Women cyber leaders are on the rise — and paying it forward

Female cybersecurity leaders are feeling fairly positive about their standing in a traditionally male-dominated field, although many believe there is still room for improvement. 2025’s International Women in Cyber Day on Sept. 1 sees some strides having been made: While women make up only 22% of the cybersecurity workforce, 55% of female respondents are in managerial or higher positions in their organizations, according to a recent ISC2 report.

“I’m actually really encouraged, because I’ve seen more women step into CISO roles in recent years than I have ever before,” says Carol Lee Hobson, CISO at payment platform provider PayNearMe. “Women often bring a natural instinct to protect and safeguard, which I think are qualities that align really well with the mission of cybersecurity.”

Further, the talent pipeline is growing with more women entering the field, Hobson adds, referencing the ISC2 report. “That’s significant, considering how this industry is dominated.”

Still, companies could be doing more to bring women into cybersecurity positions, says Lauren Winchester, vice president of cyber risk services at Travelers.

“Women make up more than half of the population yet represent roughly 20% of the cybersecurity workforce. While the number of women in cyber has increased over the past decade, companies can and should work to continue closing the gender gap in hiring and leadership roles,’’ Winchester says.

Women in the cyber industry need to be recognized, rewarded, and promoted, she says. “Like any industry, you want to be somewhere that provides an opportunity to learn, gain experience, and grow.”

Salary discrepancies continue

Gender parity issues also persist, including in salaries. Another recent ISC2 report finds a “substantial average discrepancy in salaries between women and men.” The ISC2 data shows when median US salaries are compared by gender, there is a $10,000 difference between men ($150,000) and women ($140,000) study participants.

“This difference grows to $14,000 when we compare average (mean) salaries, with men who responded earning an average of $159,369 compared to women who earn an average of $144,689,” the report said. With seniority, the pay gap decreases as the job level increases.

While organizations on average are moving closer to achieving equal pay among senior-level executives, “inequality is still prevalent across the board,” the report said.

But others findings are promising. “Once women enter the field, they are finding ways to advance,” the ISC2 Research team said. “The real challenge is ensuring more women join and thrive at every level.”

Incremental progress being made

There are also mixed feelings about how women in the industry are viewed, and the level of support they receive.

“When I first started in this field, being the only woman in the room was just a normal Tuesday,” notes Alicja Cade, director of the Office of the CISO, at Google Cloud. “And while things have improved so much, I still get the occasional déjà vu moment at a networking event in some oak-paneled steakhouse and think, ‘Okay, we’re not quite there yet!’”

Cade finds that “the spirit of the cyber community” helps level the playing field, because all security practitioners are united by a common purpose, she says, and “people genuinely recognize that diverse views and skills matter. The biggest shift for me is that I now walk into most rooms as a security leader who happens to be a woman, not the other way around.”

The most important lesson, Cade stresses, “is to embrace what makes you a unique leader, rather than trying to be someone you’re not — common sense, isn’t it?”

This isn’t just a social issue — it’s a core strategy for success, Cade adds.

Cindi Carter, global CISO at Check Point Software, also recognizes the progress women have made in representation, “and there are many allies helping us build pathways for women into leadership roles, particularly in technology, cybersecurity, and board-level positions.”

PayNearMe’s Hobson believes that with more young women graduating from STEM programs, and major industries such as financial services, energy, and defense facing increased demand for security leaders, “there’s never been a greater opportunity for women in this field than right now.”

Women determined to mentor other women

To build unity, women in the field need to make time to support one another, says Erika Voss, senior vice president and CSO of Blue Yonder, a provider of digital supply chain management software.

“There needs to be more ways that women cyber leaders have a chance to get together in a fashion that doesn’t cost anything, but allows for collaboration, lessons learned, and ways to cross-share more on what the challenges are that we are all still facing today, and how to continually power through them,” Voss says. “I am finding that people I started in the industry with are giving up and stepping out because it’s just not worth all the challenges and headaches anymore, which is saddening to see.”

There are still industry thought leaders to follow and learn from, Voss says, but it’s incumbent on female cybersecurity leaders to not only “find the time to spend a few minutes with these women who have come before us [and] are leading the way, but also opening the doors for the future of women.”

There are a multitude of networking and career building groups for women in cyber now, observes Jennifer Wilson, cyber leader at global insurance company Newfront. They include Women in Cybersecurity (WiCys); Women in Cybersecurity Community; Executive Women’s Form (EWF); Women in Cyber Insurance (WICI); and Women in Tech. These groups offer a range of education, mentorship, peer group discussions, networking, and career development for women, says Wilson, adding that she’s a member of most of them.

“I am thrilled to see so many influential women leaders taking the time to extend a hand to lift up other women in the field,” Wilson says.

Traveler’s Winchester agrees. “Women in cyber and in cyber insurance are really upping their networking game over the past decade, and I am here for it.”

In addition to the other cyber-focused groups, Winchester says a group of women established the International Women’s Cyber Alliance (IWCA), specifically geared at women professionals in cybersecurity, data privacy, insurance, and legal, to network and promote issues important to women.

Shaila Rana, chair of the IEEE Standards Association and cybersecurity professor at Purdue Global, is heartened by the fact that more women are entering the field, but believes they still face problems, such as limited mentorship, support, and growth opportunities.

“There’s progress in representation, but women are still underrepresented in leadership roles and often face subtle biases that require them to continually prove their credibility,” she says.

Rana says she sometimes notices in industry meetings that the ideas women share aren’t “immediately regarded until they’re echoed later in the conversation.” While that can be discouraging, Rana says this is a reminder of why visibility and advocacy for women in cybersecurity are so important.

“It motivates me to keep contributing, mentoring, and supporting other women so that our perspectives are not only heard, but valued,” she says. But Rana is encouraged that a shift is occurring. “There are more organizations being intentional about amplifying women’s voices,” she says, “which makes me optimistic about the direction we’re heading [in].”

Google Cloud’s Cade, agrees, saying she actively sponsors equal opportunity in talents.

“Mentoring is giving advice, which is great, but sponsoring is using your influence to open doors for others — putting them forward for that big project or advocating for their promotion when perhaps their voice is muted,” Cade explains. “My hope is that we get to a point where a woman leading in cyber is so normal we don’t even need to talk about it anymore. That will be truly awesome.”