driven friends. One of my mentors consistently made these investments and reaped quantum rewards. Invest in starter - cybersecurity certifications. Take a look at this security certification roadmap by paul jerimy. I know a lady who was not getting the big break she needed. Her employer did not get her trained, so she decided to fund the much-needed training herself. This was instrumental to her next role ( a job beyond her wildest imagination). Please note that free cybersecurity training can help you achieve similar results. You can consider any of these five great-starter cybersecurity certifications: CEH, CompTIA Security+, ISACA Cybersecurity Fundamentals, GIAC Information Security Fundamentals (GISF), Microsoft Certified: Security, Compliance, and Identity Fundamentals. Other mid-level to senior certs include - CISM, CISSP, C|CISO, and CISA.
• Invest in building competence – and speak up. Build competence and ask for that seat or coveted cybersecurity role. Here are 50 cybersecurity job titles that you should know about. Years ago, I had an interesting conversation with a ‘kingmaker’ - and it became clear that my shyness or the inability to articulate my career aspirations upfront could have robbed me. I have been in meetings where male colleagues openly spoke of – their desire to progress into bigger-capacity roles while I shrunk behind closed doors. Until I started to speak up about my career aspirations, I did not get a chance at that seat. Indeed - a closed mouth is a closed destiny.
• Invest in being consistent and having a visibility strategy. One remarkable female leader taught me this hack. I had always admired her work from afar. Her work ethic was top-notch, she delivered quality work each time and surpassed set performance goals, yet her compensation package was not commensurate to the work done or that of her male counterparts. After working on her visibility plan – which included speaking up, articulating her contributions, and showing up consistently, she got mouth-watering opportunities and a significant raise. Speak up, and you will be heard. I saw an interview where the amazing Confidence Staveley, Founder of Cybersafe foundation, gave this piece of advice to those starting in this field – and she said, “ Be consistent ”. Consistency helps you achieve success in this field. Be consistent in - showing up, delivering quality work, building competence, building relationships, prioritizing self-care, building confidence, and more. I believe that you are responsible for the outcomes of your life - career inclusive. Chai Simms. The Co-founder of Meta Defence Labs describes working in cybersecurity this way - “ I don’t believe in luck. It is all hard work, persistence, optimism, and positive thinking that lets you reach your goals.”
• Invest in developing cybersecurity skills ( hard and soft ). Recently, I spoke to a financial service - cybersecurity executive, and we talked about her experience with new joiners. She alluded to their ability to quickly take on new skills, their appetite for knowledge, their work ethic, and the positive results they brought to her organization – after training them. This is the same experience I have got. If you are just starting, please don't feel intimidated - we need you. Today people in the industry get hired for their cybersecurity skills and attitude to work - not necessary certs. Build or fortify those skills. The top hard skills to consider include cloud security, mobile-remote computing, application security, network security, identity, and access management, risk and compliance auditing, threat intelligence analysis, penetration testing, and red teaming. The top soft skills to consider pursuing are - communication, leadership, creativity, and problem-solving.

Invest in yourself. It pays the best interest. It also increases your well-being, knowledge, and skills. Investing right will help you become a more experienced person and a qualified job candidate.

3. Network - You’re one person away from a life-changing opportunity.

If you walk alone, you can only go so far. Once upon a time, a famous Mathematician, Professor Uries Treisman, who taught at UC Berkeley, wondered why his black students did poorly compared to his Asian students, who did amazingly well in his class. This bothered him, so he asked his colleagues why this was the case. Their feedback was – ‘Maybe they came from unprepared schools’ or ‘maybe they don’t understand the rigor’ His response was - but you can’t get into UC Berkeley without having the required academic chops. Something was wrong, he thought.

So, he asked his black students if he could observe them for a couple of weeks to see how they engaged with the material – when they obliged, he found out that the Black students read a lot more than the Asian students. But the deal was - the black students read alone, while the Asian students read in communities. Going forward he made it mandatory for the students to learn in communities and groups. Guess what? the result was, after a couple of semesters, the black students did as well as the Asian students. The learning here is: stop trying to do things - all by yourself. Stop struggling in isolation – network, and engage.

I have seen my mentees get good cybersecurity jobs, get married, and seize desirable opportunities by applying this tip. You can join industry groups that help female cybersecurity professionals and aspiring leaders - Check out these 50 Women In Cybersecurity associations and groups.

Another networking perk is - access to amazing mentors. Mentors inspire. They are there to say, "look, it's not as hard as you think." Here are specific steps to take to find one. Know what you want from your cyber career. Examine your professional circle and search out who has your dream job. Connect with them and ask - “how they got there?” or “What skills are relevant to fill their role?”. Lastly, when you get your mentor(s) – cultivate the relationships.  

Years ago, as I prepared for an interview, two of my mentors convinced me to aim for a higher role. They spoke faith into me, which enabled me to summon the courage to go for it – and I got the job.

In another case, at an industry event, a colleague told me about her desire to join the industry. I told her she was already in, and from her response, she took it with a pinch of salt until I began to point out her cyber grc work. Also, she struggled to get her desired job, and I kept reaffirming and reassuring her when I got the chance. Now, she works for a Tech giant.

Networking has power. Surround yourself with positive voices. This point has practically helped me career-wise and personally.

I have loads of stories to share, but I will stop here. The amazing Iretioluwa Akerele, the founder of Cyblack, said this beautifully, “Start – start learning, start reaching out to people, start asking. Just start”. No one is an island - share your ideas, go to industry events, leverage LinkedIn, and volunteer. Networking has been instrumental to many getting the deals, jobs, and opportunities they enjoy. Go! Start networking - Network upwards, downwards, and with peers.

Nasrin Rezai SVP Chief Information Security Officer Verizon - captures my call to action for industry leaders and forward-thinking organizations here - she said: “ It is our job to continually enable women in security to enter the field and create opportunities for them, so they stay and grow over the years. Sustaining women’s career progression is equally important as bringing them into the field”. Leaders need to join the conversation to drive change.

Summarily for those seeking to join the industry - Know that you are already enough and capable. Don't allow disabilities or wrong thinking to stop you from working in cybersecurity. There is no limit to what you can accomplish. Network, learn from others, and invest in yourself. Take that risk, act today, and you will be on your way to an exciting cybersecurity journey.

Thanks for reading