
Tara Wisniewski, ISC2’s Executive Vice President of Advocacy, Global Markets and Member Engagement kicked the day off with a powerful rallying cry, stating, “This isn't just an event. It's a key moment for women in cybersecurity. We are here to break barriers, shatter glass ceilings, connect with trailblazers and celebrate the strength and the unique experiences that each of us brings to the table.”
The event also highlights how ISC2 remains committed to expanding opportunities for women to lead and thrive in the field, despite obstacles to progress.
The State of Women in Cybersecurity
While the shortage of skills and qualified personnel continues to be a major problem in cybersecurity, different data points from International Women in Cyber Day and our own ISC2 Cybersecurity Workforce Study find that women compromise only 12-22% of the global cybersecurity workforce. Another 2024 Cybersecurity Workforce Report by the Global Cybersecurity Forum noted that women account for only 24% of the workforce, the highest percentage found, but still an extremely low number.
Debra Taylor, ISC2 Acting Chief Executive Officer and Chief Financial Officer, recalled her 30-year career in male-dominated industries by remarking, “we all have stories.” Her guiding principles are believing in herself, staying curious, and working for people who respect her. She urged attendees to change the narrative around careers in cybersecurity.
“You get to protect and change the world. This profession that you’re in is exciting and inclusive, and how can we support it becoming more inclusive?,” she asked.
Taylor then laid out four guiding principles including staying committed to your careers, confidence in yourself and your expertise, continuous learning and curiosity, and building and inspiring communities. She then passed the reins to Rachel Wilson, Head of Wealth Management Data Security & Infrastructure Risk at Morgan Stanley, and a former senior level executive at the National Security Agency (NSA).
Rachel Wilson’s Call to Action
Wilson kicked off her presentation with a brief description of her current role at Morgan Stanley.
“I run cybersecurity data protection, fraud prevention for Morgan Stanley's wealth management business. As fellow practitioners, you know what that means in a nutshell,” she said. “My team and I are responsible for making sure that every system, every network, every application that we field to 15,000 financial advisors around the country and 15 million clients around the world. We make sure that all of those full tech stack applications are as time tested, battle hardened, and hacker proofed as possible before we put them out there in the universe.
Prior to her current role, she ran NSA’s counterterrorism operations and led a global enterprise in detecting and disrupting terrorist plotting against the United States and its allies, and served as NSA’s Chief of Operations in the UK working with UK intelligence services to counter terrorist and cyber threats to the 2012 Olympics. Later, Wilson spent nearly five years leading NSA’s cyber exploitation operations within NSA’s Tailored Access Operations. In this capacity, she led the planning and execution of thousands of cyber exploitation operations against a wide array of foreign intelligence, military, and cyber targets and served as the committing official for many of NSA’s highest risk and most important intelligence-gathering activities.
Wilson attributes her success to being “incredibly hardworking” and “consistently overprepared,” as well as sponsorship, as opposed to mentorship.
“Mentorship is tremendously important, but if your mentor mentee relationships are simply the two of you getting together for coffee to complain about your boss, I'd argue, you are not making the progress that you should be,” she said, “Instead, I am a big fan of establishing sponsorships. Find a champion who is sitting in the room that you are not yet in, pounding the table for you, and insisting that you be considered for that opportunity, that promotion.”
Wilson then discussed how fortunate she was to have women and men in her career willing to put their personal capital on the line for her and the route she took to find them.
“You will attract these sponsors by simply being exceptional,” she stated. “It sounds so simple and we all know that it’s really hard. But if you can prove that you are a safe bet that is going to consistently excel and deliver, and go above and beyond what is asked of you, you are going to attract those sponsors and champions. They are winning political capital by being associated with what I know will be your meteoric rise to the top.”
In April 2017, Wilson became the first Head of Cybersecurity for Morgan Stanley Wealth Management and Investment Technology, a job she was not searching for but recognized as an exciting opportunity. She offered three key pieces of advice.
1. Recognize that your families are more resilient than you realize.
“There will always be reasons for women to say no and to keep doing the comfortable thing you’re doing ,” she said. “Everyone else is going to be fine, and what these people who love and care about you so much really want is for you to live up to your potential. They know full well that you are capable of absorbing that challenge so jump off the cliff and recognize that they are in this with you.”
2. Get comfortable with ambiguity.
“You are going to find yourself thrust into positions where you are the expert, and need to recognize that the more senior you become, the harder the questions get,” Wilson said. “The things that show up on your doorstep are only going to be the hard problems. We all have to get really comfortable learning in public and asking questions.”
3. Say yes to everything.
“Every additional responsibility, every opportunity, every after work event is a way to find your trusted resources and build your network,” she said. “That’s how you become immersed via osmosis.”
Wilson then ended her presentation with a stirring and passionate reminder of why cybersecurity needs to be a priority now.
“I truly want you to view this as a call to action and not just a call to action for you as an individual, but for us as a community of women in cybersecurity,” she implored. “I’ve worked in the cybersecurity space for 25 years, and I will tell you that I have never seen the situation as dire as it is today.”
She continued, “The most traditional question that we as cyber professionals get is what keeps us up at night. My answer has changed, but more than anything, my answer has expanded. Our cyber update used to be 15 minutes of a four hour meeting, and now discussions with leadership, board members and shareholders are dominated by cybersecurity.”
Wilson noted that cyber adversaries, with unlimited resources and tremendous motivation, represent an asymmetric threat.
“With the proliferation of Artificial Intelligence and the democratization of very advanced nation state cyber capabilities, we have observed a lowering of the barrier to entry to being a quite sophisticated cyber actor,” she said. “Combined with an increase in the scope, the scale, and velocity of cyber attacks that our companies and institutions are experiencing - it boggles the mind. What I’m telling you is that what you do day in and day out has never been more important than it is today.I would love to tell you I think the good guys and the good gals are winning but the numbers do not bear that out.”
Wilson cited stats noting that the average ransomware payment today is more than $2 million, and that the average lifespan of a Fortune 500 chief information security officer is less than 18 months.
“Both of those data points indicate to me that we’ve got to raise our game,” she said. “We have to bring more thoughtful, creative minds into this space, and we need you in the leadership roles.”
The Road To The CISO Role Isn’t Straight
Following Wilson’s keynote, Renata Vincoletto, Chief Information Security Officer (CISO), Civica, moderated a candid panel discussion delivered by women who’ve risen to the CISO seat including Jenai Marinkovic, President & Chairman of the Board, GRC for Intelligent Ecosystems & vCISO for Tiro Security; Barbee Mooneyhan, VP CISO, Uplight and Shefali Mookencherry, CISO and Privacy Officer, University of Illinois Chicago.
Vincoletto noted that many roads to the CISO role are not straight with detours and construction along the way, and the GPS often "recalculating route.” She cited the stats about women in the cyber workforce as well as Forresteer data which found that 16% of CISOs are female, only a 3% increase from five years ago. The panel then described their sometimes circuitous routes to their current roles.
Marinkovic is a 25-year cybersecurity veteran, executive advisor, and President of GRC for Intelligent Ecosystems Foundation. She founded NextCISO Academy, and has built 40+ cybersecurity organizations across advanced manufacturing, critical infrastructure, healthcare, entertainment and finance. She also invented ISACA's AI Audit Toolkit, and pioneers AI security, supply chain resilience, cyber physical, space-weather-aware systems, and cognitive governance, governing not just what intelligent systems do, but what they believe. Markinkovic also lives and works on a farm, often tying the two worlds together.
“You never know what kind of predators you have until you get chickens. When you’re growing your own food, there’s constantly things that are preying on you and causing damage to the things that you care deeply about,” she said, laughing.
Mooneyhan is VPSecurity and Privacy, intertwining her passions of helping people and protecting them. While studying Psychology at the University of Tennessee, Knoxville, she started her career in IT in 2002. After graduating, she continued her love of technology and making a difference in others' lives by entering the healthcare industry. She's grown her career in IT from Service, Operations, and Technical Instructional Design, to finding her true passion in Information Security and Privacy. Since then, she has built and matured IT, Privacy, Incident Response, Product Security, Threat Hunting, Vulnerability Management, Penetration Testing, GRC, and Security Awareness programs in multiple organizations. She finds fulfillment in sharing her knowledge and experience through allyship, mentorship, and industry education.
“I was looking to reinvent myself and if I'm being transparent, I just had a kid. I knew what I was doing was not fulfilling me, especially not after having a child,” she recalled. “And I had a little girl, so it's important to pass on the things that we can to make sure that they don't struggle with the same struggles that we had in our careers and in our lives.”
Mookencherry is a seasoned professional with expertise in information security, higher education, privacy, HIPAA, research, healthcare policy and strategy, promoting Interoperability (PI) and compliance. With 20+ years of cybersecurity and higher education experience – including 30+ years of healthcare experience, and 17 of those years in senior management positions – she is acknowledged as a cybersecurity Subject Matter Expert (SME), who has fulfilled Chief Information Security Officer (CISO) roles and conducted information security risk analyses and assessments in the U.S.A. and internationally.
Vincoletto compared the role of CISO to that of a translator, having to interpret technical data and tying it back to business risk. She then asked each panelist for one word or phrase to describe the type of superpowers a CISO needs to have. “Ecosystem thinker,” “forward” and “ask.” When asked what helped them maintain balance, the panelists felt that having a deep understanding of what is important to executive leadership teams and board of directors is key to prioritization and figuring out ways to turn allies into advocates. The group also tackled questions around what women in cybersecurity often miss in their careers.
“If someone’s mad at you, it’s going to be fine. You can get through it,” said Mooneyhan. “Most of the conversations that we’re having in our heads are not actually what’s happening in person. A lot of our disagreements with other people are miscommunications, and not actually as adversarial as they are in our heads. Just be your authentic, beautiful self. Do the right things for the right reasons and you’ll come out ahead.”
Markinkovic offered much more tactical advice.
“You have to be able to manage a budget. You are not going to be a chief security officer if you do not own your budget, with the ability to hire and fire your own team. You have to have operational responsibilities,” she said.
For their final words of advice, Mookencherry advised people to be “forever learners” and Mooneyhan stated, “know your boss’ peers” while understanding the different operational and strategic responsibilities that each level on your trajectory up requires.
“You have to become an expert in the company’s supply chains,” added Markinkovic. “You must understand the way the company makes money, and once you understand the supply chain, you can develop your threat and risk models. This deep understanding arms you with the language you need to speak to the business in a way that makes them take you seriously.”
Expert Perspectives Offer Strategic and Tactical Advice
After keynotes and the panel, attendees had the opportunity to attend two out of four concurrent sessions for a deeper dive on current cybersecurity workforce challenges.
Managing Bias and Microgressions, presented by Florence Holland, ACCESS Consulting Solutions Principal and Owner, taught participants about unconscious bias and its impacts. Holland covered the automatic and unintentional thoughts, phrases and behaviors that can impact how we interact with each other, noting that there are over 200 different types of unconscious biases. She also discussed where this bias often shows up in the workplace - how we interview, write job descriptions, promote and retain, as well as what days and people we choose to celebrate.
“Microagressions and unconscious bias may be unintentional but they have an impact, and impact is what’s important,” she said.
Cherron Castillo, founder of Fruitful Training Group, led Leading Without the Title, a session on how to communicate more effectively and persuasively, strategies for influencing others, and achieving results through informal leadership. She asked attendees to think about how others view their communication style and urged people to stop apologizing. She finished with a piece of advice.
“Find an orphan problem and adopt it,” Castillo urged. “Think through processes at work, and ask if there’s a problem that just keeps popping up that no one seems to have ownership of. You don’t have to take on all the problems of the organization, but if you’re looking to establish yourself, identify a problem that gets on everyone’s nerves. Say I want to assemble a team. I’ve got some ideas and suggestions on how to solve it.”
Mentorship Workshop: Building Bridges to Growth, led by Gina Hill, Director, Baker Hughes, was a workshop for early-and mid-career professionals, on how to identify the right mentor and build strong and reciprocal mentoring relationships. Hill used her experiences as both a mentor and mentee to deliver a list of useful tactics on setting goals for these relationships.
“In order to have a successful mentoring opportunity, you really need to set some foundational goals. It could be as small like achieving a certification or a larger, more daunting career pivot,” she said. “They can also be structured or unstructured.”
Hill recommended the unstructured approach to introverts asking via chat how to get more comfortable approaching speakers at a conference. Smaller meeting circles, alumni organizations, and non-profits also provide numerous networking and mentoring opportunities on a smaller scale, if needed. She closed by reminding attendees to also celebrate their mentoring successes.
Adrian Kelley, Director of Threat Intelligence and Vulnerability Management at MGM Resorts International, and Mari Galloway, CEO and Founding Board Member, Cyberjutsu led Certifications & Career Development: Navigating the Next Move, a session that broke down different existing cybersecurity certifications, their relevance to different career tracks, and when and why to pursue them. They also offered concrete advice on how to understand employer expectations as well as how to study and find additional resources.
“Certifcations definitely can't replace people's skills. CIS S P doesn't stand for, can I speak to some people?” said Kelley. “If you can't communicate risk to leaders, the letters won't save you at all.”
To get hands-on experience without actually having experience, Kelley and Galloway recommended hands-on labs and cybercompetitions as well as capture-the-flag events. They also noted that these events and other nonprofit organizations can help build communities along with skills.
“Inventory your skills!” Kelley said. “Always, always, always. You probably have more skills that relate to a cybersecurity job than you realize, and you want to get those written down so that you know what they are and you have access to them.”
The Powerful Real-Life Experiences of Cybersecurity Entrepreneurs
Tazin Khan, Founder and CEO, Cyber Collective, and Christine Izuakor, Founder and CEO, Cyber Pop-up shared their powerful nontraditional journeys in Trailblazers Unfiltered: Real Stories, Real Impact.
Khan, a college drop out turned master’s degree holder and self-described “corporate baddie turned social impact leader” has been in the cybersecurity industry for more than 13 years. She reminded attendees to always take “important people’s” information and to be relentless in following up, how she was able to secure her first job in the industry.
“Those first years taught me so much about resilience and what it means to show up and show out,” Khan said. “From there, I got really enamored with cybersecurity. I realized that there was an opportunity to help people as well as learn and really make an impact…Cyber Collective is the best thing that I've ever done for myself. It's a nonprofit organization where we help people understand the impact of technology so that they can protect themselves and their communities online.”
Khan noted that authenticity was key to her trajectory, as well as thoroughness and following up.
Izuakor followed with a description of “feeling my way into cybersecurity” to building an amazing career. Told that she was going to be legally blind by 21, Izuakor enrolled in college to study optometry and be “the best eye doctor that this world has seen.” After a failure that “felt like the end of my existence,” she began exploring different paths and found cybersecurity through an elective class. She went on to earn a Ph.D. in Security Engineering, becoming the youngest student and first African-American to do so.
“Being a trailblazer means living at the intersection of audacity and authenticity every single day. I've been in countless rooms where I'm the only person who looks like me,” said Izuakor. “For a very long time, I tried to, you know, blend in, tried to wear my hair the way that other people did, tried to dress like other people did, tried to code switch like everybody else did. It's just exhausting to try to be two different people.”
She reminded attendees that you can’t really contribute your true gifts if you are pretending to be someone else.
“My superpower is having the audacity to pursue bold things and do that while being a hundred percent myself,” said Izuakor. “When I’m the only person in the room, my goal is to navigate that, but also change it. Be the role model that you wish you had. Showing people that it is possible to win while being authentic gives other people permission to be authentic.”
She also highlighted two quotes that helped guide her. “Be so good that people can’t ignore you” and “confidence comes from mastery.”
“I made sure that my skillset was undeniable,” she said. “You can say what you want about how I dress, how I look, how I talk, but you can't question the value that I bring to every table that I sit at. And I own that.”
She ended by reminding participants that they are already enough as they navigate careers and lives.
A Continued Commitment to Creating Opportunities
Dwan Jones, Director of Inclusive Strategies and Engagement at ISC2, wrapped up by highlighting the day’s events and a call-to-action driving home that our work continues well beyond this summit.
“Let's take a moment to reflect on what an amazing time it is to be a part of the cybersecurity field. We know that cyber is not just about technology anymore. It’s about people. It’s about culture. It’s about creativity,” said Jones. “All of you bring unique perspectives and vital skills that are the secret sauce to being successful in what is a rapidly changing and evolving landscape.”
She continued, “It’s about connecting people and hustling to make things happen. These aren’t just soft skills. These are superpowers. And this is our moment. Cyber threats are evolving. So must our strategies. We're not just here to fill jobs.We're here to change the game. To build new pathways and to make belonging part of the blueprint for success. Inclusion isn’t optional, it’s mission critical and as the field grows, so does our responsibility to bring more of us into the conversation.”
Jones encouraged participants to continue the conversation at ISC2 Security Congress 2025 to continue building connections, sharing insights, and advancing women in cybersecurity. A peer event, the Women Cyber Leaders Networking Reception, offers additional opportunities to learn and network. More information is available here!
Related Insights: